Im desperate

[Bona]

Can some one help my son used my computor this afternoo on the internet and we get a security tool who wants me to register Ha Ha with my credit cards to clean up the computor which acording to them

has 39 virsis

Macafree says I have none I cant get ride of the pop up ad in trying I cannot now acsess any of my documents

Cant cope any suggestions

[stevo7790]

This is a [problem],

 

Do not enter your card details.

 

Download Microsoft Security Essientials - its free google it, also CCleaner these should get rid of it.

[speedfreek]

Sounds like you have been done by a fake anti virus dropper.

 

These usually propagate via scripts in webpage adverts taking advantage of known browser/flash/java insecurities. Once the dodgy advert runs your infected. The only real solution is to change to a more secure browser &/or pay for a decent spyware protection program with real time protection. Also educate them in the fact most warez (illegal download)/porn sites found by google will have these adverts on them

 

As for getting rid Install and Run

 

SuperAnti Spyware http://www.superantispyware.com/

Malwarebytes http://www.malwarebytes.org/

 

After cleaning always run the programs again to make sure.

 

If it's still there have a look on the Support Forums here http://forums.majorgeeks.com/forumdisplay.php?f=35

 

These can be quite tricky as a lot of these programs will usually drop a self replicating file (usually a .dll) on your hard drive. So everytime you reboot hey presto it's still there.

 

Last time I got hit by this everytime I tried to cleaned the same file would be reported on reboot. For me the simple act of renaming this file then rebooting again worked. Though check on majorgeeks before you do anything rash.

 

A word of warning on these as they also usually attempt to take over your hosts file. This can be used to redirect you fake websites which are clones of popular mail and banking to harvest passwords etc.

[Hoose]

a lot of them manage to catch the startup call, so you need to reboot the system and press F8 as it is starting up (start on the BLACK screen)

 

you will then get a message, you need to choose "Safe Mode with Networking" so that you can access the internet to download the software others have mentioned.

 

or:

 

while the software is on screen - press CTRL+ALT+DEL and choose "Task Manager"

 

Right click on the application and choose "Go To Process"

 

this will then highlight a exe name (normally jumbled letter eg asdfjkht.ese) note this down, search for it in Safe Mode and delete.

 

Also, delete all your temporary internet files, as they normally live in there

[paul79]

Becoming more and more of a problem this one.

As my fellow forum members have pointed out, these are fake anti virus programs scaring you with fake virus alerts so that you enter your card details into the program.

Obviously not what you want to do, so here is what you do need to do.

 

A bit tricky if you're not IT savvy, but you should be ok.

It's always good practice to backup your data before carrying out the below procedure.

I would also recommend printing this step-by-step list out before you attempt doing the procedure so you have something to refer to!

 

1. With PC powered off, wait for the Computer startup screen to display (company logo / information screen) then hit F8. If you see the Windows startup screen, then you need to try again.
   
2. You will be given a list of confusing options in white text on a black screen, you need to pick the "Safe Mode with Networking". Use the numbers on your keyboard to select the option.
   
3. Windows will now load in safe mode (you don't need to know what it means). Once it loads, you will see a message confirming you are in safe mode, click yes.
   
4. You will now see the desktop
   
5. Click on the start menu, goto accessories --> system tools --> click on system restore
   
6. Choose the option "Restore My Computer to an Eariler Time" then click next
   
7. You will now see a calander on the screen, you need to select a date BEFORE you let the fake anti-virus program get installed (if you're not sure, look in the window on the right side of the calander, it will list program installs...find something that looks like the name of an antivirus program you know shouldn't be there).
   
8. Once you select the restore point immediately before the anti virus was installed, highlight it and click next
   
9. Windows will now go back in time to a state prior to the software getting onto your PC, your documents/pictures/videos etc will be unharmed
   
10. System restore will complete and restart the computer
    
11. Once complete, you will get the usual windows screen you're used to seeing and the fake anti virus program will be no more!
    

Let me know how it goes!

 

Paul.

[speedfreek]

Myths n facts

 

Rebooting into safe mode except in windows XP (and before) basically does nothing.

 

If it installs a dll which is active in the right area (i.e. core (which is a hell of a lot) not stopped by safe mode) then safe mode does nowt.

 

System Restore - whilst handy when programs go bad or you delete the wrong thing, is just a logical file holder which can be triggered/written to. So since the virus/malware can also write to it if its funky this can not be used for ridding your self from nasties.

 

System Restore is a simple tool for restoring deleted files & repairing legitimate programs & updates to them. Also recovering from Windows updates. Nothing more nothing less. Anything decent will and can alter it so that any restore will bring it with it

[SOD'EM]

I've only just read this. Got rid of something similar not so long ago. Can you give me the name of the program it wants you to buy/download/install?

 

If it's AntiVirus Pro, you may not get internet access. Just put Malware Bytes on a Pen Stick and install. Then do a full scan and remove problem.

If it persists (which I very much doubt it will), then there are further ways to combat it here:-

 

http://www.xp-vista.com/spyware-removal/windows-antivirus-pro

[Bona]

Thanks Guys

Problem this virus closes down your computor so you cant down load programmes to get rid of it

Didnt give any credit card details Im not that stupid took it to a shop locally and they sorted it in a couple of hours cost me £70.00 quid money

Well spent they had had 8 in that week with same virus think it came in on Pypak

[SOD'EM]

Jesus!!!! How I wish I owned that shop:mad2:

 

 

I do that for mates for a pint (literally).

 

I do more than 50 a year.

 

Robbing *******s

 

No disrespect Bona but:-