"VISTA" says its the ANTIVIRUS

[leonarskeatts]

I AM posting this from my phone. My laptop has caught a bug that makes a POP up "Vista AntiVirus" says I have several viruses already. I unplugged from the net immediately. I once earlier tried to plug back in but was stopped by the "AntiVirus". Is there any sign or relative indication of a possible answer...?

 

[voyagerfan99]

Follow this. You'll want to run RKill as soon as the machine starts so you can nip the infection in the bud.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com. If you are still having issues running rkill then try downloading these renamed versions of the same program.

EXPLORER.EXE
IEXPLORE.EXE
USERINIT.EXE
WINLOGON.EXE

But DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

When the hijackthis log appears in a notepad file, click on the edit menu, click select all, then click on the edit menu again and click on copy. Come back to your reply and right click on your mouse and click on paste.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

 

[DMGrier]

Vista is a virus....................... Just kidding, follow those instructions and you will be fine.

 

[leonarskeatts]

I'm not able to log onto the internet with my laptop. can I use another comp and just transfer VIA thumb drive?

 

[DMGrier]

When you download the software you want to click save and save it to the thumb drive then plug it into your computer and run it form there.

 

[leonarskeatts]

Check.
I went throught that process. Seems my comp won't allow it(multiple programs) to run.

 

[voyagerfan99]

Check.
I went throught that process. Seems my comp won't allow it(multiple programs) to run.

You need to run RKill on a fresh startup to inhibit the virus from running (Rkill.scr should work good). Then you can install MalwareBytes.

 

[leonarskeatts]

Sweet!

I am currently running the quick scan. Thanks!

 

[voyagerfan99]

Sweet!

I am currently running the quick scan. Thanks!

Run the full scan once you're done too. Don't forget to post the HijackThis and MalwareBytes logs.

 

[leonarskeatts]

this is from the second time i ran the quick scan. sorry I deleted the first one bef

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.13.03

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
ThunderLips :: THUNDERLIPS-PC [administrator]

Protection: Enabled

1/13/2012 12:22:38 PM
mbam-log-2012-01-13 (12-22-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 186243
Time elapsed: 7 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[leonarskeatts]

currently running the full scan

 

[voyagerfan99]

Yeah I see the quick scan didn't find anything. Are you also sure that you have the latest definition database?

 

[leonarskeatts]

I clicked on "update" and it said successful.

The codes are from the second time I ran the quick scan. The first time it found 32 infected files. alot were from "temporary internet files" which i'm thinking is cookies. the full scan has been going for an 1hr:43mins now and has found 3 infectinos

 

[leonarskeatts]

Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.13.03

Windows Vista Service Pack 1 x64 NTFS
Internet Explorer 7.0.6001.18000
ThunderLips :: THUNDERLIPS-PC [administrator]

Protection: Enabled

1/13/2012 12:37:06 PM
mbam-log-2012-01-13 (12-37-06).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 444165
Time elapsed: 2 hour(s), 54 minute(s), 4 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\ThunderLips\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\37b99e77-49916b6f (Trojan.Agent.H) -> Quarantined and deleted successfully.
C:\WINDOWS\assembly\temp\kwrd.dll (PUP.BitMiner) -> Quarantined and deleted successfully.
C:\WINDOWS\assembly\temp\U\000000cf.@ (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

 

[voyagerfan99]

I find it odd that's all it found. Let's kick this thread around and wait for John to come in. He's better at helping users than I am.

 

[johnb35]

I doubt you deleted the first malwarebytes log you did as they are saved within the program. Open malwarebytes, click on the logs tab and open the first log for the scan you did that found all the infections and copy and paste it back here. Also, still need to see a hijackthis log.

 

[leonarskeatts]

My comp restarted itself and then stated;

*MBites
[OpenEvent] failed to perform desired action. Error Code: 2

 

[johnb35]

Have you tried rebooting to see if it happens again? I've searched that error and it seems you uninstall malwarebytes and reinstall it. After uninstalling and rebooting then use this utility and then reboot again and reinstall malwarebytes.

http://www.malwarebytes.org/mbam-clean.exe