Win 7 Antispyware 2011

P

PurePwnage

New Member
I have no clue how I got this - I didn't download anything, so it must have been a site I visited (and I haven't visited any sites I shouldn't be visiting anyway) but that's besides the point.

It seems obvious to me this is a fake security software trojan. Anybody have experience combatting it or should I be prepared to reformat?
 
Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware


Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
From what I've researched, this isn't actually a malicious virus but rather a hoax to get you to hand over your credit card. Nevertheless, let's move along b/c it is annoying.

The first problem is that I can't run the Malware Bytes exe b/c vz.exe opens up and blocks it from opening.
 
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe


  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

If none of the rKill applications work, reboot the computer in Safe Mode and try to install MalwareBytes, and do a quick scan.
 
Just to add to voyagerfans info. If rkill opens and then exits out or it says that its infected just keep running it until it overpowers the infection and finally completes, in which a log will pop up on the screen saying its completed and what it has killed. Do not reboot the computer until after malwarebytes is ran and all infections have been removed. Then post its log along with a hijackthis log.
 
johnb35 said:
Just to add to voyagerfans info. If rkill opens and then exits out or it says that its infected just keep running it until it overpowers the infection and finally completes, in which a log will pop up on the screen saying its completed and what it has killed. Do not reboot the computer until after malwarebytes is ran and all infections have been removed. Then post its log along with a hijackthis log.
Click to expand...

rKill does that? I didn't know that :eek: Thanks :D You just made my life a bit easier! :)
 
I'm sorry for wasting your time, but I think I'll just go ahead with a reformat. RIP this installation. Maybe I should install NoScript next time! :D
 
Have you even tried using RKill? It's not that hard to do and its simpler than reinstalling windows.
 
You must log in or register to reply here.
Back
Top