Infection by fake AV virus

Page 1 of 2 12 LastLast
  1.    #1

    Infection by fake AV virus


    Visiting a friend who is massively infected by fake AV scan. All of his files are hidden and nothing will run. I just ran bootable Windows Defender Offline which appears to have found nothing. System Restore is infected back a few days although there are more points to go back further. Any advice on where to go from here?

    I have ComboFix and Unhide programs but don't know how to install them when it's locked up like this.

    It's Vista so I'm inclined not to spend much time before copying out data to wipe and install Win7.

    Toshiba Satellite AMD 2gh 2 gb RAM
    Last edited by gregrocker; 09 Apr 2012 at 00:12.
      My Computer


  2. Posts : 7,878
    Windows 7 Ultimate x64
       #2

    Microsoft stand-alone security scanner and malware bytes...is what I would use if it were a friends machine and they wanted it saved.

    If it were my machine, without question, a format and reinstall would be in order.
      My Computer


  3. Posts : 2,913
    Windows 7 Ultimate x64 SP1
       #3

    Greg, I'm with you and Parks on this one - copy what you can and nuke it.
      My Computer


  4. Posts : 50,642
    Thread Starter
       #4

    Isn't MS Standalone is now Windows Defender? Found nothing, lame as ever.

    Can't get into Safe Mode or run mbam.exe from New Task in Task Mgr (Not Found).

    Yeah inclined to copy out files using 7 DVD, wipe and install 7. With help from here a few weeks ago I cleaned up one of these but it took twice the time to reinstall and he wants 7 anyway and has ready cash.

    Thats two friends in a month infected with Fake AV running MSE. Time to upgrade? What AV do you recommend to catch these, or can they be caught?

    Thanks.
      My Computer


  5. Posts : 2,913
    Windows 7 Ultimate x64 SP1
       #5

    These kinds of attacks are hard to defend against, because the user allows the rogue app access. Once that happens, there's not much to do except try to recover the important data and start all over again. As always, education is the key to preventing this kind of attack.

    Personally I'd keep recommending MSE, and recommending the user enables automatic updates so MSE definition and engine updates are installed every day.
      My Computer


  6. Posts : 3,187
    Main - Windows 7 Pro SP1 64-Bit; 2nd - Windows Server 2008 R2
       #6

    The last time my dingaling housemate got her computer infected it was SUPERAntispyware that did a better job than either MSE or MWB. I like both of those, but SUPER seems to be the one with a leg up on this type of problem.
      My Computer


  7. Posts : 50,642
    Thread Starter
       #7

    Update: System Restore will not work at all. I cannot run any .exe from Task Manager. The files are still hidden in boot mode when trying to copy out using the DVD, Repair CD or Paragon Rescue.

    I've now gotten explorer.exe to open my flash stick from Task Manager in Safe Mode. Am running RKill, ComboFix and MBAM quick scan. If it cleans up enough I'll run Unhide. I just need to get his files off of desktop which I can do from Win7 DVD if they'll Unhide.
    Last edited by gregrocker; 08 Apr 2012 at 23:01.
      My Computer


  8. Posts : 2,913
    Windows 7 Ultimate x64 SP1
       #8

    I'd remove the drive and slave it into another computer, and see if you can access the files that way.
      My Computer


  9. Posts : 50,642
    Thread Starter
       #9

    OK. Malwarebytes and Combofix in Safe Mode have cleaned it up enough to get in Control Panel>Folder Options and Unhide files. They are all there. I'm running Unhide now to make double sure then will copy out his files, wipe and Reinstall.

    Thanks all. Just a bit of a scare when I couldn't see them in Win7 DVD explorer or Paragon Rescue CD. Didn't think they'd be hidden there for some reason.
      My Computer


  10. Posts : 50,642
    Thread Starter
       #10

    Now hanging on BIOS screen, won't F2 to enter Setup or F12 to boot DVD or flash stick, but has booted into Windows once. Feels hot so I am cooling it down now.
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 21:21.
Find Us