AVG or Windows Defender came up informing me of 2 infections

[MissSencho]

Hi all,

I'm not sure if repair install could help me but I've never had anything of the sort occur with my computer before.

Last night I was surfing away, just looking at a few websites. I opened a new one (from google search) and either AVG or Windows Defender came up informing me of 2 infections. One was in the roaming directory, that is all I saw. I asked it to fix and remove said infections. It had just managed to do it when another one popped up. At this moment Yahoo messenger started acting in a bizarre manner and my computer just crashed. It rebooted and Startup Repair appeared. It told me it would try to fix it and then restarted. After the second time it told me it could not fix the problem automatically. The problem seems to be a corrupt file according to the extra information it provided. I think it's a virus as I believe (but may be mistaken in thinking) startup repair cannot protect against those.

I tried to do System Restore though I was sure that would not work and it didn't. Like an idiot I have not backed up any of my data. I would prefer not to have to re-install anything but and to fix it without all the hassle but at the very least I would just like to get all the files etc. This is what is most important to me. I don't mind having to spend hours reinstalling everything as long as I can access and somehow back-up my files.

Can repair install help? Any other options? I'd appreciate any help at all. Thanks for reading this rather verbose post.

-Tunde

 

[Ex_Brit]

I suspect an infection and a Repair Install at this stage may be premature and probably would fail anyway.

Try booting to "Safe Mode with Networking" which is choice number 2 on the menu that you should get by tapping F8 repeatedly while booting up.

In that mode you should be able to access the Internet while at the same time preventing any malware from running

Go HERE and download the FREE version. Update it once installed (important) and then run a full scan and let it remove anything it finds, do all this in that mode. Reboot if it asks you to. Hopefully that will remove the bug whatever it is and then you can proceed with the rest of your life

 

[MissSencho]

Ex-Brit - Thanks for the swift reply and advice. I will give this a bash later and relay the results here.

From one Brit to an ex-Brit, hearty thanks.

 

[Ex_Brit]

You're welcome and I hope it helps.

 

[Hopalong X]

Hi all,
Last night I was surfing away, just looking at a few websites. I opened a new one (from google search) and either AVG or Windows Defender came up informing me of 2 infections. One was in the roaming directory, that is all I saw. I asked it to fix and remove said infections. It had just managed to do it when another one popped up. -Tunde

This is a fake alert. It is malware or worse and you now have it installed.
You need to make a posting in the Security section. Malwarebytes may remove it by itself but usually not.
Install the Malwarebytes, Update and run the full scan.
Save the log to your desktop and upload the log in a new thread in the Security section with explanation of what happened.
Someone can check the log and assist you from there.
We need the log to find the name of the malware to find the proper remover if Malwarebytes does not remove it..

Repair Install is useless until you get rid of the problem.
The problem would still be on the system.

Mike

 

[marsmimar]

Agree with Mike. In addition to Malwarebytes, Symantec has a tool called Norton Power Eraser which is designed to locate and remove scareware ... the stuff that says your computer is infected and you should buy their product to rid yourself of the malware, acne, and flatulence. Heed the warning: Because Norton Power Eraser uses aggressive methods to detect threats, there is a risk that it can select some legitimate programs for removal. You should use this tool very carefully.

Norton Rescue Tools

 

[stevieray]

These scareware packages are getting more and more sophisticated. They can imitate Win 7 & XP alert boxes exactly... right down to the color and border transparency. They'll tell you you're infected, or that your hard drive and RAM are damaged and you need to buy "X" to fix it (as if damaged hardware can be fixed with a download)... and they look so real many folks fall for it.

I have always had good luck with malwarebytes (mentioned above) and superantispyware (link:SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!)... yeah, it's a dumb name, but it's a good product and it's free as well.

Good luck and happy hunting!

 

[Hopalong X]

If Malwarebytes identifies the culprit Jacee or Corrine may have an exact removal tool which is safer than Nortons.

 

[MissSencho]

Hi again,

I just tried the methods suggested above and it won't let me go in through Safe Mode with Networking. It takes me right back to Startup Repair.

I clicked on the diagnostic and repair details and it said within it that the root cause is: Boot critical file C:CL.dll is corrupt.

Is there perhaps something else I can do? Thank you all for the help so far. It would be ideal to be able to go in and extract the infection.

stevieray - Yeah, until you mentioned it it hadn't occured to me that it was Scareware. I'm even more annoyed with myself now.

-Tunde

 

[I be he]

Sandboxie

 

[marsmimar]

Sandboxie

Won't fix the problem. Good to use AFTER the current malware is gone.

 

[Carolyn]

Use SystemRescueCd to backup your files, then format the hard drive and reinstall windows

SystemRescueCd

 

[stevieray]

stevieray - Yeah, until you mentioned it it hadn't occured to me that it was Scareware. I'm even more annoyed with myself now.

-Tunde

Oh, don't beat yourself up over it... these things are so sophisticated nowadays that they can even fool IT professionals sometimes.

Question: Are you sure the Startup Repair screen is real? It may be a fake as well. Have you tried to simply ignore it, drag it out of the way, and run the antispyware programs in regular mode (not safe mode with networking)?

 

[MissSencho]

Ah okay. I think it's real. I've never seen it prior to this incident and so I don't have a prior experience to compare it to. I think it's real.

There don't seem to be any other options if I move the box. I tried to start normally and also safe mode (the other one) and they both lead me to startup repair.

Is there something else that can be done?

 

[Jacee]

See this about C:\CL.dll (Boot critical file C:CL.dll is corrupt)
cl.dll | ThreatExpert statistics

 

[stevieray]

Ah okay. I think it's real. I've never seen it prior to this incident and so I don't have a prior experience to compare it to. I think it's real.

There don't seem to be any other options if I move the box. I tried to start normally and also safe mode (the other one) and they both lead me to startup repair.

Is there something else that can be done?

The only thing that springs to mind is Hiren's Boot CD. You could launch malwarebytes and anti-rootkit utilities from mini xp and clean it up; or if that fails you could copy your data to a thumbdrive and re-install 7.

Download Hiren

But perhaps someone else has an easier way...?