Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.

Windows 7: Malware Infection?

23 Feb 2012   #1

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
Malware Infection?

I'd appreciate any advice on the following Malware problem. My girlfriend's computer was 'hijacked' a couple of days ago by some malware which claimed to have 'locked' the computer and demanded payment for 'unlocking'. It was obviously a scam though looked 'official', stating her IP address and location (both wrong, by the way!) When she tried going on the internet, the malware webpage appeared again, taking up the whole screen and allowing no other access, only a hyperlink to 'payment'. She's running Windows 7 Home (64-bit), uses mostly Firefox for web access. I loaded Spyware Blaster, Malwarebytes and Avast antivirus for her some time ago and she updates these religiously as well as running regular scans (I've taught her well!) However, may be just coincidence, but this malware hijack happened a very short time after a Windows Update. I noticed the malware had slipped an entry into 'msconfig' startup. It was showing a row of numbers with an 'exe' extension. So that would explain why it kicked in each time. I tried unticking the entry and rebooting. I saw it remained unticked in 'msconfig', though still there in the list as unchecked. Logging on to the web, the malware page again reappeared. Checking 'msconfig' I saw it had simply placed another 'number' entry with 'exe' extension. Here's what I did to 'cure' the problem, so far working but I'm still unsure whether I could or should do more to prevent this happening again to her. I unplugged her router. Using 'CCleaner'>Tools>Startup>removed offending entries. Manually flushed the 'DNS' cache via 'Command Prompt'>Run As Administrator>typing 'ipconfig/flushdns' Peformed an 'sfc' scan of her hard drive: as above + 'sfc/scannow'. This showed no problem. I also cleared out her Windows>Prefetch folder I then ran a full Avast and Malwarebytes scan of the system. Nothing was flagged. Though I'm aware malware can possibly infect System Restore, I decided to roll back her system to a month ago - thankfully, with my encouragement, she'd already set up daily system image + restore backups! My next move was to run full scans of the new restore - nothing amiss. The computer's been running perfectly since, the malware appears to have gone. However, I'd welcome any comment on the above, any steps I should have taken and other advice or software to include for future prevention. Many thanks

My System SpecsSystem Spec
23 Feb 2012   #2
3D Jed

Windows 7 pro x64 SP1

I had a similar virus recently - fills whole screen, demands payment etc. On re-boot the virus screen was the first to load. I booted into safe mode and ran Malwarebytes which removed some stuff and seemed to fix the problem.

Unfortunately I discovered the virus had deleted my Windows firewall and the Action Center (that warns when firewall is off). I had system restore turned off, so getting the firewall back was not possible. Eventually I backed up my data and re-installed Windows.

You seem to have a better backup plan than I had, but I'd still check your firewall is turned on.
My System SpecsSystem Spec
23 Feb 2012   #3

Microsoft Windows 10 Professional / Windows 7 Professional

I'd never trust that compromised computer again until a clean windows install (remove disk partitions, recreate and reformat) is'd never know what registry changes were made, etc.
My System SpecsSystem Spec

23 Feb 2012   #4
Microsoft MVP

Windows 7 Ultimate 32bit SP1

This infection is called "Ransomware"
My System SpecsSystem Spec
24 Feb 2012   #5

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1

Hi...thanks for taking time to reply.
Jed: firewall OK
OldMX: generally in agreement there, but have now run two more checks: Norton Power Eraser + Threatfire (both free). No infection or suspicious activity.
All in all, I think I've done the best I can.
Much as I like her, I'd rather keep her present preventative methods in place till Armageddon strikes...if ever.
Besides, only then will I show her how much she needs me!

Still, what an absolute drag..these scumbag scheisters deserve public hanging or a firing squad!
When big business hijacked the web, that's when computing become more pain than pleasure. Gave rise to other criminals beside the banksters!
My System SpecsSystem Spec

 Malware Infection?

Thread Tools

Similar help and support threads
Thread Forum
Possible malware infection
Sorry if ths is in the wrong section,,i wasn't sure where to put itl. My cother computer wont let me visit any pages at all with any browser and it also wont let me run hardly any programs either. I have cleeaned the system with Malwarebytes Anti Malware and tried to use superantispyware but...
System Security
Malware infection might have come back
I reinstalled GIMP recently for something, although I now prefer to use photoshop. Anyway, I thought the source I was getting it from was legit and I thought I had ticked/unticked all the right boxes when I installed it, only it ended up giving me a load of crapware along with it. Redesigned my...
Performance & Maintenance
Malware infection.
Hi, so this all started when I clicked on a Shipment Label.exe that arrived on my email, impersonating FedEx, a minute later, I get hit by a Malware denying me internet. So, I start by running Avira which didn't find anything. So, I go onto my laptop to see what I can do, after that, I restart my...
System Security
Possible malware infection
Hey, I have been having problems with BSODs, and have been redirected to here from the BSOD subforum. I have no idea what I should post or say here furthermore, but I do need help as it is a very big...
System Security
Malware Infection
hello everyone, got a problem here, i use Avast! Free AV and Malwarebytes free, i already scan everything and nothing was detected, but once in a while Avast always detect this malware infection :( Infection Details URL: ...
System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:08.
Twitter Facebook Google+