really bad virus....i need advice

[scarletboa]

while using the google search engine, somehow, a "antivirus trial" automatically started doing a "scan" on my computer and "found" about 50 viruses.

now, whenever i try do do ANYTHING, it says for example: "application cannot be executed. the file taskmgr.exe is infected. do you want to activate your antivirus software now?" it said that when i tried to open up task manager. on top of that, it keeps opening up internet explorer (i normally use google chrome) and automatically goes to porno.org, porno.com, adult.com, and viagra.com. it has about 50 tabs of that open right now. it also keeps saying "infiltration alert, your computer is being attacked by a virus, do you want to block this attack?" i unplugged my internet adapter as soon as it started acting up.

also, a new little red security sheild thing in the task bar on the right with the x keeps popping up at a rate of about 2 per second.


the only thing the computer will let me do is go to the "antivirus" website and buy their product. i can't even turn the pc off without holding the power button down.

i noticed that when i restart the computer, the "antivirus" program is one of the last things to open, so i quickly started a real virus scan with avira antivir before the "antivirus" could start. even though i had to keep clicking resume scan every 5 minutes, it finished the scan and found nothing.

i am using my laptop right now and my desktop is the one that is infected

HELP!!

[suicideneil]

Start the PC up in safe mode, run a scan, then delete whatever it detects. You may need to go digging manually too- will be in the programmes file but may be embedded elsewhere- download Malwarebytes and that should get rid of the rest of it.

What settings do you normally have your security and privacy at? I keep mine at medium-high with a few custom tweaks and rarely have any issues, havent for a long time. Make sure you download windows defender from the microsoft website if you havent already, nifty tool that lets you decide what runs at start up and what doesnt, alonf with detecting nasty stuff and stopping it from running usually. Crapcleaner is another ultility useful for removing registry entries after the nasties are deleted from the computer..

[BrianG]

That's not technically a "virus", but whatever. Anyway, this sounds just like what happened at work around Christmas. At that time, AV software didn't detect it, so we had to remove it manually through trial and error. Try booting into safe mode and scanning the system using whatever AV software you are running. When you boot into safe mode, make sure you select the option where you have network support so that you can download any AV updates.

What is the name of this "software"? If it's what I think it is, there'll be a blue shield icon in your system tray.

[redshift]

Yeh Brian it's like some waste-of-oxygen hacker's version of a RickRoll. Not much compared to what I had back in the summer... consider yourself lucky boa.

[FullMetalGrave]

I run a couple programs in tandem to get as much as junk out as possible. Malware Bytes (per Neil) as well as Spybot and Hijack this. Usually between the 3 programs that will take care of it. As Neil also said, you will probably have to manually remove some junk files.

[BrianG]

Also, if this virus is what I think it is, it's a "per-user" thing. If you log in as someone else, it won't be active, so you have an easier time removing it without going into safemode.

[JThiessen]

I think my daughters laptop came down with that same one, or similar a couple weeks ago.
I ran through it in safe mode and couldn't get anything. It actually turns off Norton and Spyware Dr when not in safe mode. I hadn't thought of downloading Windows Defender. Can you do that in safe mode?

[scarletboa]

Quote:

Originally Posted by BrianG

What is the name of this "software"? If it's what I think it is, there'll be a blue shield icon in your system tray.

that's exactly what it is. the blue shield thing isn't visible after a few seconds after the program starts after start-up because it is soon replaced by those red shields with x's.


how did you combat it? my avira antivir couldn't detect it.

[snellemin]

I've seen a couple of times on different systems. Sometimes it can be removed without too much headache and sometimes it gets removed but will keep rebooting. Waste of time trying to removed it. So I just swap in a different harddrive and reinstall everything. Once done I just copy over my data from the previous drive.

[_paralyzed_]

exact thing that just got me a week or two ago. I hate that crap.

[scarletboa]

would system recovery fix this?

how do you do system recovery? i'm not too computer savvy......

also, how do you start windows in safe mode? (yeah, i know, i am a total pc noob)
btw: the os is windows xp

[JERRY2KONE]

Not really knowing how to do stuff on the PC can be a fatal mistake. Find a friend, relitive, buddy or whatever who knows this stuff and get them to help you out. I keep my PC friends close so if I end up with an issue that I either cannot recover from or fix on my own I give them a call and all is well.

It sounds like you opened something right before this thing hit you. So it would make sense that whatever you opened is causing the problem. You either opened or downloaded something to let this moron in. Figure out what you did and zero in on that email, program, or file and remove it. To get into safe mode when you press the start up button as soon as the first screen pops up press F5 or Control Alt Delete and it should open to safe mode. Be careful you do not change anything that you do not understand or you could end up in even bigger trouble.

I would get someone else in to show you how to do these things first. Learn from the pros. We can do allot of things with our PC's once we are shown exactly what to do once or twice. Good luck with that.

[tashpop]

i had the same thing called system tools i believe. i got rid of it by hitting ctr alt delete to get in my task menue at start up then i stopped the process. you have to do it fast at startup because this thing once started shuts down any program you could use to stop or delete it. then searched for any file named system tools and did a system recovery for an earlier date. google it, its a very common attatchment. i tracked it and we got it from myspace page layout site.

oh, i think its process is just a 7 or 9 digit number, not named system tools.

[Arct1k]

Harrold had that thing - Tried like hell to get rid of it but couldn't...

I ended up with backing up data and reformatting hard disk...

I wouldn't fight it its a REAL PITA!

[JThiessen]

Quote:

Originally Posted by scarletboa

would system recovery fix this?

how do you do system recovery? i'm not too computer savvy......

I assume you are referring to "system restore"? In the case of my daughters pc, it wouldn''t run System restore, even in Safe mode. Somehow, it disabled it.