How do I nuke this **** er from orbit ❓
Recently picked up this while doing online research, what's the best way to get rid of the little bastard!
I'm running Micro soft security essentials, are there other software applications I can run at the same time?
Just now I'm at my parents using their computer so any help that will enable me to use my own again would be greatly appreciated.
I recently just machined up some rear shock bushing tools, I would be happy to give who ever gets me the use of my PC again one and some free bushes!
Hope everyone is enjoying their weekend, I need a drink!
http://www.malwarebytes.org/products/malwarebytes_free
You may need to boot into Safe Mode With Networking (press F8 before windows starts) to download / run.
I had it last week. It rendered the children's sub account un-usable because I couldn't log in to a web page to download the software. I deleted the sub account and all seemed well but after reading about it on here, I downloaded the free software from http://www.malwarebytes.org/ . When I ran the malware bytes it picked up some rogue program and deleted it. It surprised me because I run McAfee and it's updated all the time and the kids sub account wasn't an admin account, although they play a lot of online games (which I suspect may have brought it in).
If your computer doesn't work, you can apparently download the malwarebytes software to a dongle on a different computer and then run it off that.
Edit: Ah, Allthepies beat me to it.
I had the same experience as Tinner, when my g/f downloaded it on to her computer, past MS Security Essentials. Malware sorted the 'infection' but a new account was required, as the old one was completed fubar'd (wouldn't run exe's.. said they weren't recognised)
You may want to follow these detail steps to get rid of the bugger.
[url= http://forums.malwarebytes.org/index.php?showforum=39 ]Malware Removal guides from MBAM[/url]
[url= http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011 ]Ways to get rid of the bugger[/url]
💡
Can I down load the programme to a cd? I really need to learn about computers when I get time!
You can copy it to a CD to install from it later, but not to boot from.
Get rkill as well (google it) and run that first.
run rkill.exe (that cougar suggested) on the infected machine BEFORE you attempt to install MBAM, otherwise it will either fail to install entirely or not work once installed. one of the things the infection you have does is prevent any anti-spyware tools from working.
also, use more than one anti-spyware program. MBAM is good, but use spybotS&D or SuperAntiSpyware AS WELL. google em for the downloads.
Good luck. it's pretty easy to clean as long as you follow instructions advice to the letter, but slightly laborious!
I'm back in and running malwarebytes, although it's crashed once already and stopped responding.
Thanks everyone, the best way to describe my company and my life for the past few years is tyres gone and the sparks are flying!!!
Allthepies and cougar for now. I have two prototype bushing tools plus 5x DP4 bushes, for fox 5th marzocchi rear shocks.
If you want one to test for me, just let me know your addresses and I'll post them out.
I'm exhausted and I'm of to relax, before I have to drag myself up tomorrow and get to work.
Thanks everyone, delaing with this shit is hard enough, dealing with it when you're exhausted is ****ed up!
[img] 
[/img]
This bastard programme has dissabled my automatic updates on my windows security, is there any way to fix it ❓
Restart your computer, as it reboots repeatedly press your F8 key and the option to start in safe mode(with networking) will come up.
In safe mode run your malwarebytes program, and update your windows security, then run a scan
Allthepies has it, you can run TDSSKiller.exe in normal mode nowadays, great stuff 😀
kaesae > cheers for the offer, it's appreciated but it's not going to be something I can make use of with a hardtail (-:
I'm scratching my head a bit with TDSS getting a mention here; I'm not aware of any variants of this infection that inject a rootkit. Doesn't mean that there aren't any, of course, but it raises concerns.
I'd suggest,
1) run [url= http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/ ]TFC[/url]. This will clean out temp files, which will make subsequent scans a lot faster.
2) run a [i]full [/i]scan with MalwareBytes.
3) run [url= http://www.superantispyware.com/ ]SUPER Anti-Spyware[/url].
4) get a log file from [url= http://uk.trendmicro.com/uk/products/personal/free-tools-and-services ]HijackThis[/url] or similar so that I / we can review it.
Weird. I'm fixing the exact same problem on my mothers laptop.
Used MBAM and super antispyware. "Seemed" to get rid of all the nasties. However on reboot all of the file associations had been lost.
[url= http://www.techsupportforum.com/forums/f217/apparent-file-association-problem-caused-by-virus-removal-461542.html ]Followed this advice and that seemed to fix that.[/url]
Had a problem connecting to anything on the internetz, which was apparently caused by the virus taking over the host file. [url= http://www.precisesecurity.com/tools-resources/threat-removal-procedure/clean-windows-hosts-file/ ]Had to clean the host file[/url]
NOw I'm stuck with the same problem as kaesae, in that the virus has disabled windows automatic updates. Haven't found the resolution for this yet.
[url= http://en.kioskea.net/forum/affich-44726-windows-xp-automatic-updates-not-working ]Just found this link, I'll give it a go and report back[/url]
That last link didn't work for me.
Tried turning on Automatic updates in Computer Management and there was no entry for it
Done it!
[url= http://support.microsoft.com/kb/949104 ]Download a copy of Windows Update Agent from that there Microsoft[/url], install it. However on the laptop that I was using it wouldn't install as there already was a version of the MUA installed. It's pretty tricky to unistall it but you can force it to install by using the Run command browse to the location of the update agent and put /wuforce at the end of the command line. wo0t!
Malwarebytes, but go into program files and change the .exe file extension to .com otherwise the nasty won't let it run
If you don't already have malwarebytes and the nasty won't let you access the internet download it onto another machine and then transfer with a memory stick
The file rename is the key thing with this line of attack
This explains it far better than me, see post 3 for details [url= http://forums.malwarebytes.org/index.php?showtopic=38629&st=0&p=193288&#entry193288 ]Virus Removal[/url]
Spybot S&D
can't link from work, but this removed everything without me having to mess with registries...........
I think your screwed and will need to format.
I tried everything to remove it but it takes over your PC eventually.
Had to format in the end.
Also tried phoning up Avast to ask them and ended up being pressured into paying over £400 for a three year contract with them!?
This baby got rid of it for me.
You really don't want to be running combofix unless you know what you're doing. It's a powerful tool, but because of that it also has the capacity to royally bugger up your system.
[i]Specifically [/i]for the infection family mentioned in the OP only, this [url= http://download.bleepingcomputer.com/reg/FixNCR.reg ]registry file[/url] should fix the file extension problems.
I tried everything to remove it but it takes over your PC eventually.
You didn't try everything then, you gave up. In all the time I've been dealing with malware (and that's a lot of PCs) I've only had to format one once. Sometimes it can be the best course of action (eg, the PC's owner was going to wipe it anyway), but it's very rare that that's the [i]only [/i]option.
The virus has disabled windows automatic updates.
This is weird. Plenty of nasties do this (it was Conficker's party trick, famously), but I've not seen it in relation to this family.
Can you look in Services and tell me what settings (status and startup type) you've got for Automatic Updates and Background Intelligent Transfer Service?
Well I tried to run the renamed malwarebytes in safe mode but I couldn't so gave up. It did suprisingly all of a sudden disappear thanks to AVG but then there were still little problems remaining that I couldn't fix so formatted.
Yeah, that would have surprised me as well.
(-:
So didn't try Spybot then................. 😥
Whichever antivirus company that produced this needs wiping off the internet,nuking from orbit etc. I know we'll never know.........
Whichever antivirus company that produced this needs wiping off the internet,nuking from orbit etc. I know we'll never know.......
Errrrr, it's not a legit product but a "fake" which is intended to extract cash from you and also install lots of malicious s/w on your PC.
Keep believing..............If there were no virus I wouldn't have heard of Kapersky, SuperAntispyware etc. Chicken/egg situation maybe? Let's face it, someone is getting paid to do this stuff!
ATP is correct it is a very professional looking scam. It lures people into thinking your PC is screwed, which it is kind of. There is nothing wrong with the problems reported and none of your programs are uninstalled. They have just been hidden.
The wife likes to keep me busy so she acquired it a couple of weeks ago.
Fixed by downloading malwarebytes and spybot. Ensure you set your file preferences to 'show hidden files' reboot into safe mode. Run full scans of both downloaded software packages. They will pick up the offending code and registry settings. You will also have to unhide all the programs in the task bar etc in your documents and settings. There's a few other things you may have to do but google should be your friend.
Good luck!
I forgot to mention I have a fully paid up version of Norton AV and it did not pick up a thing. Its not virus per say, its malware & bots. That's dealt with by the more expensive 360 package. Norton does work very well at the virus stuff.
You are correct. Someone is getting paid.... by the people who fall for the scam. I'll bet there's a few.
The rule is, if the link or request looks dodgy, dont click it.
I have now entered the weird and wonderful world of safe mode, I have these waves of weird shit rolling down my screen!
I am now trying to get the **** ing PC to let me update my security over!
Whichever antivirus company that produced this needs wiping off the internet
[img] 
[/img]
it is a very professional looking scam.
Time was, I'd have said "if you fall for this crap you deserve everything you get." These days, they're getting really sophisticated to a point where it's increasingly difficult to tell the fakes apart unless you're experienced, and even when you do spot it the damn things are so invasive that you're buggered anyway.
My new net oil has just picked this up today - have to say, it's pretty convincing. Thing is, I can't remember picking up anything like this in the past few years (don't use prawn sites or anything dodgy) so it's a bit of a coincidence that this topic pops up here as I'm using this very issue - paranoia or something in it? Discuss.
Still a bit stuck on this and I just realized that my micro soft security essentials isn't working either.
Day off and his shit is just plain AAAARRRGGGHHHH!!!!!
Bimbler - Member
Done it!Download a copy of Windows Update Agent from that there Microsoft, install it. However on the laptop that I was using it wouldn't install as there already was a version of the MUA installed. It's pretty tricky to unistall it but you can force it to install by using the Run command browse to the location of the update agent and put /wuforce at the end of the command line. wo0t!
Glad you happy mate and that shithead programme is of your pc, but how do I go about doing this?
AAAARRRGGGHHHH!!!!!!!!!!!!!!!!!!!!!!!xAAAARRRRGGGHHHH!!!!!!!!!
Can anyone help out with this, I haven't stopped for days and have no idea what I'm doing!
I seem to have this thumbs.db in a lot of my picture folders ❓
Should I be deleting all of them?
Chuck it in the bin and buy a Apple MBPro 
thumbs.db are the data for the thumbnails for that directory so it doesn't have to create thumbnails everytime.
AAAARRRGGGHHHH!!!!!!!!!!!!!!!!!!!!!!!xAAAARRRRGGGHHHH!!!!!!!!!Can anyone help out with this, I haven't stopped for days and have no idea what I'm doing!
I seem to have this thumbs.db in a lot of my picture folders
Should I be deleting all of them?
Hi kaesae
Go here
[url= http://support.microsoft.com/kb/949104 ]Microsoft Update Agent[/url]
Download it.
Then go start>run browse to the file which you just downloaded/saved put a space then /wuforce and then ok it.
Try SPYBOT S&D (as I mentioned earlier in the thread.....), it seemed to work for me.
I just tried to change the name of a video I rencently shot and it's said that if I change it the video might not work.
I changed it anyway and the video is unuseable, this thing is a real pain in the ass!
bimbler I don't understand the instructions. once I locate the file on my pc I should change the file name and include /wuforce?
also where should I get spy bot search and destroy from ❓
I just tried to change the name of a video I rencently shot and it's said that if I change it the video might not work.
That's windows - standard message if you try to change the file extension eg change a file called "video.mpg" to "video" without the extension (.mpg) or so on. To fix it, you need to rename from "video" back to "video.mpg" or .avi or whatever it was before.
