HELP....Platinumantivir.com....HELP

Praetorian Saighdiuir

Hi guys,

Im looking for some help here please.

I clicked something that i shouldnt have and now I have adware (I think)

When I turn on my laptop, a pop up window appears from the bottom right of the screen saying ..
"Windows Security Alert - Windows reports that computer is infected. Antivirus software helps to protect you computer against viruses and other threats. Click here for the scan you computer. You system might be at risk now."

I know this msg is a fake as the language is terrible.

I cannot get onto the IE at all. When I try to open my homepage (which is Google) then I get re-routed to either of the following sites.

[ links removed for security reasons ]

So, i cannot access IE at all, except for whatever sites above automatically open for me.

I did a scan using AVG yesterday and it noted several viruses, so they went into the virus vault and i deleted them. This did not solve the problem. I have scanned my laptop a number of times today but no viruses are detected.

I cant open my task manager and when I try to I get this message in the centre of the screen...

"Security Warning-Application cannot be executed. The file taskmgr.exe is infected. Do you want to activate your antivirus software now?".

I also know that this msg is a fake but it appears whenever I try to open any type of file. Excel, Winword, notepad...anything. My laptop is basically unusable.

Also a very convincing fake Windows Security Center window automatically opens up. It has the staus of my firewall (on), automatic updates (on) and virus protection (out of date)...if I click "recommendations" i will be sent to [ link removed ].

On a final note, I can only open AVG as soon as I turn the laptop on, before the virus has a chance to kick in. If I try to open AVG after the first pop up window, it wont open.


Any help would be seriously appreciated, Merry Christmas and a fantastic new year to all!!!!

Podman

Try ctrl-alt-del and remove all new programs and running tasks.

Try Avira or Avast! antivirus, if you can get near the 'net.

Use firefox to try to bypass the ie thing.


List your files from the time of the infection and delete all files from around that time.. Including install.exe

Praetorian Saighdiuir

Thanks for the quick reply Chompy.

I cant get onto the internet to download Firefox. I have tried to and got redirected to http://platinumantivir.microsoft.com/block.php?r=1.0

I went into C:\Documents and settings\myname and local settings. Temp folder and deleted anything there from 22/12/2009

Then went to Application Data folder and found a folder called "sjvgia". In this folder I found an application called "dfdisysguard". This was created 22 Dec 2009 and is 274KB. This is the only file there that looks out of place.

Ok, I have found a DAT File named "NTUSER" 6,912KB. created today at 21.36...i tried to delete this and got thiss msg "Cannot delete NTUSER: it is being used by another person or program. Close any programs that might be using this file and try again" The only thing running are the windows security warning.

Podman

Don't worry about ntuser.
Do a search for all files and folders within that hour, not just temp.
The install file could have gone into /windows or /program files
You may have to use the DOS prompt.

Use the computer your using now to download one/more of the following free anti-virus applications/url's to a usb key or disk, and try them in sequence in the infected machine...

Glary's anti-spy, memory manager, system utility (to clear startup files, etc. An excellent program)
Ad Aware anti-spiware
AVG free (you have)
Avast! ant virus (does not work with Vista)
Avira antivirus
You could do a lot worse than to use Firefox as your primary browser (version 3.5.6 does not work with vista, use version 3.0.10)

Let's know how you get on.

zenno

just restart the computer in safemode with networking. then go here http://www.malwarebytes.org/ download the free malwarebytes and install it then let it update. do a scan and remove all rubbish.

ActorSeeksJob

benwavner can you remove those links in your original post, they will just get others infected

Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.pif to run the tool.
• When done, two DDS.txts will open.
• Save both reports to your desktop.

---

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

martiap

I'm having the same issues as the original poster. But, I can't access IE or run any programs to attempt to delete the registries. I use Windows One Care which I keep up to date. I was finally able to accomplish a complete scan which showed deleting one "fakespypro" trojan virus. I'm backing up now - but, not sure what to do next. HELP?

Podman

try downloading firefox, opera or slimbrowser...

has anyone here tried Glary's or any of the others I recommended?
did it work?

blueeyedgal70

chompy wrote: »

try downloading firefox, opera or slimbrowser...

has anyone here tried Glary's or any of the others I recommended?
did it work?

Sadly I'm going through the same grief... I tried the Glary's fix and it looked promising for a moment... and then right back to where it was...

jennyskool

zenno wrote: »

just restart the computer in safemode with networking. then go here http://www.malwarebytes.org/ download the free malwarebytes and install it then let it update. do a scan and remove all rubbish.

Finally......Im no geek on this puter, just followed what zenno said and presto that puter takeover virus is gone!
PS..had to google on another computer to figure out safe mode. While in safe mode downloaded avast free addition and ran it also.

JCJC

Hello I only joined this forum to thank Zenno, whoever he or she is. It worked for me.

The full story is that I've just had the worst virus attack I've ever had.

It started with a load of popups,some opening Windows Explorer (which I don't use) with websites for porn, viagra etc.
The URLS were (I think)

(www)adult.com... etc
(www)clubjenna.com
(http://) rc.brandreachsys.com/....
(http://) avgroupwebsite.com/purchase?r=57.6
(http://) av-protect.microsoft.com/block.php?r=57.6

Some of the pop-ups came when I tried to open programs, like spoof virus warnings saying things like: (Note bad grammar/spelling)
"Windows reports that computer is infected" ... "click here for the scan your computer. Your system might be at risk now".

It also popped up a 'Windows Security Centre' warning that looked very real, but it all linked to attempts to scan for virus... and probably sell me an anti-virus program.

The WORST part was that it stopped other programs (applications) from opening. Even Windows Task Manager (Ctrl-Alt-Del) just appeared and vanished.

It put a symbol in the task bar with a kind of grey heart and a Nike-type white tick on it. But it couldn't be closed from there.

Why did I get it? Well, I've recently uninstalled Ad-Aware and Spybot at a friend's suggestion - they slow the system down ... but maybe they were saving me from nasties like this, all those years.

What to DO? I searched all morning for advice and found a lot of stuff I wouldn't risk (I'm not very techy) like deleting files, or installing tools I've never heard of, and even re-installing Windows, the big anti-virus websites weren't any help, I couldn't even be sure what name the virus or worm is - that's why I described the symptoms above in detail.

SO WHAT WORKED FOR ME: (As Zenno above says ..)

Re-start PC while repeatedly pressing F8 key, until it pauses and gives you chance to choose mode:
CHOOSE Start in "Safe Mode WITH NETWORKING"

THEN go to (www.) malwarebytes.org and install the FREE version of this, it's a respectable program, check it out Wikipedia, also 34 million people have downloaded it from (www.) downloads.com which I often use.

Let it install, then choose to update.

Then set it scanning.

It took an hour on my old PC.

Then (when it found 15 infections!) select and remove them (it warns you to close other programs first, which I did.)

Voila!

Hope it works for you, and thanks to malwarebytes. I have no connection with this company and I won't be going round all the forums answering questions because I'm not knowledgeable, but I am experienced - and hope that I can pass that on to help you.