 | |
| |
| 01 Jan 2012 | |
| Microsoft Windows 7 Professional 64-bit 37 posts | Win 7 Antivirus 2012 ~ Virus Removal Help Hello, I've had this virus since the 30th. when it started it immediately produced all the pop-up warnings as described by everybody else. I used Task Manager to escape touching the program (Win 7 Antivirus 2012) .. then I rebooted in Safe-Mode wNetworking and downloaded Malwarebytes and ran it. It found several things .. Quote: Malwarebytes Anti-Malware 1.60.0.1800 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Database version: v2011.12.31.02 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 8.0.7601.17514 Jennifer Burnette :: JENNIFERBURNETT [administrator] Fri, 12/30/2011 11:30:29 PM mbam-log-2011-12-30 (23-30-29).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P <----No Clue what that means Objects scanned: 320495 Time elapsed: 39 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCR\.exe\shell\open\command| (Hijack.ExeFile) -> Data: "C:\Users\Jennifer Burnette\AppData\Local\dwx.exe" -a "%1" %* -> Quarantined and deleted successfully. Registry Data Items Detected: 4 HKCR\.exe| (Hijacked.exeFile) -> Bad: (pu4) Good: (exefile) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jennifer Burnette\AppData\Local\dwx.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jennifer Burnette\AppData\Local\dwx.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jennifer Burnette\AppData\Local\dwx.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Jennifer Burnette\AppData\Local\dwx.exe (Trojan.FakeAV) -> Quarantined and deleted successfully. C:\Users\Jennifer Burnette\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\f9046cc-5662e8c5 (Trojan.FakeAV) -> Quarantined and deleted successfully. (end) Came back, it's like everytime I re-boot it's re-inventing itself. It almost looks like it's tied to my Firefox, I can see where Malwarebytes is removing it and although right now, no pop-ups, I'm not trusting it especially since finding the following in my Control Panel - Notifications Area ...  Everytime I run Malwarebytes it adds to the total number of items removed but it's the same items, only changing maybe and .exe name.  I found Corinne's instruction for removal at another post .. Downloaded the TDSSkill and RKill, already had Malwarebytes so didn't have to do that. I ran TDSSkill, no rootkits found ... Ran RKill, said process's were deleted while running ... Ran Malwarebytes again via Quick Scan and showed 0 ... thought great this may have got rid of it. I rebooted the computer and decided to look at the Control Panel items again, imagine my surprise when I saw I now have a NEW file there for Win 7 Antivirus 2012. The OLD one was gud.exe and now this new one dwx.exe. I've tried checking in Task Manager process's and start up ... NOTHING !! I've also tried checking msconfig.exe, startup and services ... NOTHING !! I totally have NO CLUE where or what to do next. Is there ANYBODY that can help me .. I'd appreciate it so very much. Thank you in advance for even reading this. Jenn |
My System Specs | |
| 01 Jan 2012 | |
| Windows 7 Ultimate SP1 (x64) 9,922 posts South Australia | Hi Jenn, It sounds like you need something a bit more powerful to tackle this - this something should only be used under professional guidance so I'll message Corinne and Jacee and ask them to look at this for you. Regards, Golden *EDIT : Have messaged them to ask them to look at this for you. |
| My System Specs |
| 02 Jan 2012 | |
| Windows 7 Ultimate x64, XP Mode, W8 RP VM, Linux Mint Debian 2nd OS HD- 7 Pro x64 second case 7,904 posts New England | There's a few removal tools available like the VIPRE Rescue Program I've used to remove similar types of infections like I-Worm viruses disguished as spyware removal programs. One actually locked the owner out of his desktop by creating a new administrator account. The VRP removed it on the spot once the system was booted in safe mode to create a desktop shortcut there for the stand alone tool. You simply download that to the drive or any folder and when you double click on it a new temp will be created where it will run from. No installation required. For a detailed guide on removing this type of malware you can also look over Malware Removal Guide for Windows The guide there not only points to different programs but has instructions for use with each one. Plus it has a followup with fixing post disinfection problems that can appear. |
| My System Specs |
| . |
| |
| 02 Jan 2012 | |
| Microsoft Windows 7 Professional 64-bit 37 posts | 
Quote: Originally Posted by Golden  Hi Jenn, It sounds like you need something a bit more powerful to tackle this - this something should only be used under professional guidance so I'll message Corinne and Jacee and ask them to look at this for you. Regards, Golden *EDIT : Have messaged them to ask them to look at this for you. Thank YOU so much for passing along my message. This is the weirdest thing ever, it really looks like this is re-inventing itself via FireFox ... I hope I don't have to get rid of Firefox ... Iprefer it so much more than Internet Explorer. Again, Thanks so much for helping me and for taking the time to read. Regards, Jenn |
| My System Specs |
| 02 Jan 2012 | |
| Microsoft Windows 7 Professional 64-bit 37 posts |
Quote: Originally Posted by Night Hawk There's a few removal tools available like the VIPRE Rescue Program I've used to remove similar types of infections like I-Worm viruses disguished as spyware removal programs. One actually locked the owner out of his desktop by creating a new administrator account. The VRP removed it on the spot once the system was booted in safe mode to create a desktop shortcut there for the stand alone tool. You simply download that to the drive or any folder and when you double click on it a new temp will be created where it will run from. No installation required. For a detailed guide on removing this type of malware you can also look over Malware Removal Guide for Windows The guide there not only points to different programs but has instructions for use with each one. Plus it has a followup with fixing post disinfection problems that can appear. THANK YOU so much for your help. Quote: Question :: Are you telling me to download the tool (Like to the Desktop) Then boot into Safe-Mode before I activate the Tool. If you can think of anything else that might help me I would appreciate it. Thank you so much for taking the time to read my message and to gtive me the help and direction you've shared. Regards, Jenn |
| My System Specs |
| 02 Jan 2012 | |
| Windows 7 Ultimate x64, XP Mode, W8 RP VM, Linux Mint Debian 2nd OS HD- 7 Pro x64 second case 7,904 posts New England | If you can access the normal desktop despite the virus and double click on anything that will start the program itself. That can be the desktop or any folder of choice for keeping it onhand. The first thing it will do is create it's own folder you can remove later once everything is back to normal. As it runs you will a command prompt type window appear and watch as it removes traces as well. Some confuse that for deleting other files off the drive without knowing it corrects any attempted recoding of mainly system files. Note this only frees up Windows from a virus but doesn't scan the entire drive for bugs while the latest version has some options for scans. The instructions for use are seen on the download page itself. |
| My System Specs |
| 02 Jan 2012 | |
| Microsoft Windows 7 Professional 64-bit 37 posts |
Quote: Originally Posted by Night Hawk If you can access the normal desktop despite the virus and double click on anything that will start the program itself. That can be the desktop or any folder of choice for keeping it onhand. The first thing it will do is create it's own folder you can remove later once everything is back to normal. As it runs you will a command prompt type window appear and watch as it removes traces as well. Some confuse that for deleting other files off the drive without knowing it corrects any attempted recoding of mainly system files. Note this only frees up Windows from a virus but doesn't scan the entire drive for bugs while the latest version has some options for scans. The instructions for use are seen on the download page itself. Thank YOU Night Hawk for being patient with a Novice. Once at Vipre Rescue and after reading the entire article I do understand the procedure. I won't have to boot into safe mode to run Vipre Rescue as currently even though I know the virus is still here I'm not having the pop-ups, browser redirects, or .exe issues. I think my main issue now is just knowing it is still lurking in the background. I'm currently running a thorough virus scan with Avast (my normal antivirus) and then will do the second one using Malwarebytes. Avast IS currently updating virus definitions with no problems, as is Malwarebytes. I know they say not to run two Antivirus's simultaneously but since trying to remove this Win 7 Antivirus 2012 and accepting the Trial of Malwarebytes I guess that's what I'm doing. Is Malwarebytes an AntiVirus program too or is it only actively scanning for Malware ?? Little confused on that. I read your suggested article on Removal of Malware and it is VERY helpful and VERY easy for even a novice to understand. I bookmarked the page so I can get back to it quickly. As I said, I'm currently running a thorough scan right now with Avast and then will let Malwarebytes run, depending on what they show I will know how to proceed. However, when I see these items in Control Panel Notification Area it really scares me .. I'm afraid to use my online banking on this computer until I'm POSITIVE I have removed everything.  Right now I kinda feel like the computer is winning  ...but I AM going to keep trying. I want to Thank YOU for your help, will post back after SCANS are completed.  Jenn |
| My System Specs |
| 02 Jan 2012 | |
| Windows Seven, Ubuntu 207 posts | I hate to say this because I love Windows but don't online bank with a windows pc. Download a copy of Ubuntu and burn it to disc. Boot your pc with the dvd in your dvd player and select try without installing. Plugin internet directly and bank with it as a live dvd. Guaranteed safe. Download Ubuntu | Ubuntu |
| My System Specs |
| 02 Jan 2012 | |
| Microsoft Windows 7 Professional 64-bit 37 posts |
Quote: Originally Posted by bigcitycat I hate to say this because I love Windows but don't online bank with a windows pc. Download a copy of Ubuntu and burn it to disc. Boot your pc with the dvd in your dvd player and select try without installing. Plugin internet directly and bank with it as a live dvd. Guaranteed safe. Download Ubuntu | Ubuntu I try and be real cautious about Online Banking changing the password frequently. Just knowing these things were still showing on my computer was creeping me out, I did feel better after the TDSSkill found NO Rootkits. Everybody here has been so nice & helpful, it's totally appreciated. Jenn |
| My System Specs |
| 02 Jan 2012 | |
| Windows 7 Ultimate x64, XP Mode, W8 RP VM, Linux Mint Debian 2nd OS HD- 7 Pro x64 second case 7,904 posts New England | I tested both Malwarebytes and Avast against a few other programs and then was referred to another back in May 2010 which so far has proven itself over and over again for finding things you would never know was there! At first it was AVG against Avast and AVG won out. Then it was a freeware called Spyware Terminator finding more then Malwarebytes. The big surprize however wraps antispyware, antiadware, antirootkit detection and removal into it's antivirus and web security protections being the main VIPRE program. The VIPRE Internet Security 2012 update went on over the VIPRE Home Premium av program and so far has found two old supposed XP utility files, one a zip file, stored on other drives as trojans in disguise. I suggest dumping the two you have on now and giving the 30 day trial of VIPRE a good run. The initial scan can be set to go over every drive you have installed on the system as well as clean things up. When the two license expires in May of this year I'll be going with their lifetime offer. This one apparently wraps up what would 3 or 4 other programs and does run quietly in the background like no program was even installed. It has a light footprint on resources with updates going right on without the need to restart each time. Hopefully the bug you have there hasn't already done it's damage. I had to get VIPRE on two infected machines where the bogus software type I-Worm had already trashed the system registry forcing a full clean install on a Vista laptop and another older XP desktop. It was on the XP build where the new admin was created to lock the user out. On both machines VIPRE cleaned the virus out but too late from the malware damage seen to save the Windows installation. Some of these newer bugs are designed to do just that trash the OS! And even if you are able to save your 7 install there the restore points will be no good! Make sure to turn off the System Restore feature long enough to see all present points deleted. You may want to manually create some after once you know the machine is totally free of anything leftover. |
| My System Specs |
 |
Win 7 Antivirus 2012 ~ Virus Removal Help problems?
« Patch Tuesday Heads-Up: Only one "critical" update
|
Registry Entry "RunStuffHasBeenRun" - What Is It? »
| Thread Tools | |
| Similar help and support threads for: Win 7 Antivirus 2012 ~ Virus Removal Help | ||||
| Thread | Forum | |||
| I got a virus called "Win 7 antivirus 2012" It killed my win defender | System Security | |||
| No internet after windows 7 antivirus 2012 removal | System Security | |||
| Trend Micro Fake Antivirus (FakeAV) Removal Tool [Beta] | System Security | |||
| Help with removal of antivirus 8 | System Security | |||
All times are GMT -5. The time now is 10:33 PM.
