Can someone help me kill this virus
August 6th, 2016
i have tryed going directly into the file and deleting it but it just says ” cannot delete file it is being used”…
Please download and run this tool.
Download Malwarebytes’ Anti-Malware from here
http://www.besttechie.net/tools/mbam-setup.exe
- Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select “Perform Quick Scan”, then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.
Post the contents of the MBAM Log.
First I would hit Ctrl+Alt+Del. Then click the process tab and End Process everything that dont need running. If your not sure what anything is, then google it. I never heard of Prevx CSI so not sure how good that is. I would try AVG Free. Update AVG then scan. If that dont work, try NOD32 or Malwarebytes. Again, be sure to update before scanning. Malwarebytes got rid malware that AVG and NOD32 didnt pick up so it is a pretty good program and its fast at scanning.
If your not sure about ending a process then start in Safe Mode as admin. Safe Mode only loads processes that you need to load your desktop.
There’s only 2 tools i recommend when dealing with tough viruses/malware: Combofix and SmitFraudFix.
You just run them and they’ll remove all the bad stuff they’ll found, about 90% of the time, you end up with a clean computer.
Combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe
Combofix tutorial:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
SmitFraudFix download and tutorial:
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
First I would hit Ctrl+Alt+Del. Then click the process tab and End Process everything that dont need running. If your not sure what anything is, then google it. I never heard of Prevx CSI so not sure how good that is. I would try AVG Free. Update AVG then scan. If that dont work, try NOD32 or Malwarebytes. Again, be sure to update before scanning. Malwarebytes got rid malware that AVG and NOD32 didnt pick up so it is a pretty good program and its fast at scanning.
If your not sure about ending a process then start in Safe Mode as admin. Safe Mode only loads processes that you need to load your desktop.
These Virus’s Have disables Task Manger & Regedit, so ill Try the 3rd Post, Thanks for the help i reply back if it fixe’s or not
First I would hit Ctrl+Alt+Del. Then click the process tab and End Process everything that dont need running. If your not sure what anything is, then google it. I never heard of Prevx CSI so not sure how good that is. I would try AVG Free. Update AVG then scan. If that dont work, try NOD32 or Malwarebytes. Again, be sure to update before scanning. Malwarebytes got rid malware that AVG and NOD32 didnt pick up so it is a pretty good program and its fast at scanning.
If your not sure about ending a process then start in Safe Mode as admin. Safe Mode only loads processes that you need to load your desktop.
These Virus's Have disables Task Manger & Regedit, so ill Try the 3rd Post, Thanks for the help i reply back if it fixe's or not
Do not try using ComboFix by yourself, it’s not meant to be used that way. Better do what suggested in his post.
^ True, but meh, CF should run fine.
It’s telling CF what to delete after a normal run where mistakes can be made.
[edit] spelling mistake
Heres the logg from running alwarebytes’ Anti-Malwar
Malwarebytes’ Anti-Malware 1.30
Database version: 1349
Windows 5.1.2600 Service Pack 2
2/11/2008 3:09:28 p.m.
mbam-log-2008-11-02 (15-09-16).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 114722
Time elapsed: 41 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 8
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\gopfa.dll (Trojan.FakeAlert) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\ixoixo.bho (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{10026069-7a5f-4531-811e-c8df20643bee} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{0ec5f63a-7ddf-48e7-9d5a-bc84b0b58f82} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7cafe1d6-6ec9-4044-bfec-fbeddd095f74} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{87a69b72-dae6-4517-bd12-42f62cf395fb} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{87a69b72-dae6-4517-bd12-42f62cf395fb} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87a69b72-dae6-4517-bd12-42f62cf395fb} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\sodna (Trojan.FakeAlert) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: (“regedit.exe” “%1”) Good: (regedit.exe “%1”) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\gopfa.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\winresponse32.exe (Adware.Agent) -> No action taken.
C:\WINDOWS\system32\c.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\m.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\s.ico (Malware.Trace) -> No action taken.
C:\WINDOWS\k.txt (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Owner\Favorites\Search Online.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Owner\Start Menu\Search Online.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Owner\Favorites\VIP Casino.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Owner\Start Menu\VIP Casino.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Owner\Favorites\Cheap Pharmacy Online.url (Rogue.Link) -> No action taken.
C:\Documents and Settings\Owner\Start Menu\Cheap Pharmacy Online.url (Rogue.Link) -> No action taken.
BUMP I REALLY NEED HELP!!!
#3.5; Bumping is allowed provided that the reply has relevant information. Requests Including requests in helpdesk may only be bumped once every 48 hours since the last reply
THE PATHOLOGIST
Get a different antivirus. Never heard of that one and if i havent heard of it that means its a POS. Get Kaspersky or better yet get McAfee since you know where the files of it are located you can send them to its shredder. Though most likely McAfee will pick up everything. I suggest you use more freeware programs such as SuperAntiSpyware, Spybot S&D, Ad Aware 2008. Check out the link in my siggy i give links to several online scanners scan with those and figure out where everything is at then use a good antivirus that comes with a shredder, only one i know that has a shredder where you drag things to it is McAfee. Though latest version of McAfee isnt so light it needs 200MB of ram.
Wow! Prevx is a very strong program. It’s weird that it cannot remove those infections. Please Download Smitfraud Fix from http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Now download A-sqaured free from http://download4.emsisoft.com/a2FreeSetup.exe
Install A-Squared and Update it. After that Restart and boot into safe mode. (tap f8 before startup) When you get into safe mode run smitfraud fix then run a full scan with A-Squared free. Let me know whats up after.
Edit: Avira is a good antivirus. Consider it?
Do not try using ComboFix by yourself, it’s not meant to be used that way. Better do what suggested in his post.
One of the most stupid thing i’ve ever heard… go for it mate, it’s safe to use.
Check the tuts i’ve sent you, and you’ll be not troubled.
Do not try using ComboFix by yourself, it’s not meant to be used that way. Better do what suggested in his post.
One of the most stupid thing i’ve ever heard… go for it mate, it’s safe to use.
Check the tuts i’ve sent you, and you’ll be not troubled.
I meant it should be used under supervision, I didn’t say it’s not supposed to be used for removing malware.
Wow! Prevx is a very strong program. It's weird that it cannot remove those infections.
If you looked at the picture correctly, you would see he’s only using the trail version of it
I recommend you download and install either NOD32 Anti-Virus or Kaspersky Anti-Virus. Either of these tools will be able to clean your infection, and they are the anti-virus programs a majority of people on use.