Help! Virus how do I get rid of it?

Cian92

Hi guys on my Dads laptop it has got a virus on it in the past few hours I havent a clue how to get rid of it. It keeps sending popups showing a sample of its own virus protection called osgaurd pro, and then trying to sell it to me. Everynow and the it opens up window about porn or viagra. Also a buuble pops up in the bottom of the screen, saying Windows security Alert. How the PC is infected and click here to scan computer, this just brings you back to the fake antivirus protection again.

The computer has no virus protection on it.

Please help me.

ActorSeeksJob

hi

Please download exeHelper to your desktop.

• Double-click on exeHelper.com to run the fix.
• A black window should pop up, press any key to close once the fix is completed.
• Post the contents of log.txt ( Will be created in the directory where you ran exeHelper.com )

Note : If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together ( they will both be in the one file ).



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Cian92

Right I have a problem, when I go to run the exe program, the black box gets about three lines wrote and then it closes while a fake warning comes up saying
Application cannot be executed. The file helper [1].com is infected. Do you want to activate your antivirus software now?

Eh do you know what to do?

ActorSeeksJob

rename combofix to svchost.com

it run then ?

Cian92

No, the same message keeps coming up, and it also comes up when I try to run the exehelper aswell as the combo fix , closing both programs off. Any other ideas? Thanks.

Cian92

Just incase this is any help, when I disconnected from the internet the exehelper ran a bit longer, any way this was in the exehelperlog

exeHelper by Raktor
Build 20091021
Run at 10:33:17exeHelper by Raktor
Build 20091021
Run at 10:33:38 on exeHelper by Raktor
Build 20091021
exeHelper by Raktor
Build 20091021
Run at exeHelper by Raktor
Build 20091021
Run at exeHelper by Raktor
exeHelper by Raktor
exeHelper by Raktor
Build 20091021
Run at 11:39:00exeHelper by Raktor

Not sure if its useful or not but just in case..
Build 20091021
Run at 11:39:04 on 10/24/09
Now searching...
Checking for numerical processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Removing HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Cian92

OK I think I might have another piece of information. I restarted the computer and got the combofix to run before the fake antivrus could kick in. Any way the second message from combofix I got was this.

!! ALERT !! It is NOT SAFE to continue!

Th contents of th ComboFix package has been compromised.
Please download a fresh copy from:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: You may be infected with a file patching virus 'Virut'

Hopefully this is useful.

Spudzz

Download the following link,and run it,this should sort your problem.

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html

PS...DO NOT FORGET TO UPDATE BEFORE YOU RUN THIS SOFTWARE !!!!

Cian92

OK after receiving that ALERT message, I restared the computer, and when it came back on again it seems that the whole thing has dissapered, no more annoying pop ups.
Thanks for all the help guys!

Lab_Mouse

And get some anti virus software for your dad.there are loads of free ones that are quite good

Cian92

OK, same virus again but different computer, anyway I'm doing that exehelper business now and will post back the text it comes up with.

Right I cant get the exe helper to open for more than a second at it shuts down again.

I also downloaded this again http://download.cnet.com/Malwarebyte...-10804572.html but it is not being allowed to open for some reason.

no need for this url - This is the website the virus is linking to me along with porn and viagra sites.

Help please!

danielc

Cian92 wrote: »

OK, same virus again but different computer, anyway I'm doing that exehelper business now and will post back the text it comes up with.

Right I cant get the exe helper to open for more than a second at it shuts down again.

I also downloaded this again http://download.cnet.com/Malwarebyte...-10804572.html but it is not being allowed to open for some reason.

-snip- - This is the website the virus is linking to me along with porn and viagra sites.

Help please!

please help im having the same problem its bringing me to the same sites, i've tried all the sites, ive download exehelper, combofix but the virus keeps stopping them from opening, can someone give me another site so i can download a different one

cjmcork

I'm having the exact same issue............any poss it's a fallout from the boards invasion last week - I can't open any files at all

Cian92

I found a solution. Using a different internet browser than the one which is most infected download this http://download.cnet.com/Malwarebyte...-10804572.html

Once it is downloaded restart computer, as soon as the computer is on again go to my documents then my downloads and try to install the above program. This has to be done quickly when you turn on the computer before the virus has time to start up again.

Once it is installed you have to restart again. As soon as your computer is on again, try and open the downloaded program, choose the quick scan. Once it is finished scanning, it will come up with a list of infected files, it allows you to quarrantine them, do this. Try and open the downloaded program quickly again before the virus has time to start up.

Restart computer again and virus should be gone.

I also found that IE was not connecting to the internet yet Firefox and my other internet browsers were. I forget how I fixed it, but work away in Firefox and when I work out how I fixed it I will post back here.

ASJ112

rename combofix to svchost.com and run it in safe mode

works ?

avalon68

i had the same problem on my computer - restart and open malwarebytes as soon as the screen loads. The "virus" security thing will start up too, but once the malware bytes is running it will get rid of it and prompt you to restart after.

Does anyone know where/what site I could have picked this up from? I really only use boards,yahoo and facebook. Or does it have anything to do with what sites you visit?