Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: I need help removing viruses

16 Mar 2012   #1
TrueBlue502

Windows 7 Home Premium 64bit
 
 
I need help removing viruses

I first thought I had a virus when I was on the internet and clicked a link and it redirected me to some random site. So I ran "Malwarebytes Anti-Malware" and "SUPERAntiSpyware Free Edition", they both said I had viruses. I removed all of them and restarted my PC. I was then notified by Microsoft Security Essentials that I had a "potential threat" on my computer. I selected remove, but it said I needed "Standalone System Sweeper" I clicked 'download now' and I was taken to a microsoft.com link telling me how to get "Windows Defender Offline Beta." (Notice that it's not the same program it said it was before). However, I still decided to download WDOB. I had to put it on a flash drive and boot the computer from the USB.

Upon restarting the computer from the flash drive, WDOB performed a scan for potential threats and found two items. I selected to remove them both, then continued with the restart of my computer and when I got to the desktop, MSE notified me again that I still had a virus. That's when I decided to post this.

Thanks for any help!!

EDIT: I remember some of the virus names: blacole and cleaman.g


My System SpecsSystem Spec
.
16 Mar 2012   #2
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

First, Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Next, let's get rid of the Java script ... (temp cache)
download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

Now, I'd like you to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
My System SpecsSystem Spec
16 Mar 2012   #3
TrueBlue502

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
First, Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Next, let's get rid of the Java script ... (temp cache)
download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

Now, I'd like you to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
When I try to run ESET OnlineScan I get this:

Should I start it anyways?

Also, my AV is giving me notifications of malware every minute. If you need me to I can post the details of what it's blocking.
My System SpecsSystem Spec
.

16 Mar 2012   #4
C-11

Windows 7 Professional SP1 64-bit
 
 

It would be best to turn WD off it you can.

Quote:
  1. Open Windows Defender by clicking the Start button , clicking All Programs, and then clicking Windows Defender.
  2. Click Tools, and then click Options.
  3. Under Administrator options, select or clear the Use Windows Defender check box, and then click Save. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

My System SpecsSystem Spec
16 Mar 2012   #5
TrueBlue502

Windows 7 Home Premium 64bit
 
 

Couldn't find WD under all programs
My System SpecsSystem Spec
16 Mar 2012   #6
C-11

Windows 7 Professional SP1 64-bit
 
 

Quote   Quote: Originally Posted by TrueBlue502 View Post
Couldn't find WD under all programs
Look in the Control Panel or try this:
Quote:
Click the “Start Orb” and type in defender into the text box. Select Windows Defender.
Select Tools from the main Windows Defender screen.
Select Options from the Settings section.
From the left navigation pane, select Administrator.
Now remove the check mark from the box labeled Use this program. Click the Save button in the bottom right corner.
Click Yes when prompted to make the change
If you can't find it go ahead with ESET.
My System SpecsSystem Spec
16 Mar 2012   #7
derekimo

Microsoft Community Contributor Award Recipient

 
 

Quote   Quote: Originally Posted by TrueBlue502 View Post
Couldn't find WD under all programs
Have a look here,

Control panel, small icons view.

Control Panel View - Category or Icons

I need help removing viruses-capture.jpg

This should help as well,

Windows Defender - Turn On or Off


My System SpecsSystem Spec
16 Mar 2012   #8
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

You can also disable it in Services. Type services.msc in the start search box, click on the icon, scroll down to Windows Defender, right click > choose properties, then set it to disabled.

Now run ESET
My System SpecsSystem Spec
17 Mar 2012   #9
TrueBlue502

Windows 7 Home Premium 64bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
You can also disable it in Services. Type services.msc in the start search box, click on the icon, scroll down to Windows Defender, right click > choose properties, then set it to disabled.

Now run ESET
Here are the results:
C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\rbnotifier.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\rb_move_serial.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Program Files (x86)\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Henry\AppData\Local\TempDIR\BetterInstaller.exe a variant of Win32/Adware.Somoto.A application cleaned by deleting - quarantined
C:\Users\Henry\Downloads\registrybooster.exe Win32/RegistryBooster application deleted - quarantined
C:\Windows.old\Documents and Settings\Henry\RegistryReviverSetup.exe a variant of Win32/SlowPCfighter application cleaned by deleting - quarantined




My anti-virus is still giving me "Trojan Horse blocked" and "Malicious URL blocked" every minute when I'm not even opening a new page. I've had a total of 432 network connections blocked in the last ten and a half hours. Here's the initial alert of one of them:

and the details:

Those are just examples, they're different every time.
My System SpecsSystem Spec
17 Mar 2012   #10
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Let's flush the DNS cache and restore MS's Hosts file:

Copy and paste these lines in Note pad.

@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0


Save as flush.bat to your desktop.
Double click on the flush.bat file to run it.Vista and Windows 7... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Tell me if the problem is still there.
My System SpecsSystem Spec
Reply

 I need help removing viruses




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Viruses
My friends got some major viruses and we cant complete a full scan in safe mode before we get a BSOD, i am working on fixing the BSOD's because they are not completely due to viruses, but i want to know what can i put along the side that is fast enough to get at least most of the viruses out of the...
System Security
Can't System Restore, Boot or startup repair after removing viruses
I used AVG Rescue CD to remove some pesky viruses off of a friends lenovo Win 7 32bit (upgraded from vista) machine. I stupidly chose to erase the infected files and something must have been a critical startup file for win7. It wont boot goes into startup repair and then, after a long time says...
Backup and Restore
Most Viruses ever seen?
I'm just curious, what's the most viruses/malware anyone has ever seen on a PC? The most I ever saw was about a year ago cleaning up a laptop from my wife's brother that he let the kids use for about 1 1/2 years until it would barely run. I used AVG and it deleted 437 viruses/malware items...
Chillout Room
Who Gets More Viruses and Who Gets Through Them
Lets see whose computer has been affected by Viruses and Who Resolved it on their OWN.. Be the Daring one to Reply !!!!!!:sarc:
Chillout Room
Removing Viruses from a PC That Won’t Boot
As WHS frequently reminds SevenForums members, nothing beats having a good image backup of your computer. (See his tutorial, Imaging with free Macrium) However, not everyone follows good advice. So, in the event you find your computer infected and unbootable, see Brian Krebs article, Removing...
System Security
Where can i get different viruses?
Dear SF. I am going to make a big Anti Virus test soon, which will be done on my old desktop. The test will be testing which AV removes the most of the viruses, and which AV that does it the best. AV's like Morro, Norton, Kaspersky, IObit, Panda and AVG will be included in the test. So...
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 16:15.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App