Help ATS with a contribution via PayPal:
learn more

Virus whizzes by AVG 2012 and pretends to be AVG (Windows xp pro sp2)

page: 1
1
<<   2 >>

log in

join

posted on Dec, 12 2011 @ 03:24 PM
link   
Shuts down Firefox and Internet Explorer and disables AVG (freeware home use version).

Fix: Start computer with f8 key pressed. Go to system restore and go back two days, then run complete virus scan using restored AVG. Thought I was going to have to dump and reload the whole thing. -------------------




posted on Dec, 12 2011 @ 03:28 PM
link   
I have this same problem today.Except I use Avast.. and the virus pretends to be some other virus 'protection' (forgot what it was called.. Windows protector 2012 or something.. (also disables firefox and IE)

This isn't a long term fix but I switched user accounts to a newer one, and am currently virus scanning. So far it has found 2 viruses.

If this doesn't work I will try what you said.



posted on Dec, 12 2011 @ 03:28 PM
link   
Tell me more.

Did it undo file associations for applications also? I.e. all executables fail to start, while asking which application to use to open the file type?

Had a nasty bug on XP SP3 over the weekend.



posted on Dec, 12 2011 @ 03:33 PM
link   
reply to post by sixswornsermon
 


I have Windows 7.. what it did was say there is a 'major system problem' and my information was/could be being stolen.. then another thing pops up and says it found viruses, and wants me to ay $50 )or 60) to fix it.. if you press 'X or not now' it just pops up again a minute later.

Then when loading IE or firefox, it says "warning your system is in danger' (something like that) and says to fix it, you shoud buy their software.. if you click 'ignore warning and browse at risk' is just doesn't load.

(btw I can't remember the exact wording it used, just my guess memory



posted on Dec, 12 2011 @ 03:38 PM
link   
reply to post by ReadyPower
 


I've seen this one in many forms. It's a SOB.

If you explore where user profile settings are stored, you will find the virus executable in a hidden folder inside ...\localsetting\applicationdata. You cannot delete it, but you can rename it, then remove once the computer is rebooted.

The reason I asked is because I never had a virus that screwed up file associations like I experienced this weekend.



posted on Dec, 12 2011 @ 03:40 PM
link   
It's a nasty one. My daughter's computer got infected. Went to safe mode, used Malwarebytes. After removing infections, yes, firefox, other browsers wouldn't open. Had to restore sys to earlier date. Ran anti-virus....gone. It is a different type of fake anti-virus.



posted on Dec, 12 2011 @ 03:41 PM
link   
Look at your running tasks and look for a 3 character task/process name.

The associated DLL will reside in your system/system32 folder where all DLLs reside.

Reboot in Safe Mode and

Rename the fille's extension.....I use .old for example. so it can no longer be found by the virus program.

And delete references to it from the prefetch folder

This will prevent it from starting using that name. the next tme you boot.

But don't start normally untill you rid the system completely or it will only return. But root it out while in safe mode.

It's launching from the Browser command string in your registry using the name of .DLL I'd referred to earlier.

So don't launch the browser until you can locate the start string and delete the command string from the startup.

Or else it will only return. Under a new name.

Good Luck.


Peace



posted on Dec, 12 2011 @ 03:42 PM
link   
reply to post by fredgbear
 


Nice.

Once you remove the virus, you can fix your file associations by going to the file type dialogue (beleive it's in control panel in 7/ vista), and add a new type, type in exe, select advanced, then change type to "application".

This one really pissed me off!



posted on Dec, 12 2011 @ 03:43 PM
link   
I'll bite...

It sounds like a newer version of the Antimalware Doctor virus, and is a bit difficult to remove for the uninitiated.

www.majorgeeks.com... is your friend.



posted on Dec, 12 2011 @ 03:52 PM
link   
Holy #! This happened to you guys too?
Yeah, i opened the download for Skyrim(I was trying to get in on my PC) and I have Avast also, so I ran it in sandbox mode. and then that Windows Protector came up. and the logo looked all weird, and it was a weird UI. Just something fishy. And it started scanning. I was like :O CANCELCANCELCANCEL. ANd i couldnt get out of the program, and it wanted me to buy it to get rid of the virus. So I turned my computer off and back on(since it was in sandbox) and deleted the file. I highly recommend getting a Virus Protection that has a Sandbox feature, to prevent risk of said Virus's.



posted on Dec, 12 2011 @ 04:05 PM
link   
Oh the plight of the average Windows users, none of this happens on LINUX.
Ubuntu, gentoo, Mint, Arch, etc.

Choose one and have a ball.



posted on Dec, 12 2011 @ 04:08 PM
link   
reply to post by OmegaOwl
 


Some of use our computers to produce things, hence Windows.

I love all thing GNU/Linux, but get pretty tired of the fanboism.



posted on Dec, 12 2011 @ 04:57 PM
link   

Originally posted by ReadyPower
I have this same problem today.Except I use Avast.. and the virus pretends to be some other virus 'protection' (forgot what it was called.. Windows protector 2012 or something.. (also disables firefox and IE)

This isn't a long term fix but I switched user accounts to a newer one, and am currently virus scanning. So far it has found 2 viruses.

If this doesn't work I will try what you said.


I'm working on some burst pipes with the latest freeze so I hardly have time to redo the whole OS. The fix worked for me.



posted on Dec, 12 2011 @ 05:00 PM
link   

Originally posted by sixswornsermon
Tell me more.

Did it undo file associations for applications also? I.e. all executables fail to start, while asking which application to use to open the file type?

Had a nasty bug on XP SP3 over the weekend.


The Magic Jack still worked, but it seemed to be spreading, like a real virus. In a short while the whole thing would be ruined. I think it was starting to rewrite file associations. Five virus things were found in all. Three were trojans. ----------



posted on Dec, 12 2011 @ 05:04 PM
link   

Originally posted by OmegaOwl
Oh the plight of the average Windows users, none of this happens on LINUX.
Ubuntu, gentoo, Mint, Arch, etc.

Choose one and have a ball.


I have Mint on a dual boot with Windows XP Pro. It's pretty good, but I am more familiar with PCLinuxOS.

Really did like that one................



posted on Dec, 12 2011 @ 05:29 PM
link   

Originally posted by sixswornsermon
reply to post by OmegaOwl
 


Some of use our computers to produce things, hence Windows.

I love all thing GNU/Linux, but get pretty tired of the fanboism.



Its funny because people avoid windows to produce things, you usually see those kinds of people using Mac OS.



posted on Dec, 12 2011 @ 11:42 PM
link   
reply to post by wonhunlo
 


True. I have seen that one. Here of late, (I repair PCs) I have seen a lot of hard core viruses that either got right by the anti-virus protection, or masquerade as the protection itself. Pretty soon, as this cyber war escalates, all of you hard core Microsoft lovers are going to have your hands full. In the past two weeks, I have had three requests to install Linux on a customer's computer. Better learn Linux while you still have a working PC to download one on.
I run PC Linux 2011 KDE 86_64 (test) on my own machine, and it is really fast, and completely stable. PC Linux is a "Live" CD, you can boot on it and give it a try before installing. It will install right beside your Windows, and the install is so easy my 10 year old can do it. We have a nice forum where you can ask questions and learn your OS.
www.pclinuxos.com...

www.pclinuxos.com...



posted on Dec, 13 2011 @ 01:11 AM
link   
I have a back up computer with Linux mint just so i can look up how to fix these buy our product viruses.

And if it really gets bad i keep a cloned copy of my XP hard drive and can just pull the infected drive plug in the clone and format the infected and re-clone it..

Now has anyone any idea where this "buy our product virus" is being spread from what site were you infected from.



posted on Dec, 13 2011 @ 09:47 AM
link   

Originally posted by ANNED
I have a back up computer with Linux mint just so i can look up how to fix these buy our product viruses.

And if it really gets bad i keep a cloned copy of my XP hard drive and can just pull the infected drive plug in the clone and format the infected and re-clone it..

Now has anyone any idea where this "buy our product virus" is being spread from what site were you infected from.


Sorry, but a "format" only rearranges folders for installation. To get rid of a nasty virus, you need to erase the drive, by writing zeros across it. I use Ultimate Boot CD myself, it has many computer tools. Boot on UBCD, and scroll down to HDD, then scroll to Wiping Tools. CopyWipe is a real good one, so is D-Ban.



posted on Dec, 13 2011 @ 10:55 AM
link   
reply to post by OmegaOwl
 


As soon as some of the software vendors I deal with either release their source code (ha!), or give me a version of their software meant for Linux, I will be wiping this Windows installation.





new topics

top topics



 
1
<<   2 >>

log in

join