Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Infection by fake AV virus

08 Apr 2012   #1
gregrocker

 
Infection by fake AV virus

Visiting a friend who is massively infected by fake AV scan. All of his files are hidden and nothing will run. I just ran bootable Windows Defender Offline which appears to have found nothing. System Restore is infected back a few days although there are more points to go back further. Any advice on where to go from here?

I have ComboFix and Unhide programs but don't know how to install them when it's locked up like this.

It's Vista so I'm inclined not to spend much time before copying out data to wipe and install Win7.

Toshiba Satellite AMD 2gh 2 gb RAM


My System SpecsSystem Spec
.
08 Apr 2012   #2
pparks1

Windows 7 Ultimate x64
 
 

Microsoft stand-alone security scanner and malware bytes...is what I would use if it were a friends machine and they wanted it saved.

If it were my machine, without question, a format and reinstall would be in order.
My System SpecsSystem Spec
08 Apr 2012   #3
kegobeer

Windows 7 Ultimate x64 SP1
 
 

Greg, I'm with you and Parks on this one - copy what you can and nuke it.
My System SpecsSystem Spec
.

08 Apr 2012   #4
gregrocker

 

Isn't MS Standalone is now Windows Defender? Found nothing, lame as ever.

Can't get into Safe Mode or run mbam.exe from New Task in Task Mgr (Not Found).

Yeah inclined to copy out files using 7 DVD, wipe and install 7. With help from here a few weeks ago I cleaned up one of these but it took twice the time to reinstall and he wants 7 anyway and has ready cash.

Thats two friends in a month infected with Fake AV running MSE. Time to upgrade? What AV do you recommend to catch these, or can they be caught?

Thanks.
My System SpecsSystem Spec
08 Apr 2012   #5
kegobeer

Windows 7 Ultimate x64 SP1
 
 

These kinds of attacks are hard to defend against, because the user allows the rogue app access. Once that happens, there's not much to do except try to recover the important data and start all over again. As always, education is the key to preventing this kind of attack.

Personally I'd keep recommending MSE, and recommending the user enables automatic updates so MSE definition and engine updates are installed every day.
My System SpecsSystem Spec
08 Apr 2012   #6
profdlp

Main - Windows 7 Pro SP1 64-Bit; 2nd - Windows Server 2008 R2
 
 

The last time my dingaling housemate got her computer infected it was SUPERAntispyware that did a better job than either MSE or MWB. I like both of those, but SUPER seems to be the one with a leg up on this type of problem.
My System SpecsSystem Spec
08 Apr 2012   #7
gregrocker

 

Update: System Restore will not work at all. I cannot run any .exe from Task Manager. The files are still hidden in boot mode when trying to copy out using the DVD, Repair CD or Paragon Rescue.

I've now gotten explorer.exe to open my flash stick from Task Manager in Safe Mode. Am running RKill, ComboFix and MBAM quick scan. If it cleans up enough I'll run Unhide. I just need to get his files off of desktop which I can do from Win7 DVD if they'll Unhide.
My System SpecsSystem Spec
08 Apr 2012   #8
kegobeer

Windows 7 Ultimate x64 SP1
 
 

I'd remove the drive and slave it into another computer, and see if you can access the files that way.
My System SpecsSystem Spec
08 Apr 2012   #9
gregrocker

 

OK. Malwarebytes and Combofix in Safe Mode have cleaned it up enough to get in Control Panel>Folder Options and Unhide files. They are all there. I'm running Unhide now to make double sure then will copy out his files, wipe and Reinstall.

Thanks all. Just a bit of a scare when I couldn't see them in Win7 DVD explorer or Paragon Rescue CD. Didn't think they'd be hidden there for some reason.
My System SpecsSystem Spec
09 Apr 2012   #10
gregrocker

 

Now hanging on BIOS screen, won't F2 to enter Setup or F12 to boot DVD or flash stick, but has booted into Windows once. Feels hot so I am cooling it down now.
My System SpecsSystem Spec
Reply

 Infection by fake AV virus




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Help me remove virus/infection
Hi Friends, I need some help removing the malware/virus please. I have tried MB but it stuck on Heuristic Analysis for a long time, I am unable to uninstall any programs, right click doesn't respond, I have been using AVG2014 for AV. Thanks in advance.
System Security
[WTA] Virus Infection from another Notebook
guys , sorry for a weird question, i want ask , when i lend my friends HDD External , lookslike his notebook have virus, then i ask him to format then safely remove, if like that , that virus will infect the HDD External after format ? and will infect too clean notebook if i plug-in to clean...
System Security
Fake AV infection??
Hi! I was lead to this forum after googling my problem with this virus, which hid all my startup programs and destop icons... after looking at other threads and downloading malware and unhide I got my files to come back but like most people not the user file folders on my startup. Also, when I ran...
System Security
Fake AV infection - files hidden?
I'm trying to help a friend who's locked out of WIn7 Pro due to fake AV. All files are missing but I'm assuming they're hidden since I can transfer them in TeamViewer File Transfer. I can also open Task Manager to run explorer.exe to get to Program Files to run their .exe and am running...
System Security
Big virus infection going on here
i have a huge virus infection going on in my PC and i just reinstalled the windows:mad: i got the following ones: hotstopshield trojan.win32.Generic!BT backdoor.win32.hupigon everytime i scan i find them in here , but cant remove them , anyone?
System Security
Fake 'Conficker.B Infection Alert' spam campaign drops
More at: Fake 'Conficker.B Infection Alert' spam campaign drops scareware | Zero Day | ZDNet.com
System Security


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 10:44.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App