Gator Country

**biomedgator** · 01-12-2012, 01:31 AM

Getting these pop ups saying my computer is infected asking me to purchase the full version. Looking on the Internet this seems like a scam. What is the best way to get rid of it by a novice? I unplugged my external drives and unplugged the network. It says I am at a threat for personal info to be stolen so buy the software to remove.

Is it too late? Should I take some corrective action for personal data.

Thanks in advance.

rtango54 · 01-12-2012, 01:44 AM

It's malware. If you have access to another PC (with up to date antivirus software) take your infected drive out and hook it up to the good pc and run a virus scan (with current virus definitions). This should remove the infected file. If this is not a possibility try to install antivirus software on your infected pc.

rtango54 · 01-12-2012, 01:46 AM

There are many free antivirus programs but, IMO it's worth the cost to have good protection.

orangeblueorangeblue · 01-12-2012, 07:33 AM

Simple to fix.

First, on another computer, download RKill and put it on a thumbdrive. (keep that thumbdrive for possible future use). You need RKill because this will be loaded as a service even if you start in safe mode.

Now that you have that, restart the infected computer in safe mode by tapping F8 through the reboot process. Do Safe Mode with Networking.

Once this loads up, you may see the Antispyware trojan making some noise. Put in the thumbdrive, open it and run rkill. This may take a few minutes, but it will open up Notepad when it's done.

Next, open your browser and go to: http://www.malwarebytes.org/

Download the free version and run it. If you get any errors about being unable to connect to the Internet, let me know what browser you're using and we'll talk through disabling the proxy server.

Let this thing run, doing a full scan. It will likely find 4-6 pieces of Malware over the course of and hour or and hour and a half. When it's done, remove the malware if prompted and reboot.

Once your computer has rebooted again, run rkill again (just for fun) and do another complete scan with Malwarebytes. It should be fixed now.

There is a remnant in some variants that is not in the MWB library but *is* in MSSE, so you can substitute Malwarebytes for MS Security Essentials if you prefer.

Incidentally, the cause of this (and many other forms of) virus is because of an exploit in Flash. So make absolutely sure you have Flash and Java updated. If you ever get prompted for updates to Flash or Java, do not ignore them. Most people ignore them as a nuisance, but they're actually the biggest hole for non-open port infections.

If you use a good browser, have one AV app running and keep both updated you will be generally very safe.

orangeblueorangeblue · 01-12-2012, 07:33 AM

Incidentally, I don't ever recommend removing a drive and bringing it to another computer. That's just overkill.

**biomedgator** · 01-12-2012, 08:47 AM

Quote:

Originally Posted by orangeblueorangeblue

Simple to fix.

First, on another computer, download RKill and put it on a thumbdrive. (keep that thumbdrive for possible future use). You need RKill because this will be loaded as a service even if you start in safe mode.

Now that you have that, restart the infected computer in safe mode by tapping F8 through the reboot process. Do Safe Mode with Networking.

Once this loads up, you may see the Antispyware trojan making some noise. Put in the thumbdrive, open it and run rkill. This may take a few minutes, but it will open up Notepad when it's done.

Next, open your browser and go to: http://www.malwarebytes.org/

Download the free version and run it. If you get any errors about being unable to connect to the Internet, let me know what browser you're using and we'll talk through disabling the proxy server.

Let this thing run, doing a full scan. It will likely find 4-6 pieces of Malware over the course of and hour or and hour and a half. When it's done, remove the malware if prompted and reboot.

Once your computer has rebooted again, run rkill again (just for fun) and do another complete scan with Malwarebytes. It should be fixed now.

There is a remnant in some variants that is not in the MWB library but *is* in MSSE, so you can substitute Malwarebytes for MS Security Essentials if you prefer.

Incidentally, the cause of this (and many other forms of) virus is because of an exploit in Flash. So make absolutely sure you have Flash and Java updated. If you ever get prompted for updates to Flash or Java, do not ignore them. Most people ignore them as a nuisance, but they're actually the biggest hole for non-open port infections.

If you use a good browser, have one AV app running and keep both updated you will be generally very safe.

Thanks orangeblue I will try it when I get home. I knew it was a scam right away but it was doing it under the rouse of Microsoft security.

HALLGATOR · 01-12-2012, 10:20 AM

You want to be aware that some people have lost internet connections after cleaning up of this type infection. If this happens there are fixes for it so don't panic.

gatorfansrule · 01-12-2012, 12:33 PM

Quote:

Originally Posted by rtango54

There are many free antivirus programs but, IMO it's worth the cost to have good protection.

I don't agree with this. There are free programs that are just as good as the paid programs at protecting you from malicious software and most of them are not as resource intensive as the paid ones.

**biomedgator** · 01-12-2012, 04:51 PM

I was using the windows security and updating frequently. Any other good
Paid or free ones out there. Most people overlook this stuff say it will never happen to them. Until it actually happens to them.

gatorfansrule · 01-12-2012, 04:55 PM

Microsoft Security Essentials, AVG, & Avast are all good free ones I have used in the past.

**asmsdn** · 01-12-2012, 05:01 PM

Good luck in getting it off..I've had that before and really does infect a lot of stuff. Basically I had to wipe out my hardrive and start over.

HALLGATOR · 01-12-2012, 05:29 PM

Quote:

Originally Posted by biomedgator

I was using the windows security and updating frequently. Any other good
Paid or free ones out there. Most people overlook this stuff say it will never happen to them. Until it actually happens to them.

Right off the bat I am not sure I know what you are referring to when you say "windows security." Do you mean Microsoft Security Essentials or something else?

vaxcardinal · 01-12-2012, 05:55 PM

I would also run ESET (free online scanner)

**biomedgator** · 01-12-2012, 06:03 PM

yes windows security essentials.

i tried to download that Rkill file and when i went to open it in safe mode it said it was not a win32 application. is there something i am doing wrong?

**biomedgator** · 01-12-2012, 08:11 PM

saw my own error, saw was looked like download now button but it was a banner to something else. got it now will try again.

orangeblueorangeblue · 01-12-2012, 09:50 PM

Make sure it's a .com file.

**td21** · 01-12-2012, 09:58 PM

You have what is called the Fake Av virus....easy to clean....there is a removal tool on major geeks.com.... look under spyware.malware.... we clean many a day at my shop

HALLGATOR · 01-12-2012, 10:23 PM

Why don't we try to stick with one thing at the time so as not to confuse him. What OBOB posted is a good start. Let him do that and then see if we need to go any further.

**biomedgator** · 01-12-2012, 10:59 PM

Quote:

Originally Posted by orangeblueorangeblue

Make sure it's a .com file.

I used the .exe. File is that bad? Everything you said happened. The malwarebytes program locked up after about an hour so I killed it and ran it again.

**biomedgator** · 01-12-2012, 11:00 PM

Quote:

Originally Posted by HALLGATOR

Why don't we try to stick with one thing at the time so as not to confuse him. What OBOB posted is a good start. Let him do that and then see if we need to go any further.

Thanks