Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Fake Windows 7 anti-virus


05 May 2010   #1

windows 7 Ultimate 32-bit
 
 
Fake Windows 7 anti-virus

First off, i'm sorry if this is not in the right place.

Ok, 2nd off I am very good about not getting viruses, I haven't had one in years & yes I am running a legit virus scanning program. I woke up this morning and logged onto my PC & all of a sudden it started going absolutely crazy, now I can't do anything on it. I have not installed or downloaded anything in a couple of days and yesterday it was running 110% fine. I was wondering if anyone could help me with the solution on this because I don't know what to do, I do not want to format. I just rebooted my pc & now i'm running it in safe mode to see if I can get my virus scan running because it wouldn't let me do anything when I just started it up. If that doesn't work then i'm up for other suggestions because I honestly don't know what to do.

My System SpecsSystem Spec
.

05 May 2010   #2

Windows 7 & Windows Vista Ultimate
 
 

Hi, Erased.

Windows 7 has a much more robust System Restore than XP and Vista so you may want to try that first. If that isn't successful, I suggest MBAM. Instructions:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, be sure Quick scan is selected, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  • Click Remove Selected.
My System SpecsSystem Spec
05 May 2010   #3

Windows 7 Home Premium [64-Bit]
 
 

Try inserting your Windows 7 DVD and making a system restore. If you've turned system restore off, try a system repair. Also, try going to the start menu, typing "msconfig" (without the brackets) and telling me what is in your startup tab. There might be an evil hidden program somewhere underneath your processes that's causing all this...

Edit: I thought I'd be the first replier to the thread, but Corrine beat me!
My System SpecsSystem Spec
.


05 May 2010   #4

Windows® 8 Pro (64-bit)
 
 

If the virus still persists, Download Hitman Pro 3.5.4 Build 98 Free Trial - This software can help you find and remove new unknown threats. - Softpedia
Run a full scan. It wont take more than 10 mins to clean your PC.
My System SpecsSystem Spec
06 May 2010   #5

Windows XP - Now Windows 7 Home Premium (64-bit).
 
 

Quote   Quote: Originally Posted by Corrine View Post
Hi, Erased.

Windows 7 has a much more robust System Restore than XP and Vista so you may want to try that first. If that isn't successful, I suggest MBAM. Instructions:

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, be sure Quick scan is selected, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  • Click Remove Selected.
Corrine, I'm always learning here myself. May I ask: what is the reason for unticking those particular items? Why is MBAM marking them as unsafe if they are not to be deleted? Thanks kindly C.
My System SpecsSystem Spec
06 May 2010   #6

 
 

I second the manhunter's question...
My System SpecsSystem Spec
06 May 2010   #7

Windows 7 Ultimate RTM x86 build 7600
 
 

You can use some popular anti-malware programs to kill the malware..

For instance, my recommendations are
- Malwarebytes' Anti-Malware
- Spybot Search & Destroy

They are freely available to download @
- Malwarebytes' Anti-Malware : www.malwarebytes.org
- Spybot Search & Destroy : The home of Spybot-S&D!

============
To disable the virus during startup, when you almost boot into Desktop, immediately press Ctrl+Alt+Delete and click Task Manager. From the task Manager, kill the virus process that you suspect are...

I happened to get infected by that pest SecurityTool and I removed it by using Malwarebytes' Anti-Malware + the instructions above and it works!
My System SpecsSystem Spec
06 May 2010   #8

7-Pro-64
 
 

I'm curious about the answer to manhunter's question as well...

Does the fact those need unchecked indicate a false positive?
If so, doesn't that defeat the purpose of the program in the first place?
My System SpecsSystem Spec
06 May 2010   #9

Windows 7 Ultimate (32 bit)
 
 

Quote   Quote: Originally Posted by Erased View Post
First off, i'm sorry if this is not in the right place.

Ok, 2nd off I am very good about not getting viruses, I haven't had one in years & yes I am running a legit virus scanning program. I woke up this morning and logged onto my PC & all of a sudden it started going absolutely crazy, now I can't do anything on it. I have not installed or downloaded anything in a couple of days and yesterday it was running 110% fine. I was wondering if anyone could help me with the solution on this because I don't know what to do, I do not want to format. I just rebooted my pc & now i'm running it in safe mode to see if I can get my virus scan running because it wouldn't let me do anything when I just started it up. If that doesn't work then i'm up for other suggestions because I honestly don't know what to do.

You have been back on-line here today.
What did you find out? Did solve your problem?
We'd like to hear.
Thanks
My System SpecsSystem Spec
08 May 2010   #10

Windows 7 & Windows Vista Ultimate
 
 

Quote   Quote: Originally Posted by manhunter2826 View Post
Corrine, I'm always learning here myself. May I ask: what is the reason for unticking those particular items? Why is MBAM marking them as unsafe if they are not to be deleted? Thanks kindly C.
Apologies for the delay in responding. I've been rather involved in a beta program elsewhere that is taking a fair amount of time.

From MS KB831829 How antivirus software and System Restore work together:

Quote:
During a restoration, an active antivirus program scans for infected files. If the antivirus program detects any infected files, the antivirus program tries to modify, move, or delete the infected files. If the antivirus program successfully cleans the infected files, System Restore restores the cleaned files. However, if the antivirus software cannot clean a file, the antivirus software deletes or quarantines the file. As a result, the restoration does not work because these actions to the file cause an inconsistent restoration state. As a result, System Restore reverts to the state immediately before the restoration.{bold added}
Although the above KB article refers to XP, it would apply to Windows Vista and Windows 7 as well.

In a full scan, MBAM scans SR. If the file is not completely clean, the user may not have a good restore point. Thus, if something goes wrong in the cleaning process, there is not a good restore point to return to. It would be better to have an infected restore point and begin again than none at all -- particularly since most people are not good about backups and may no longer have the installation media.

MBAM developers recommend a quick scan. The above is a good reason to do the same. Just one example is what Marcin Kleczynski/RubbeR DuckY wrote in Posts 41 & 43 at Malwarebytes' Anti-Malware Program Suggestions - Malwarebytes Forum :

Quote:
The quick scan is meant to catch all malware that we know exists in the wild.
Quote:
Quick scan scans,

1. Memory of the current user.
2. Registry for all users.
3. File system for all users (using a list of locations).
For best scan results, it is also recommended to clean out temporary folders prior to scanning with MBAM.
In another example, located at Malwarebytes scan too long ! - Malwarebytes Forum, Bruce Harrison/nosirrah said:

Quote:
The MBAM quick scan option will catch every bit of live malware that the full scan will detect and 99% of the traces . I develop the definitions for MBAM and have never needed to use the full scan to test them out .


After
cleanup, create a new Restore point and then run Disk Cleanup:
  • Click start, type Disk Cleanup in the search box
  • Right-Click Disk Cleanup and select "Run as Administrator" and accept the UAC elevation prompt.
  • Select the drive where Windows is installed (if you have more than one drive) and click "OK".
  • When the scan completes, check/uncheck desired boxes.
  • Next, please click the More Options tab at the top.
  • Click the "Clean up..." button under the "System Restore and Shadow Copies" section at the bottom.
  • Click Delete in response to the question "Are you sure you want to delete all but the most recent restore point?", click OK and answer Yes again.
  • The disk clean up utility will remove the selected items. When it completes, please restart the computer to properly record the changes made to the hard disk.
My System SpecsSystem Spec
Reply

 Fake Windows 7 anti-virus




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 01:31 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33