Help! Computer Virus! Possibly a Trojan?

[ryanborchardt]

Ok, while browsing the internet, I think I accidentally clicked "ok" to one of those popups claiming to have found a virus. Now, I have a popup called "Antivirus Software" that is obviously fake asking me to activate the antivirus software. I can't open ANY programs at all, including the internet or malwarebytes. Every time I click on a program, a popup says that the file is infected. I booted the laptop in safe mode and ran both "malwarebytes" and "dr.web cure it". Both of these found trojans and viruses and claimed to have deleted/gotten rid of them. This didn't work because when I restarted the computer in regular mode, I still can't open any programs and am getting constant "antivirus software" popups and "windows security alert" popups. I have no idea what else to do? Please help.

 

[gamblingman]

Please, don't do anything else on the computer while working with these programs. Close all other open windows before proceeding through these instructions and perform all the below in normal boot, NOT safe mode.:

Please download Malwarebytes' Anti-Malware HERE or HERE and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  
  o Update Malwarebytes' Anti-Malware
  o and Launch Malwarebytes' Anti-Malware​
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

- - - - - -
NOTE!
If for some reason Malwarebytes will not install or run please download these files: Rkill.scr, Rkill.exe, or Rkill.com.

First, run the .SCR file by clicking it. If a window opens then closes run the file again, do this until it generates a log (like with notepad) of processes stopped. If .SCR will not run at all, try the .EXE, if the .EXE wont work then use the .COM until one of them gives you a log. Then work to install or run Malwarebytes. DO NOT reboot immediately after running RKill because doing so will deactivate RKill and you will have to run it again. Just run RKill then malwarebytes, then HijackThis. Dont reboot until told to do so.
- - - - - -

Now, you can generate a HijackThis log by doing the following:

Download the HijackThis installer from HERE

Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log and a detailed description of the problems you are experiencing.

 

[ryanborchardt]

Gamblingman, there is no way I can do that if I am not in safe mode. When I am not in safe mode, whatever trojan or virus I have is not letting me open ANY PROGRAMS, INTERNET etc... I have even tried transferring security scanners from a flash drive but even then it wont let me open anything saying "the file is infected"

 

[johnb35]

You need to download rkill.scr to a flash drive and then run it on the infected computer. I'm at work right now but can help you better in about an hour or so when I get home. Getting rid of this infection just takes a little patience and make sure you follow our directions.

 

[johnb35]

Are you running XP? Download this file from a uninfected pc to a usb flash drive and then transfer it to the desktop after booting up in safe mode.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  http://www.bleepingcomputer.com/download/anti-virus/combofix
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

Follow gamblingmans link on downloading and running hijackthis. Post both logs when done.

 

[JHM]

I had one of those things once, it stuck an icon on my desktop which I right clicked to find the properties for the icon, then went where the shortcut went to and found a file with the wrong name but the same Icon, so I deleted said file. Bingo problem solved. Nother thing I have noticed here is this site is lousy with viruses. My AV program is catching about a half dozen of them every time I come here.