Fake Windows 7 anti-virus

[Erased]

First off, i'm sorry if this is not in the right place.

Ok, 2nd off I am very good about not getting viruses, I haven't had one in years & yes I am running a legit virus scanning program. I woke up this morning and logged onto my PC & all of a sudden it started going absolutely crazy, now I can't do anything on it. I have not installed or downloaded anything in a couple of days and yesterday it was running 110% fine. I was wondering if anyone could help me with the solution on this because I don't know what to do, I do not want to format. I just rebooted my pc & now i'm running it in safe mode to see if I can get my virus scan running because it wouldn't let me do anything when I just started it up. If that doesn't work then i'm up for other suggestions because I honestly don't know what to do.

 

[Corrine]

Hi, Erased.

Windows 7 has a much more robust System Restore than XP and Vista so you may want to try that first. If that isn't successful, I suggest MBAM. Instructions:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, be sure Quick scan is selected, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  
  
• Click Remove Selected.

 

[dw96]

Try inserting your Windows 7 DVD and making a system restore. If you've turned system restore off, try a system repair. Also, try going to the start menu, typing "msconfig" (without the brackets) and telling me what is in your startup tab. There might be an evil hidden program somewhere underneath your processes that's causing all this...

Edit: I thought I'd be the first replier to the thread, but Corrine beat me!

 

[Dinesh]

If the virus still persists, Download Hitman Pro 3.5.4 Build 98 Free Trial - This software can help you find and remove new unknown threats. - Softpedia
Run a full scan. It wont take more than 10 mins to clean your PC.

 

[manhunter2826]

Hi, Erased.

Windows 7 has a much more robust System Restore than XP and Vista so you may want to try that first. If that isn't successful, I suggest MBAM. Instructions:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, be sure Quick scan is selected, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  
  
• Click Remove Selected.

Corrine, I'm always learning here myself. May I ask: what is the reason for unticking those particular items? Why is MBAM marking them as unsafe if they are not to be deleted? Thanks kindly C.

 

[scoopeeedoo]

I second the manhunter's question...

 

[AdrianK]

You can use some popular anti-malware programs to kill the malware..

For instance, my recommendations are
- Malwarebytes' Anti-Malware
- Spybot Search & Destroy

They are freely available to download @
- Malwarebytes' Anti-Malware : www.malwarebytes.org
- Spybot Search & Destroy : The home of Spybot-S&D!

============
To disable the virus during startup, when you almost boot into Desktop, immediately press Ctrl+Alt+Delete and click Task Manager. From the task Manager, kill the virus process that you suspect are...

I happened to get infected by that pest SecurityTool and I removed it by using Malwarebytes' Anti-Malware + the instructions above and it works!

 

[rev1775]

I'm curious about the answer to manhunter's question as well...

Does the fact those need unchecked indicate a false positive?
If so, doesn't that defeat the purpose of the program in the first place?

 

[IggyAZ]

First off, i'm sorry if this is not in the right place.

Ok, 2nd off I am very good about not getting viruses, I haven't had one in years & yes I am running a legit virus scanning program. I woke up this morning and logged onto my PC & all of a sudden it started going absolutely crazy, now I can't do anything on it. I have not installed or downloaded anything in a couple of days and yesterday it was running 110% fine. I was wondering if anyone could help me with the solution on this because I don't know what to do, I do not want to format. I just rebooted my pc & now i'm running it in safe mode to see if I can get my virus scan running because it wouldn't let me do anything when I just started it up. If that doesn't work then i'm up for other suggestions because I honestly don't know what to do.

You have been back on-line here today.
What did you find out? Did solve your problem?
We'd like to hear.
Thanks

 

[Corrine]

Corrine, I'm always learning here myself. May I ask: what is the reason for unticking those particular items? Why is MBAM marking them as unsafe if they are not to be deleted? Thanks kindly C.

Apologies for the delay in responding. I've been rather involved in a beta program elsewhere that is taking a fair amount of time.

From MS KB831829 How antivirus software and System Restore work together:

During a restoration, an active antivirus program scans for infected files. If the antivirus program detects any infected files, the antivirus program tries to modify, move, or delete the infected files. If the antivirus program successfully cleans the infected files, System Restore restores the cleaned files. However, if the antivirus software cannot clean a file, the antivirus software deletes or quarantines the file. As a result, the restoration does not work because these actions to the file cause an inconsistent restoration state. As a result, System Restore reverts to the state immediately before the restoration.{bold added}

Although the above KB article refers to XP, it would apply to Windows Vista and Windows 7 as well.

In a full scan, MBAM scans SR. If the file is not completely clean, the user may not have a good restore point. Thus, if something goes wrong in the cleaning process, there is not a good restore point to return to. It would be better to have an infected restore point and begin again than none at all -- particularly since most people are not good about backups and may no longer have the installation media.

MBAM developers recommend a quick scan. The above is a good reason to do the same. Just one example is what Marcin Kleczynski/RubbeR DuckY wrote in Posts 41 & 43 at Malwarebytes' Anti-Malware Program Suggestions - Malwarebytes Forum :

The quick scan is meant to catch all malware that we know exists in the wild.

Quick scan scans,

1. Memory of the current user.
2. Registry for all users.
3. File system for all users (using a list of locations).

For best scan results, it is also recommended to clean out temporary folders prior to scanning with MBAM.
In another example, located at Malwarebytes scan too long ! - Malwarebytes Forum, Bruce Harrison/nosirrah said:

The MBAM quick scan option will catch every bit of live malware that the full scan will detect and 99% of the traces . I develop the definitions for MBAM and have never needed to use the full scan to test them out .

After cleanup, create a new Restore point and then run Disk Cleanup:

• Click start, type Disk Cleanup in the search box
• Right-Click Disk Cleanup and select "Run as Administrator" and accept the UAC elevation prompt.
• Select the drive where Windows is installed (if you have more than one drive) and click "OK".
• When the scan completes, check/uncheck desired boxes.
• Next, please click the More Options tab at the top.
• Click the "Clean up..." button under the "System Restore and Shadow Copies" section at the bottom.
• Click Delete in response to the question "Are you sure you want to delete all but the most recent restore point?", click OK and answer Yes again.
• The disk clean up utility will remove the selected items. When it completes, please restart the computer to properly record the changes made to the hard disk.

 

[Jacee]

Thanks for clearing up the ' why? mystery' Corrine

 

[Corrine]

You're welcome, Jacee.

 

[manhunter2826]

Yes indeed, thanks so much for the detailed response Corrine -- will subscribe to this thread for future reference.

 

[Corrine]

You're welcome, manhuhnter2826. (Glad you saw the post since I wasn't able to PM you a link to the overdue reply, due to your settings.)

 

[manhunter2826]

^Ah sorry about that Corrine: have added u to my contacts/friend list. Much thanks for all your useful advice.

 

[scoopeeedoo]

Many thanks for the details!

 

[rdickerman]

I recently was badly infected with the Win 7 virus. I tried many of the common antivirus progams, e.g., Malware, Avira, ARO, Webroot, Hijack This, Windows Security -- none of them worked.

Then I found Combofix -- it was magic!

For me, only Combofix can identify and cure the Win 7 virus.