Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Win 7 Antivirus 2012 ~ Virus Removal Help

01 Jan 2012   #1
JennB213

Microsoft Windows 7 Professional 64-bit
 
 
Win 7 Antivirus 2012 ~ Virus Removal Help

Hello,

I've had this virus since the 30th. when it started it immediately produced all the pop-up warnings as described by everybody else.

I used Task Manager to escape touching the program (Win 7 Antivirus 2012) ..
then I rebooted in Safe-Mode wNetworking and downloaded Malwarebytes and ran it.

It found several things ..

Quote:
Malwarebytes Anti-Malware 1.60.0.1800
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Database version: v2011.12.31.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.7601.17514
Jennifer Burnette :: JENNIFERBURNETT [administrator]

Fri, 12/30/2011 11:30:29 PM
mbam-log-2011-12-30 (23-30-29).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P <----No Clue what that means
Objects scanned: 320495
Time elapsed: 39 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCR\.exe\shell\open\command| (Hijack.ExeFile)
-> Data: "C:\Users\Jennifer Burnette\AppData\Local\dwx.exe" -a "%1" %* -> Quarantined and deleted successfully.

Registry Data Items Detected: 4
HKCR\.exe| (Hijacked.exeFile) -> Bad: (pu4) Good: (exefile) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jennifer Burnette\AppData\Local\dwx.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jennifer Burnette\AppData\Local\dwx.exe" -a "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\Jennifer Burnette\AppData\Local\dwx.exe" -a "C:\Program Files (x86)\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Jennifer Burnette\AppData\Local\dwx.exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
C:\Users\Jennifer Burnette\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\f9046cc-5662e8c5 (Trojan.FakeAV) -> Quarantined and deleted successfully.

(end)
This shows I was using the free version, when I discovered the virus was continuing to come back I opted to do the Trial Version ... then ran just quick scan which showed RIGHT THEN I was okay.

Came back, it's like everytime I re-boot it's re-inventing itself.

It almost looks like it's tied to my Firefox, I can see where Malwarebytes is removing it and although right now, no pop-ups, I'm not trusting it especially since finding the following in my Control Panel - Notifications Area ...


Everytime I run Malwarebytes it adds to the total number of items removed but it's the same items, only changing maybe and .exe name.


I found Corinne's instruction for removal at another post .. Downloaded the TDSSkill and RKill, already had Malwarebytes so didn't have to do that.

I ran TDSSkill, no rootkits found ... Ran RKill, said process's were deleted while running ... Ran Malwarebytes again via Quick Scan and showed 0 ... thought great this may have got rid of it.

I rebooted the computer and decided to look at the Control Panel items again, imagine my surprise when I saw I now have a NEW file there for Win 7 Antivirus 2012. The OLD one was gud.exe and now this new one dwx.exe.

I've tried checking in Task Manager process's and start up ... NOTHING !!
I've also tried checking msconfig.exe, startup and services ... NOTHING !!

I totally have NO CLUE where or what to do next.

Is there ANYBODY that can help me .. I'd appreciate it so very much.

Thank you in advance for even reading this.

Jenn


My System SpecsSystem Spec
01 Jan 2012   #2
Golden

Microsoft Community Contributor Award Recipient

Windows 7 Ult. x64 Windows 8.1 x64
 
 

Hi Jenn,

It sounds like you need something a bit more powerful to tackle this - this something should only be used under professional guidance so I'll message Corinne and Jacee and ask them to look at this for you.

Regards,
Golden

*EDIT : Have messaged them to ask them to look at this for you.
My System SpecsSystem Spec
02 Jan 2012   #3
Night Hawk

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

There's a few removal tools available like the VIPRE Rescue Program I've used to remove similar types of infections like I-Worm viruses disguished as spyware removal programs. One actually locked the owner out of his desktop by creating a new administrator account.

The VRP removed it on the spot once the system was booted in safe mode to create a desktop shortcut there for the stand alone tool. You simply download that to the drive or any folder and when you double click on it a new temp will be created where it will run from. No installation required.

For a detailed guide on removing this type of malware you can also look over Malware Removal Guide for Windows

The guide there not only points to different programs but has instructions for use with each one. Plus it has a followup with fixing post disinfection problems that can appear.
My System SpecsSystem Spec
02 Jan 2012   #4
JennB213

Microsoft Windows 7 Professional 64-bit
 
 

Quote   Quote: Originally Posted by Golden View Post
Hi Jenn,

It sounds like you need something a bit more powerful to tackle this - this something should only be used under professional guidance so I'll message Corinne and Jacee and ask them to look at this for you.

Regards,
Golden

*EDIT : Have messaged them to ask them to look at this for you.
Hi Golden,

Thank YOU so much for passing along my message.

This is the weirdest thing ever, it really looks like this is re-inventing itself via FireFox ...
I hope I don't have to get rid of Firefox ...
Iprefer it so much more than Internet Explorer.

Again, Thanks so much for helping me and for taking the time to read.

Regards, Jenn
My System SpecsSystem Spec
02 Jan 2012   #5
JennB213

Microsoft Windows 7 Professional 64-bit
 
 

Quote   Quote: Originally Posted by Night Hawk View Post
There's a few removal tools available like the VIPRE Rescue Program I've used to remove similar types of infections like I-Worm viruses disguished as spyware removal programs. One actually locked the owner out of his desktop by creating a new administrator account.

The VRP removed it on the spot once the system was booted in safe mode to create a desktop shortcut there for the stand alone tool. You simply download that to the drive or any folder and when you double click on it a new temp will be created where it will run from. No installation required.

For a detailed guide on removing this type of malware you can also look over Malware Removal Guide for Windows

The guide there not only points to different programs but has instructions for use with each one. Plus it has a followup with fixing post disinfection problems that can appear.
Hi Night Hawk,

THANK YOU so much for your help.

Quote:
Question ::
Are you telling me to download the tool (Like to the Desktop)
Then boot into Safe-Mode before I activate the Tool.
It's real late here in Tennessee so I'm going to go onto bed tonight then check back here in the morning plus go read the Malware Removal Guide.

If you can think of anything else that might help me I would appreciate it.

Thank you so much for taking the time to read my message and to gtive me the help and direction you've shared.

Regards, Jenn
My System SpecsSystem Spec
02 Jan 2012   #6
Night Hawk

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

If you can access the normal desktop despite the virus and double click on anything that will start the program itself. That can be the desktop or any folder of choice for keeping it onhand.

The first thing it will do is create it's own folder you can remove later once everything is back to normal. As it runs you will a command prompt type window appear and watch as it removes traces as well. Some confuse that for deleting other files off the drive without knowing it corrects any attempted recoding of mainly system files.

Note this only frees up Windows from a virus but doesn't scan the entire drive for bugs while the latest version has some options for scans. The instructions for use are seen on the download page itself.
My System SpecsSystem Spec
02 Jan 2012   #7
JennB213

Microsoft Windows 7 Professional 64-bit
 
 

Quote   Quote: Originally Posted by Night Hawk View Post
If you can access the normal desktop despite the virus and double click on anything that will start the program itself. That can be the desktop or any folder of choice for keeping it onhand.

The first thing it will do is create it's own folder you can remove later once everything is back to normal. As it runs you will a command prompt type window appear and watch as it removes traces as well. Some confuse that for deleting other files off the drive without knowing it corrects any attempted recoding of mainly system files.

Note this only frees up Windows from a virus but doesn't scan the entire drive for bugs while the latest version has some options for scans. The instructions for use are seen on the download page itself.

Thank YOU Night Hawk for being patient with a Novice. Once at Vipre Rescue and after reading the entire article I do understand the procedure.

I won't have to boot into safe mode to run Vipre Rescue as currently even though I know the virus is still here I'm not having the pop-ups, browser redirects, or .exe issues.

I think my main issue now is just knowing it is still lurking in the background.

I'm currently running a thorough virus scan with Avast (my normal antivirus) and then will do the second one using Malwarebytes.

Avast IS currently updating virus definitions with no problems, as is Malwarebytes.

I know they say not to run two Antivirus's simultaneously but since trying to remove this Win 7 Antivirus 2012 and accepting the Trial of Malwarebytes I guess that's what I'm doing. Is Malwarebytes an AntiVirus program too or is it only actively scanning for Malware ?? Little confused on that.

I read your suggested article on Removal of Malware and it is VERY helpful and VERY easy for even a novice to understand. I bookmarked the page so I can get back to it quickly.

As I said, I'm currently running a thorough scan right now with Avast and then will let Malwarebytes run, depending on what they show I will know how to proceed.

However, when I see these items in Control Panel Notification Area it really scares me .. I'm afraid to use my online banking on this computer until I'm POSITIVE I have removed everything.


Right now I kinda feel like the computer is winning ...
but I AM going to keep trying.

I want to Thank YOU for your help, will post back after SCANS are completed.

Jenn
My System SpecsSystem Spec
02 Jan 2012   #8
bigcitycat

Windows Seven, Ubuntu
 
 

I hate to say this because I love Windows but don't online bank with a windows pc. Download a copy of Ubuntu and burn it to disc. Boot your pc with the dvd in your dvd player and select try without installing. Plugin internet directly and bank with it as a live dvd. Guaranteed safe.

Download Ubuntu | Ubuntu
My System SpecsSystem Spec
02 Jan 2012   #9
JennB213

Microsoft Windows 7 Professional 64-bit
 
 

Quote   Quote: Originally Posted by bigcitycat View Post
I hate to say this because I love Windows but don't online bank with a windows pc. Download a copy of Ubuntu and burn it to disc. Boot your pc with the dvd in your dvd player and select try without installing. Plugin internet directly and bank with it as a live dvd. Guaranteed safe.

Download Ubuntu | Ubuntu
Well WOW, Thank you so much BigCityCat, had no clue that could even be done. I certainly will check into that ..

I try and be real cautious about Online Banking changing the password frequently.

Just knowing these things were still showing on my computer was creeping me out,

I did feel better after the TDSSkill found NO Rootkits.

Everybody here has been so nice & helpful, it's totally appreciated.

Jenn
My System SpecsSystem Spec
02 Jan 2012   #10
Night Hawk

Windows 7 Ultimate x64, XP Mode, W8.1 Preview VM - 7 Pro x64 second remote tower
 
 

I tested both Malwarebytes and Avast against a few other programs and then was referred to another back in May 2010 which so far has proven itself over and over again for finding things you would never know was there!

At first it was AVG against Avast and AVG won out. Then it was a freeware called Spyware Terminator finding more then Malwarebytes. The big surprize however wraps antispyware, antiadware, antirootkit detection and removal into it's antivirus and web security protections being the main VIPRE program.

The VIPRE Internet Security 2012 update went on over the VIPRE Home Premium av program and so far has found two old supposed XP utility files, one a zip file, stored on other drives as trojans in disguise.

I suggest dumping the two you have on now and giving the 30 day trial of VIPRE a good run. The initial scan can be set to go over every drive you have installed on the system as well as clean things up.

When the two license expires in May of this year I'll be going with their lifetime offer. This one apparently wraps up what would 3 or 4 other programs and does run quietly in the background like no program was even installed. It has a light footprint on resources with updates going right on without the need to restart each time.

Hopefully the bug you have there hasn't already done it's damage. I had to get VIPRE on two infected machines where the bogus software type I-Worm had already trashed the system registry forcing a full clean install on a Vista laptop and another older XP desktop. It was on the XP build where the new admin was created to lock the user out.

On both machines VIPRE cleaned the virus out but too late from the malware damage seen to save the Windows installation. Some of these newer bugs are designed to do just that trash the OS! And even if you are able to save your 7 install there the restore points will be no good! Make sure to turn off the System Restore feature long enough to see all present points deleted. You may want to manually create some after once you know the machine is totally free of anything leftover.
My System SpecsSystem Spec
Reply

 Win 7 Antivirus 2012 ~ Virus Removal Help




Thread Tools



Similar help and support threads for2: Win 7 Antivirus 2012 ~ Virus Removal Help
Thread Forum
Want ideas for Virus removal if virus shows up in safemode CMD System Security
I got a virus called "Win 7 antivirus 2012" It killed my win defender System Security
No internet after windows 7 antivirus 2012 removal System Security
Trend Micro Fake Antivirus (FakeAV) Removal Tool [Beta] System Security
Help with removal of antivirus 8 System Security
After Virus Removal System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 06:31 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App