PC Virus

Rating - 100%
2   0   0
Joined
Nov 19, 2008
Messages
652
Likes
356
My son's laptop has acquired a virus, "Win 7 Antivirus 2012". I don't know why it got past McAfee, that gets updated daily, but it did. I haven't yet been able to find an automated fix, so I'll be attacking this manually tomorrow. The internet has provided some fairly laborious instructions. I had allocated Wednesday as my annual Xmas shopping day, since I'd committed to getting it done early this year. Kind of pisses me off. I seriously don't understand the allure of creating these things, but would truly enjoy a little 'quality time' with the a**h*** that created this thing.
 

Another_David

NES Member
Rating - 100%
27   0   0
Joined
Jul 13, 2005
Messages
7,827
Likes
1,089
Location
Eastern Mass.
I had to reformat my computer last week because of a virus. It could have been the one you described because I did get some pop up to buy something like the "win 7 antivirus" but I closed that. I was able to remove the virus but it fried my networking drivers. I spent days trying to get it to work right and didn't have a good restore point so I just reformatted. At one point I could ping external IPs but not resolve them by DNS names. It was driving me nuts and if the guy that wrote that virus was in reach I would have made him feel my pain.

best of luck
 
Rating - 0%
0   0   0
Joined
Sep 14, 2009
Messages
3,387
Likes
507
I had a similar one a while back. I used Malwarebytes and that took care of it. Free download.
 
Rating - 0%
0   0   0
Joined
Feb 6, 2009
Messages
956
Likes
111
Location
Rhode Island
I work in the IT dept. of a large company and support approximately 1500 end users.
I also do work on the side. Follow the steps below and you should be able to clean up the computer. Send me a message if you have any questions.
Your best bet is to pull the hard drive and connect it with an external hard drive enclosure or USB connector. That way the virus or spyware isn’t resident in memory. Then follow the process below
Log on to an account WITHOUT LOCAL ADMINISTRATOR ACCESS.
If you are a local Admin the virus can wreak havoc
Go to control panel – system – a new window will open – click on the system restore tab – click configure and turn of system restore
Click start or the Windows icon in the bottom left and type msconfig in the search box – hit enter – click the startup tab and uncheck any garbage starting with Windows
Down load Malwarebytes
http://download.cnet.com/3001-8022_4-10804572.html?spi=9f8cd386f51ebcce6e9a8f1bf74ff06d
Download Microsoft security essentials
http://windows.microsoft.com/en-US/windows/products/security-essentials
You can run the installs in a non Admin account by clicking on the installation file with your right mouse button and selecting run as a different user. Then enter your Admin credentials.
Install both programs, update the virus definitions and run full scans with each program (one at a time). The programs are freeware and do a good job of removing crap.
I doesn’t hurt to reboot and run the scans a second time
After the scans no longer find viruses or spyware update your McAfee definitions and run a full scan
You should be good.

Good luck
 
Rating - 100%
12   0   0
Joined
Feb 10, 2010
Messages
2,327
Likes
269
Location
Metrowest
Win 7 antivirus isn't that hard to get rid of, we seem to do it at work at least weekly.

Download rkill from bleepingcomputer and run that, then run malware bytes, followed by your normal AV
 
Rating - 100%
2   0   0
Joined
Nov 19, 2008
Messages
652
Likes
356
Your best bet is to pull the hard drive and connect it with an external hard drive enclosure or USB connector. That way the virus or spyware isn’t resident in memory. Then follow the process below
Log on to an account WITHOUT LOCAL ADMINISTRATOR ACCESS.
Can I do this without pulling the hard drive? The machine is only configured with a single user, I can create a new one with restricted priveleges. Is this what you mean?

I really appreciate your advice.
 
Rating - 0%
0   0   0
Joined
Feb 6, 2009
Messages
956
Likes
111
Location
Rhode Island
Can I do this without pulling the hard drive? The machine is only configured with a single user, I can create a new one with restricted priveleges. Is this what you mean?

I really appreciate your advice.
Yes you can do it without pulling the hard drive, I didn't expect you to have a hard drive enclosure. Log on and create a 2nd user account and give it Standard User rights. Your pc is already infected but logging in under the Standard user account can limit what the virus can do.
 

WanMan99

NES Life Member
NES Member
Rating - 100%
11   0   0
Joined
Apr 16, 2010
Messages
2,492
Likes
944
Location
South Shore
I had to reformat my computer last week because of a virus. It could have been the one you described because I did get some pop up to buy something like the "win 7 antivirus" but I closed that. I was able to remove the virus but it fried my networking drivers. I spent days trying to get it to work right and didn't have a good restore point so I just reformatted. At one point I could ping external IPs but not resolve them by DNS names. It was driving me nuts and if the guy that wrote that virus was in reach I would have made him feel my pain.

best of luck
That type of virus usually alters the Hosts file. The system checks the Hosts file for dns name resolution before it queries an external dns server. On certain infections you will find one ore more "entries" in the local Hosts file that should not be there and this will affect network connectivity.
All pc virus writers should be burned slowly, alive.....
 
Rating - 0%
0   0   0
Joined
Feb 6, 2009
Messages
956
Likes
111
Location
Rhode Island
That type of virus usually alters the Hosts file. The system checks the Hosts file for dns name resolution before it queries an external dns server. On certain infections you will find one ore more "entries" in the local Hosts file that should not be there and this will affect network connectivity.
All pc virus writers should be burned slowly, alive.....
I forgot to add that. check you proxy settings in your browser to see if the virus enabled a proxy. Disable the proxy or you won't be able to access the internet.
 
Rating - 100%
5   0   0
Joined
Jan 1, 2011
Messages
8,975
Likes
1,358
Location
Foxboro, MA
I think that's the one I got, had staples do a system restore as I wasn't having any luck with it. Just got my computer back last night, not really in time for last minute gift shopping though.
 
Rating - 100%
3   0   0
Joined
May 31, 2009
Messages
8,986
Likes
4,931
Location
Braintree, MA
Do NOT remove Windows 7 Antivirus or any of the other virus known to be deployed with the Vundo family worms. They exhibit rootkit behavior and have a very high rate of reinfection. Very difficult to remove. If you're constantly removing this virus at work, you need to look at how you're getting reinfected. Chances are you have a network enabled variant that's infecting your machines over the network!

Reformat is the only way to go, for any virus!

Disk imaging FTW!
 
Last edited:
Top Bottom