Antivirus America 2010

Mc Love

It seems my PC has been affected. I have been recieving numerous messages telling my HD has failed etc and the RAM memory usage is critically high,

I have so far done a full scan (McAfee) and run Malwarebytes to get rid of some trojans and malware (actually quite a lot of malware). My CPU usage is massive even though I am just browsing and the PC is sluggish.

Is there anything else I can try other than reloading the OS?

I dont have the win xp cd so making it hard on myself to reload OS

bhickey

Mc Love wrote: »

It seems my PC has been affected. I have been recieving numerous messages telling my HD has failed etc and the RAM memory usage is critically high

What is the name of whatever program/window that is giving you the messages about the disk and RAM? Can you post a screenshot?

The Subject of the post is "Antivirus America 2010". Is that significant?

Mc Love

When I hovered over the red x it says Windows Security Alert. The Antivrus America 2010 is one of the many pop ups that have been appearing while browsing the net

See attachment for one of the alerts I am seeing

bhickey

Mc Love wrote: »

When I hovered over the red x it says Windows Security Alert.

Can you look at the Windows Security Alert and see what it says? Something about "....d drive"?

The Antivrus America 2010 is one of the many pop ups that have been appearing while browsing the net

Could you post a screenshot of one of the popups? There apears to be one accessible on your taskbar.

Mc Love

the pop ups that appear only appear in the browser (Firefox latest version).

The yellow bubbles that pop up in the taskbar are saying cant find HDD and the drive is empty etc.

I cant grab one yet as they have gone for now, but who knows when they will come back.
Will try a reboot to see if they show

Mc Love

Attached is one of the baloon popups. Had to go into task manager to end the main pop up warning before I could do anything

bhickey

Mc Love wrote: »

Attached is one of the baloon popups. Had to go into task manager to end the main pop up warning before I could do anything

Okay well I think that the Antivirus America 2010 popups and the fact that you had a lot of malware already would point towards an ongoing infection of some sort. The problem for now is that we don't know what the infection might be..

Can you update and run Malwarebytes in 'Safe Mode with Networking' and post the log? Also have a look here and go down through the instructions one by one.

preytec

just about the ram

the RAM memory usage is critically high

could you check to see if your pagefile is working right, i just have a feeling that you had it on your d: drive and since your d: isn't showing up maybe your pagefile is gone too has it may have been set to run on the d: drive.
can you see your d: drive in the bios?
if so can you see it in the disk management. it may not have a drive letter
if i was you, i'd get rid of mcafee and install avg free too. you may want to boot to safe mode with networking and work from there.
just before i finish this, have you changed your hard drive setup at all? or installed any new hardware?

it sounds to me that you installed a virus/trojan something like the pc doctor program and it's raped your machine. you may have it running in the back ground but you'd need to find it in the task manager and from there google it to find out how to get rid of it. finding trojans in your machine is not normal

Mc Love

bhickey wrote: »

Okay well I think that the Antivirus America 2010 popups and the fact that you had a lot of malware already would point towards an ongoing infection of some sort. The problem for now is that we don't know what the infection might be..

Can you update and run Malwarebytes in 'Safe Mode with Networking' and post the log? Also have a look here and go down through the instructions one by one.

I have run Malwarebytes in Safe Mode with Networking. It showed up two trojans that I have had the two removed. Malwarebytes quarantined and deleted successfully. I will attach the log anyway

preytec wrote: »

just about the ram
could you check to see if your pagefile is working right, i just have a feeling that you had it on your d: drive and since your d: isn't showing up maybe your pagefile is gone too has it may have been set to run on the d: drive.
can you see your d: drive in the bios?
if so can you see it in the disk management. it may not have a drive letter
if i was you, i'd get rid of mcafee and install avg free too. you may want to boot to safe mode with networking and work from there.
just before i finish this, have you changed your hard drive setup at all? or installed any new hardware?

My pagefile is on my C: drive, not sure how I see if its working correctly?
And I can see the C: drive in Disk Management and its showing as healthy.

I havent changed anything w/regards to my hard drive setup and no new h/w has been installed. Attached pics of disk management and pagefile

bhickey

Mc Love wrote: »

I have run Malwarebytes in Safe Mode with Networking. It showed up two trojans that I have had the two removed. Malwarebytes quarantined and deleted successfully.

Has it made any difference?

Mc Love

I think it has actually. Because usually when i was getting those messages when I boot back up and when I tried to start a program like Firefox it would give me one of those messages, but so far so good.

I have just done a search using google, and when I click on one of the search results it has re-directed me to another site almost automatically. Do i need to re-install firefox?

EDIT: On two searches now it has redirected me here: http://www.selectissimo.fr/domain+suspended

bhickey

Mc Love wrote: »

I have just done a search using google, and when I click on one of the search results it has re-directed me to another site almost automatically. Do i need to re-install firefox?

Probably not. It sounds like just another common infection. First check the settings in Firefox to make sure that you're not using a Proxy : Tools > Options > Advanced > Network > Connections > Settings. It should be set to 'No Proxy'.

If that doesn't shed any light, then try Malwarebytes in 'Safe Mode with Networking' again but this time run rkill first.

Mc Love

Did both those things. Setting it to No Proxy didnt have any affect. Ran Malwarebytes and Rkill with no items found.

Then started on the steps in the "I think I have a virus" thread. Just after completing the TFC step and the search issue doesnt affect me anymore!

bhickey

Mc Love wrote: »

Then started on the steps in the "I think I have a virus" thread. Just after completing the TFC step and the search issue doesnt affect me anymore!

Odd that TFC (Temp File Cleaner) would fix it but it does certainly clean a lot of crap (especially downloaded crap). It's main benefit is for speeding up scanning.

By the way, is your McAfee up-to-date? Even if it is, if I were you I'd remove it and try something else like MSE.

Mc Love

Yeah its up-to-date. I was amazed at how much TFC got rid of.

MSE? Would you really recommend it? Preytec said avg but dont you have to download a lot of other stuff too. I am disappointed with McAfee after all the trouble I have had. My OH's parents have Norton although I couldnt have prevented them for buying it. I dont think its better than what I have and its always known as slowing down the PC

bhickey

Mc Love wrote: »

MSE? Would you really recommend it? Preytec said avg but .....

Well now MSE vs AVG vs Avast etc. would be an ecumenical matter but of the free ones I reckon MSE is getting the nod from most people these days.

Mc Love

Thanks bhickey - can i ask what apart from being free would make having MSE or any of the others (Avast & AVG) have over the likes of fee paying ones such as McAfee and Norton?

bhickey

Mc Love wrote: »

Thanks bhickey - can i ask what apart from being free would make having MSE or any of the others (Avast & AVG) have over the likes of fee paying ones such as McAfee and Norton?

Most people use free software as opposed to chargeable ones. If you consider that Mcafee and Norton/Symantec trial versions are preloaded on a huge number of new machines, their low market share gives a fair idea of how many people must be replacing them with other packages. Their business model relies on OEM's preinstalling the software in the hope that a percentage of customers will sign up. The products themselves would probably have disappeared otherwise.

Resource usage : some products seem much heavier on resources than others. Norton & McAfee are poor in this respect and replacing them with MSE often results in a much more responsive machine, especially on older or lower spec models.

Anecdotal evidence : there are no shortage of stories from people who have removed Norton & McAfee from machines in preference for other products and been very happy that they did so.

Mc Love

And guess what? Its back, the redirects and internet pop ups. See attached pic for example of pop up.

I am just after completing the super antispyware aswell

preytec

can you post a pic of your task manager processes plz? there maybe a process running there that will show up as the problem. also goto your msconfig/startup and see if there's anything running from startup too.if it is one of those fake antivirus scanners it should show up somewhere.




this maybe unrelated but you might find it interesting
if it's like the one a friend of mine got "Antivirus 2010" he had to delete it from the system files too.
he followed this site here but used lavasoft instead of the one they recommend as malwarebytes wanted him to pay for it before it would fully remove the problem

bhickey

preytec wrote: »

... a friend of mine got "Antivirus 2010" he had to delete it from the system files too.
he followed this site here

The method desscribed in that link is valid for a lot of virus & malware removal and is worth doing. It adds 2 extra bits to the standard Malwarebytes scanning method :

1. Use 'rkill' first to search for and terminate known dodgy processes so that Malware bytes will get a better run at them.
2. After Malwarebytes has been run it fixes the 'hosts' file in case it's been infected.

To get a good idea of what's installed & running on the computer, you should run DDS as described here and post the 2 files that it creates.

Mc Love

Uploaded attachments

Mc Love

And the screenshots as you requested preytec.

preytec

ok in the processes i don't like the look of UMonit.exe but it may not be important right now.

however in the statup can you see the squares? uncheck them

but do you see that QgLxTtISjH.exe thats a virus/malware program. you need to get rid of that quickly. it's in your temp folder and you maybe better off going into your temp folder and deleting it in safemode.

but you really need to get a good anitvirus program as mcafee isn't doing it's job. remove it and get yourself AVG or MSE or Avast, and get larvasoft too. after you get them follow the instructions on that link i posted here. do you scans in safemode and i'd even install the program from there too. you may have a firewall with your mcafee "i think you do" so to replace it i'd recomend Sygate Personal Firewall but only if your on xp.

about that SUPERAntiSpyware thing. i'd get rid of that too. i don't see the point in having it and it's taken up your systems resources, not much but i wouldn't keep it anyway.

Mc Love

Thanks for your help guys - we check that out when I get home from work. Would it be worth getting the subscription for those products or surviving on free packages alone?

preytec

using the free ones is fine. they make most of their money from the companies they sell the product too. but if you like the program but it's good to support them. most of the free programs are free to the home user. it's their way of putting an end to people cracking their software, there's no point in cracking it if it's free.
the firewall was bought over and they stopped supporting any newer os than xp. so too them it's just some old program from yesteryear.

but if you want to pay for them i'd play around with the free version 1st and see if you like it, give it a few months before you get it. you may run into problems and get turned off it in a few weeks of using it

Mc Love

Couldnt find that QgLxTtISjH.exe in my temp folder but unclicked the squares and QgLxTtISjH.exe in startup.

Another thing I have only noticed as I had the speakers on, is every now and again, ads are played! Even Japanese/asian ones!! Closed my browser and the ad was still playing. Had a Lemsip one just there! Bit crazy

bhickey

Mc Love wrote: »

Another thing I have only noticed as I had the speakers on, is every now and again, ads are played! Even Japanese/asian ones!! Closed my browser and the ad was still playing. Had a Lemsip one just there! Bit crazy

Did you follow the instructions here to the letter, .i.e. Safe Mode with Networking > Rkill > Malwarebytes (inc. update) > Hosts file? It's important to run all the steps in sequence and exactly as documented.