help meeeee!!!

[David.Seth2]

so hopefully i am posting this in the correct area. anyways, i am asking help from anyone out there that can give me some info. some how or another, i got a major virus/malware thing (the fake Anti Virus 2009). the thing is, all my av programs crash when i load them, and if by chance i do get them running, they cannot update (cause i was able to get avg to run but it could not detect anything). even googling "how to remove fake antivirus 2009" will give me plenty of results, but for some reason i cannot access those sites. Im getting constant popus, weird icons on the desktop... im about to lose it. i would just format my pc but i would rather not unless i really have too. Oh, and when i google "can't access antivirus sites" i get plenty of results but, again, firefox or ie wont let me connect (most likely due to the malware/virus). any ideas?


*** woot never mind. i had heard about a prog called malwarebytes and downloaded it. seemed to take care most of the problems. im still getting random pop ups when ive never gotten them before.... i guess i still have some work to do

 

[Raziaar]

Try running the programs(various ones... for removing spyware/adware/viruses/trojans and things like registry cleaners) during safe mode.

To get to safe mode while operating a PC, reboot and as it's in the POST screen you typically press F8 or something until it comes to a screen where you can have the option of booting in safe mode. Safe mode is good for cleaning out stuff because most bad things aren't able to be loaded during safe mode and you can clean them out with more success.

I'm sure others will be along to help you out too.

 

[David.Seth2]

ah thanx. lol i thought it was F7. its been so long since ive booted in safe mode. atleast now i can access the av websites and also update the av programs. im just curious how the hell i got this thing since i dont really download much.

 

[Vegeta897]

I like your sig, man

 

[David.Seth2]

ha thanx... sadly it seems quite fitting at the moment. this is the first time in the 15 or so years of bein on the internet that i've almost had to format my pc due to a damned virus.


edit*** btw, what is your avatar pic from? seems that ive seen it somewhere....

 

[Barney Fife]

Try system restore.

Good Luck.

 

[Laivasse]

Try system restore.

Good Luck.

WHUP! Hang on a mo.... don't do that just yet. If he had system restore turned on while Malwarebytes removed some earlier stuff, then activating a restore point stands a good chance of restoring malicious software too (depending on the restore point and the sophistication of the threat). That's why it's often recommended to turn off system restore before doing any serious cleaning.

@OP: try googling for 'Smitrem', since it sounds like you might have a variant of the smitfraud thing.

If that doesn't help, download some free scanning software, like Spybot, AVG, Superantispyware, whatever (and scan in Safe Mode). Try the free trial of Kaspersky or NOD32. Also scan and save a logfile with hijackthis, if problems persist. You could post it on some tech guru site, where people will know what all the dodgy entries are, or you could post it here, where no one will really know what's what, although we have had some success in the past in catching stuff out from HT logs...

EDIT: If smitfraud really was your problem, the Wikipedia article links to SmitFraudFix so maybe you should use that instead of/as well as Smitrem.
EDIT2: I've read that spywarewarrior.com could be a good starting point for posting Hijackthis logs. Or just post them here if you're too lazy to register there, and I or someone else might get lucky.

 

[David.Seth2]

thanks for the tips. thankfully using malwarebytes i was able to get rid most of the problems. i don't know how, but the virus i had (or malware or whatever you call it) was preventing me from accessing anti virus websites or their servers (which in turn prevented me from updating definitions to AVG or Ad-Aware or ClamWin). The only way I was able to get malwarebytes was by going to download.com and finding it there. its funny, because when i found the page on download.com, it would load up for like 1 second and then give me a 404 message (this is what the virus was doing to all the anti virus websites except it wouldn't even load for a second). After many refreshings i was able to download the program and it got rid of enough crap so i could access my AVG and now I'm free! thanx for the help guys.


edit: I think i know where i got this crap from now. While very foolish of me, i had used LimeWire the other day to find a song. a few of the "mp3s" i downloaded were really just small audio clips that once played, opened a friggin slew of pop ups. now i know why its been years since i last used lime wire.

 

[David.Seth2]

what the efin ef? now i have this crappy spy guard 2008 malware to friggin get rid of. and its seems that neither avg free 8.0 or malwarebytes anti-malware is taking care of the problem. wtf. any suggestions? (lol an F'in pop up for spyguard 2008 just popped up as i was writing this).

 

[StardogChampion]

edit: I think i know where i got this crap from now. While very foolish of me, i had used LimeWire the other day to find a song. a few of the "mp3s" i downloaded were really just small audio clips that once played, opened a friggin slew of pop ups. now i know why its been years since i last used lime wire.

That's how you spot fake files - small filesize. Usually under 500k.

I'd also get Avast! instead of AVG. If Ad-aware or Spybot don't find the problems then you'll have to use the net. Since you can't access the pages try clicking the "Cache" button to see if you can access that.

You could also go into your system32 folder and sort them all by date/modified. Check the newest ones created within the last week. If you click on them once one by one with Avast! installed it should pop up if one of them is a virus.

 

[Krynn72]

edit*** btw, what is your avatar pic from? seems that ive seen it somewhere....

Its from Kill Bill. Probably the only non anime movie hes ever watched. But it has lots of Asians in it, so thats how he was able to watch it.


YEAH THATS RIGHT VEGETA! I WENT THERE, AND FOR NO GOOD REASON TOO!

 

[Vegeta897]

I've never seen an anime movie, sir.

Movie versions of animes are usually gay action/popular anime that I hate.

 

[David.Seth2]

I've never seen an anime movie, sir.

Movie versions of animes are usually gay action/popular anime that I hate.

that makes me sad


anyways, i actually already had avast so i updated it, as well as the rest (clamwin, avg, malwarebytes) booted in safe mode, and ran everything. still im getting the popups for spyware guard 2008!!!!

I did go into system32 but nothin was found as a virus with any of the programs i have. and i still am getting the popups. its even in my systray! aaahhhh! i dont wanna format =(


oh and the "mp3s" i download using lime wire were around 4 meg each. i know better than to download a 300k mp3. then again i should know better than to use lime wire in the first place. but thanx for the warning anyway.

 

[Laivasse]

Have you tried the smitfraud removal fix, or spybot, or NOD32/Kaspersky free trial, or superantispyware, or posting a hijackthis log yet?

Not all antispy/antivirus are equal. Personally it would never occur to me to rely on the ones you are currently using.

If you feel more confident about deleting stuff, follow the info in this post that I made for Seppo when he was infected a while back.

 

[No Limit]

If malwarebytes isn't removing it your best bet is to identify the files the virus is using then boot into recovery console and delete the files manually.

First grab hijack this and process explorer. You might have to download them on an outside computer and then install:

http://majorgeeks.com/download3155.html

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Identify any processes or files that shouldn't be there. Under process explorer if the process doesn't have a "company name" assigned to it it will likely be the virus, but you will want to verify that using google so you don't delete anything useful. Once you have wrote down all the files that are a virus grab your windows xp cd. If you know how to install windows at start up just select the recovery console option, do not delete your existing OS. If you have never done this the following article will help you:

http://support.microsoft.com/kb/307654

Once you are in recovery console you can use the cd command to change between folders, for example:

cd windows

Will take you to the windows folder if you type it in your C drive.

Then you can delete files using the following command:

del filenamehere.dll

After you have deleted all the virus files, make sure you don't miss any, you should be good. Run malwarebytes one more time after this as it will delete any inactive virus files on your drive. Obviously these steps are a bit more advanced than just running a virus program that will do this for you but I hope this helps. You might also want to do a back up just incase you make a mistake in recovery console.

 

[No Limit]

Not all antispy/antivirus are equal. Personally it would never occur to me to rely on the ones you are currently using.

Malwarebytes is actually a fairly good program. It is one of the only programs out there effective against most of these antivirus 2008/2009 worms.

 

[Laivasse]

Ah, fair enough, I just hadn't heard many recommendations. Never used it personally.

 

[David.Seth2]

thank you guys for the suggestions. after a marathon of scanning using AVG, ClamWin, Malwarebytes, Avast, and Ad-Aware multiple efin times, it looks like that i finally got it under control. if by chance its still here i will use your method Laivasse . and if that doesnt work then ill use No Limits method. thanx guys. on a side note i just noticed my clock in the systray is displaying 14:12.... is this military time? and if so, how the heck did it get that way?

edt: nevermind, i found the setting in the control panel. how it got changed in the first place is still a mystery.