Win 7 Internet Security 2011

[ShaolinMilk]

My little brother got fooled by this and installed it. I cannot remove it now and have no idea what to do. I searched the internet already and what they're telling me to do is stop the processes of "pw.exe" and "MSAScui.exe". The problem is, these don't exists! This virus probably changed its name or something and I'm not sure what to do. When I try to open up malwarebytes, it will not open no matter what. It keeps scanning with that bs virus scanner.

Can someone help me?

 

[Borg 386]

Is there any chance you can boot into safe mode and do a system restore 2 or 3 points back?

Also, try running malwarebytes in safe mode if you can. Make sure you are not connected to the internet when you do the scan.

Here is another tool that you can d/l and run. If it won't run in regular mode, try running it in safe mode:

Download details: Microsoft® Windows® Malicious Software Removal Tool (KB890830) x64

The files may not be showing up in a search because they are hidden. Try navigating to the actual folder and see if you can find them. You may have to make the hidden files visible:

Make hidden files visible Choose the View tab. In the Advanced Settings list find the option Show hidden files and folders (on Image 8 it is designated by the red box) and select it. Then remove a checkmark next to the line Hide protected operating system files (Recommended) (in the blue box).

%UserProfile%Local SettingsApplication DataopRSK
%UserProfile%Local SettingsApplication Datapw.exe
%UserProfile%Local SettingsApplication DataMSASCui.exe
%UserProfile%AppDataLocalopRSK
%UserProfile%AppDataLocalpw.exe
%UserProfile%AppDataLocalMSASCui.exe

http://www.fasterpccleanclean.com/remove-win-7-internet-security-2011

Killing malicious processes and removing harmful files

http://www.2-spyware.com/news/post203.html#processalt

 

[ShaolinMilk]

I can't even get into safemode. I cannot install anything or run anything that relates to "killing trojans/viruses" and it just shuts off when I try to.

I already did a system restore back one month and this is still installed.

 

[ShaolinMilk]

Hi again,

I was able to get into safe mode with networking, but this virus appears in there. It won't let me do anything and keeps asking me to scan and remove things. lol

Update:

I did another system restore, but in safemode with networking. It seemed to have worked! Thanks for your help!

 

[Hopalong X]

Now run your Malwarebytes again and then your primary active AV scan.
Set it to scan Full after updating.

Delete everything it finds.
Post the Malwarebytes log if your not sure how to read it.

Just to be safe.
Mike
-----------------------------------------------------------------------------------
Also instead of running your normal AV you can run Malwarebytes then ESET.
Instructions below.

Courtesy of Jacee one of our security Pros!
See if Eset finds anything ...

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
2. Click the
   
   button.
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. Click on
      
      to download the ESET Smart Installer. Save it to your desktop.
   2. Double click on the
      
      icon on your desktop.
4. Check
   
5. Click the
   
   button.
6. Accept any security warnings from your browser.
7. Check
   
8. Push the Start button.
9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
10. When the scan completes, push
    
11. Push
    
    , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
12. Push the
    
    button.
13. Push
    

 

[Jacee]

In this link, it will tell you how to remove the rogue program. The name is not exactly the same, but it's in the same 'family' with a new name.
Remove Vista Antimalware 2011 and Win 7 Antispyware 2011 name changing rogue (Uninstall Guide)

You will need to download RKill and Malwarebytes' Anti-Malware to an un-infected flash drive. Run Rkill first, then MBam.

 

[ShaolinMilk]

Ok, I have an update.

I did a system restore and thought everything was good to go. Now I can't even boot into Windows! It just stalls forever and sometimes give me a disk error message. I don't know what is going on here.

 

[Jacee]

Using another computer, make a bootable Antivirus rescue disk FREE Bootable AntiVirus Rescue CDs Download List

Burn the .ISO file to a CD using a slow speed to ensure a good burn.

 

[windrider]

My husband got this yesterday on his computer... It acts like it takes over your 'Action center', his system mechanics pro, and malwarbytes

Right away he called me. Took me a few tries to get task manager running and stop a few processes.

The only way I could get a scan started was too disconnect him from the internet after I stopped the processes.

Then I did a reboot, and scanned again to make sure. This is why I still love Malwarebytes, even if you have other protection. Seems to be the one that can get rid of these Rogues

One of the processes was hra.exe though.

 

[ShaolinMilk]

So I burned the kaspersky rescue disk, but it won't even boot up... I don't know what else to do. Should I take out the hard drive and connect it to another computer to scan for viruses?

 

[Jacee]

Can you get into the BIOS to make sure that "Boot from CD/DVD" is labeled first?

You may also have a bad burn of the .ISO file

 

[ShaolinMilk]

Yes, I have checked that. I have burned the iso on two different cd's and it still does not work. :/

 

[Borg 386]

I believe I read something in another post about people having problems with kaspersky rescue disk. Try another name boot disk (Avira, AVG, etc.) & see if you get the same results...

http://www.free-antivirus.info/anti-virus/avg-antivirus-free-edition.html

http://www.f-secure.com/en_EMEA-Labs/security-threats/tools/rescue-cd/