How do I nuke this **** er from orbit ❓
Recently picked up this while doing online research, what's the best way to get rid of the little bastard!
I'm running Micro soft security essentials, are there other software applications I can run at the same time?
Just now I'm at my parents using their computer so any help that will enable me to use my own again would be greatly appreciated.
I recently just machined up some rear shock bushing tools, I would be happy to give who ever gets me the use of my PC again one and some free bushes!
Hope everyone is enjoying their weekend, I need a drink!
http://www.malwarebytes.org/products/malwarebytes_free
You may need to boot into Safe Mode With Networking (press F8 before windows starts) to download / run.
I had it last week. It rendered the children's sub account un-usable because I couldn't log in to a web page to download the software. I deleted the sub account and all seemed well but after reading about it on here, I downloaded the free software from http://www.malwarebytes.org/ . When I ran the malware bytes it picked up some rogue program and deleted it. It surprised me because I run McAfee and it's updated all the time and the kids sub account wasn't an admin account, although they play a lot of online games (which I suspect may have brought it in).
If your computer doesn't work, you can apparently download the malwarebytes software to a dongle on a different computer and then run it off that.
Edit: Ah, Allthepies beat me to it.
I had the same experience as Tinner, when my g/f downloaded it on to her computer, past MS Security Essentials. Malware sorted the 'infection' but a new account was required, as the old one was completed fubar'd (wouldn't run exe's.. said they weren't recognised)
You may want to follow these detail steps to get rid of the bugger.
[url= http://forums.malwarebytes.org/index.php?showforum=39 ]Malware Removal guides from MBAM[/url]
[url= http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011 ]Ways to get rid of the bugger[/url]
💡
Can I down load the programme to a cd? I really need to learn about computers when I get time!
You can copy it to a CD to install from it later, but not to boot from.
Get rkill as well (google it) and run that first.
run rkill.exe (that cougar suggested) on the infected machine BEFORE you attempt to install MBAM, otherwise it will either fail to install entirely or not work once installed. one of the things the infection you have does is prevent any anti-spyware tools from working.
also, use more than one anti-spyware program. MBAM is good, but use spybotS&D or SuperAntiSpyware AS WELL. google em for the downloads.
Good luck. it's pretty easy to clean as long as you follow instructions advice to the letter, but slightly laborious!
I'm back in and running malwarebytes, although it's crashed once already and stopped responding.
Thanks everyone, the best way to describe my company and my life for the past few years is tyres gone and the sparks are flying!!!
Allthepies and cougar for now. I have two prototype bushing tools plus 5x DP4 bushes, for fox 5th marzocchi rear shocks.
If you want one to test for me, just let me know your addresses and I'll post them out.
I'm exhausted and I'm of to relax, before I have to drag myself up tomorrow and get to work.
Thanks everyone, delaing with this shit is hard enough, dealing with it when you're exhausted is ****ed up!
[img] 
[/img]
This bastard programme has dissabled my automatic updates on my windows security, is there any way to fix it ❓
Restart your computer, as it reboots repeatedly press your F8 key and the option to start in safe mode(with networking) will come up.
In safe mode run your malwarebytes program, and update your windows security, then run a scan
Allthepies has it, you can run TDSSKiller.exe in normal mode nowadays, great stuff 😀
kaesae > cheers for the offer, it's appreciated but it's not going to be something I can make use of with a hardtail (-:
I'm scratching my head a bit with TDSS getting a mention here; I'm not aware of any variants of this infection that inject a rootkit. Doesn't mean that there aren't any, of course, but it raises concerns.
I'd suggest,
1) run [url= http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/ ]TFC[/url]. This will clean out temp files, which will make subsequent scans a lot faster.
2) run a [i]full [/i]scan with MalwareBytes.
3) run [url= http://www.superantispyware.com/ ]SUPER Anti-Spyware[/url].
4) get a log file from [url= http://uk.trendmicro.com/uk/products/personal/free-tools-and-services ]HijackThis[/url] or similar so that I / we can review it.
Weird. I'm fixing the exact same problem on my mothers laptop.
Used MBAM and super antispyware. "Seemed" to get rid of all the nasties. However on reboot all of the file associations had been lost.
[url= http://www.techsupportforum.com/forums/f217/apparent-file-association-problem-caused-by-virus-removal-461542.html ]Followed this advice and that seemed to fix that.[/url]
Had a problem connecting to anything on the internetz, which was apparently caused by the virus taking over the host file. [url= http://www.precisesecurity.com/tools-resources/threat-removal-procedure/clean-windows-hosts-file/ ]Had to clean the host file[/url]
NOw I'm stuck with the same problem as kaesae, in that the virus has disabled windows automatic updates. Haven't found the resolution for this yet.
[url= http://en.kioskea.net/forum/affich-44726-windows-xp-automatic-updates-not-working ]Just found this link, I'll give it a go and report back[/url]
That last link didn't work for me.
Tried turning on Automatic updates in Computer Management and there was no entry for it
Done it!
[url= http://support.microsoft.com/kb/949104 ]Download a copy of Windows Update Agent from that there Microsoft[/url], install it. However on the laptop that I was using it wouldn't install as there already was a version of the MUA installed. It's pretty tricky to unistall it but you can force it to install by using the Run command browse to the location of the update agent and put /wuforce at the end of the command line. wo0t!
Malwarebytes, but go into program files and change the .exe file extension to .com otherwise the nasty won't let it run
If you don't already have malwarebytes and the nasty won't let you access the internet download it onto another machine and then transfer with a memory stick
The file rename is the key thing with this line of attack
This explains it far better than me, see post 3 for details [url= http://forums.malwarebytes.org/index.php?showtopic=38629&st=0&p=193288&#entry193288 ]Virus Removal[/url]
Spybot S&D
can't link from work, but this removed everything without me having to mess with registries...........
I think your screwed and will need to format.
I tried everything to remove it but it takes over your PC eventually.
Had to format in the end.
Also tried phoning up Avast to ask them and ended up being pressured into paying over £400 for a three year contract with them!?
This baby got rid of it for me.
You really don't want to be running combofix unless you know what you're doing. It's a powerful tool, but because of that it also has the capacity to royally bugger up your system.
[i]Specifically [/i]for the infection family mentioned in the OP only, this [url= http://download.bleepingcomputer.com/reg/FixNCR.reg ]registry file[/url] should fix the file extension problems.
I tried everything to remove it but it takes over your PC eventually.
You didn't try everything then, you gave up. In all the time I've been dealing with malware (and that's a lot of PCs) I've only had to format one once. Sometimes it can be the best course of action (eg, the PC's owner was going to wipe it anyway), but it's very rare that that's the [i]only [/i]option.
The virus has disabled windows automatic updates.
This is weird. Plenty of nasties do this (it was Conficker's party trick, famously), but I've not seen it in relation to this family.
Can you look in Services and tell me what settings (status and startup type) you've got for Automatic Updates and Background Intelligent Transfer Service?
Well I tried to run the renamed malwarebytes in safe mode but I couldn't so gave up. It did suprisingly all of a sudden disappear thanks to AVG but then there were still little problems remaining that I couldn't fix so formatted.
Yeah, that would have surprised me as well.
(-:
So didn't try Spybot then................. 😥
Whichever antivirus company that produced this needs wiping off the internet,nuking from orbit etc. I know we'll never know.........
Whichever antivirus company that produced this needs wiping off the internet,nuking from orbit etc. I know we'll never know.......
Errrrr, it's not a legit product but a "fake" which is intended to extract cash from you and also install lots of malicious s/w on your PC.
Keep believing..............If there were no virus I wouldn't have heard of Kapersky, SuperAntispyware etc. Chicken/egg situation maybe? Let's face it, someone is getting paid to do this stuff!
ATP is correct it is a very professional looking scam. It lures people into thinking your PC is screwed, which it is kind of. There is nothing wrong with the problems reported and none of your programs are uninstalled. They have just been hidden.
The wife likes to keep me busy so she acquired it a couple of weeks ago.
Fixed by downloading malwarebytes and spybot. Ensure you set your file preferences to 'show hidden files' reboot into safe mode. Run full scans of both downloaded software packages. They will pick up the offending code and registry settings. You will also have to unhide all the programs in the task bar etc in your documents and settings. There's a few other things you may have to do but google should be your friend.
Good luck!
I forgot to mention I have a fully paid up version of Norton AV and it did not pick up a thing. Its not virus per say, its malware & bots. That's dealt with by the more expensive 360 package. Norton does work very well at the virus stuff.
You are correct. Someone is getting paid.... by the people who fall for the scam. I'll bet there's a few.
The rule is, if the link or request looks dodgy, dont click it.
I have now entered the weird and wonderful world of safe mode, I have these waves of weird shit rolling down my screen!
I am now trying to get the **** ing PC to let me update my security over!
Whichever antivirus company that produced this needs wiping off the internet
[img] 
[/img]
it is a very professional looking scam.
Time was, I'd have said "if you fall for this crap you deserve everything you get." These days, they're getting really sophisticated to a point where it's increasingly difficult to tell the fakes apart unless you're experienced, and even when you do spot it the damn things are so invasive that you're buggered anyway.
My new net oil has just picked this up today - have to say, it's pretty convincing. Thing is, I can't remember picking up anything like this in the past few years (don't use prawn sites or anything dodgy) so it's a bit of a coincidence that this topic pops up here as I'm using this very issue - paranoia or something in it? Discuss.
Still a bit stuck on this and I just realized that my micro soft security essentials isn't working either.
Day off and his shit is just plain AAAARRRGGGHHHH!!!!!
Bimbler - Member
Done it!Download a copy of Windows Update Agent from that there Microsoft, install it. However on the laptop that I was using it wouldn't install as there already was a version of the MUA installed. It's pretty tricky to unistall it but you can force it to install by using the Run command browse to the location of the update agent and put /wuforce at the end of the command line. wo0t!
Glad you happy mate and that shithead programme is of your pc, but how do I go about doing this?
AAAARRRGGGHHHH!!!!!!!!!!!!!!!!!!!!!!!xAAAARRRRGGGHHHH!!!!!!!!!
Can anyone help out with this, I haven't stopped for days and have no idea what I'm doing!
I seem to have this thumbs.db in a lot of my picture folders ❓
Should I be deleting all of them?
Chuck it in the bin and buy a Apple MBPro 
thumbs.db are the data for the thumbnails for that directory so it doesn't have to create thumbnails everytime.
AAAARRRGGGHHHH!!!!!!!!!!!!!!!!!!!!!!!xAAAARRRRGGGHHHH!!!!!!!!!Can anyone help out with this, I haven't stopped for days and have no idea what I'm doing!
I seem to have this thumbs.db in a lot of my picture folders
Should I be deleting all of them?
Hi kaesae
Go here
[url= http://support.microsoft.com/kb/949104 ]Microsoft Update Agent[/url]
Download it.
Then go start>run browse to the file which you just downloaded/saved put a space then /wuforce and then ok it.
Try SPYBOT S&D (as I mentioned earlier in the thread.....), it seemed to work for me.
I just tried to change the name of a video I rencently shot and it's said that if I change it the video might not work.
I changed it anyway and the video is unuseable, this thing is a real pain in the ass!
bimbler I don't understand the instructions. once I locate the file on my pc I should change the file name and include /wuforce?
also where should I get spy bot search and destroy from ❓
I just tried to change the name of a video I rencently shot and it's said that if I change it the video might not work.
That's windows - standard message if you try to change the file extension eg change a file called "video.mpg" to "video" without the extension (.mpg) or so on. To fix it, you need to rename from "video" back to "video.mpg" or .avi or whatever it was before.
If you go back to my earlier post and follow the instructions in the link it will clear the nasty out. I know it works because I used it just the other day to remove an identical bug on my daughters netbook
You are not making it easy for yourself keeping on buggering about with this and that rather than listening to advice and acting upon it
kaesae - Memberbimbler I don't understand the instructions. once I locate the file on my pc I should change the file name and include /wuforce?
also where should I get spy bot search and destroy from
You don't need to do this step unless Windows is reporting that Auto Update is turned off and you can't turn it back on, as was the case with me.
Basically download the file I linked - remember where you save it to.
Click on start button.
Go to Run command which will be on the right hand side of the start menu (not in all programs menu)
Click on Browse.
Browse to where you saved the file above. Choose the file.
Add the space /wuforce command. Click OK.
This will force the MS update program to reinstall itself. Reboot. MS update should now be working.
Hope this works - this won't get rid of any vestiges of the virus/malware but will fix windows update.
It now says
wusetup.exe is not a valid win32 application
You've prolly downloaded the 64 bit version
[url= http://download.windowsupdate.com/WindowsUpdate/redist/standalone/7.4.7600.226/WindowsUpdateAgent30-x86.exe ]This is the 32 bit version click the direct link and it will start to download[/url]
" I run McAfee and it's updated all the time "
My father has been subscribing to McAfee and I had the exact same conversation with him yesterday.
Both his desktop and laptop were running very slow. I ran malwarebytes on both and found 3 viruses on each machine... even though he had just scanned both machines earlier that morning with McAfee which had just been updated.
So now deleted crappy McAfee and put Microsoft Security Essentials on both machines. Not surprisingly both machines now run much much quicker than they did with McAfee and now should hopefully be better protected than with McAfee. Still suggested he should run malwarebytes every so often.
Thanks to you bimbler, that's it sorted, now for everyone who has pitched in and help me sort this shit out, does anyone want one of my bushing tools and a couple of spare bushes ❓
Off out to enjoy the rest of my day! WOOT!!!!
This **** ING thing has returned, only now it's the 2012 version. Borrowing some photo's online for my bearing kits and I've had to nook the **** ER again 😯
people are always writing variants of things like this, same as viruses basically.
there's a chance it wasn't completely gone in the first place, but that's by the by now. once you've cleaned it again, i'd suggest either setting up a scheduled scan (not sure you can do this with the free version though) or periodically (say, once a week) manually updating and scanning your machine with MBAM and/or spybotS&D.
won't guarantee you'll never get infected again, but it'll minimise the chances of it.
FWIW i've never had one of these infections on any of my work or home PCs (9 in total!)...
oh, and i have a DHX3 air shock... ha!