Computer Virus

Dubzilla8 · Nov 13, 2011

Hi all,

It's been a while since I've posted on CivFanatics, but I have a problem I think the helpful CivFanatics community may be able to help with. On Friday, my fiancee's laptop was infected with a computer virus called AV Security 2012. This virus essentially acts like an anti-virus program, but it prevents the user from running any computer programs at all and declares that program infected by a virus. AV then offers to remove the infection if you will buy their anti-virus software. The program also causes her web browsing to redirect to the AV website purchase page. There are also a bajillion pop-ups notifying her of infected files and programs, and the thing is constantly scanning her computer for more viruses.

Anyway, I've disconnected it from the internet (funny that her web browser still opens and displays an AV website page), and we've kept it off ever since. My immediate thought is to format her entire computer using the disk that came with it (this is a Dell laptop, btw). However, I'm not sure even a format will fix the problem. There are a few videos on youtube about removing the virus, but they mostly tell you to download some form of anti-virus software. I tried to download AVG from my computer and transport it via flash drive, but the virus won't let me install AVG (no surprise).

I imagine someone out there has experienced this virus and may have a solution. Any help would be greatly appreciated.

Best Wishes.

Antilogic · Nov 13, 2011

Have you tried booting in and installing in safe mode? You can also try to use the Task Manager (Ctrl-Alt-Delete) to end some of the virus' processes so that it will stop hitting your legitimate antivirus software.

I suffered from something similar to this years ago, and I was able to get my actual AV software working using some combination of these methods.

Tecknojock · Nov 13, 2011

If you have access to another computer you could burn a windows ubcd and use that to run agv or manually remove the virus.

aimeeandbeatles · Nov 13, 2011

Dubzilla8 said:
My immediate thought is to format her entire computer using the disk that came with it (this is a Dell laptop, btw). However, I'm not sure even a format will fix the problem.

It should. Backup & reinstall is the surest way to clear out an infection. Be careful not to backup the virus though.

cardgame · Nov 13, 2011

I had one of these antivirus suites get me once :\

I killed it by booting into safe mode and running Malwarebytes.

muhtesem insan · Nov 13, 2011

http://www.safer-networking.org/index2.html

innonimatu · Nov 13, 2011

Antilogic said:
Have you tried booting in and installing in safe mode? You can also try to use the Task Manager (Ctrl-Alt-Delete) to end some of the virus' processes so that it will stop hitting your legitimate antivirus software.

Modern versions of those nasties are always checking for the process manager process and kill it immediately after it's open.

If it's one of the most harmless kind, rebooting windows in "safe mode" should allow a login without it starting. Then it's a simple matter of finding out wehere the executable is (I suggest you search the usual keys in the registry used to run programs, HKLM/software/microsofy.../run) and delete it. Delete also those keys, but they become harmless.

If it's a more elaborate kind, it can download all kings of trojans. So to play it safe, reinstall. That will get you rid of it.

Also, this should be in the computer talk subforum.

CommonKnowledge · Nov 13, 2011

innonimatu said:
Modern versions of those nasties are always checking for the process manager process and kill it immediately after it's open.

If it does that you could try opening the command prompt and using the tasklist and taskkill commands.

Camikaze · Nov 13, 2011

Moderator Action: Moved to Computer Talk.

Atlas14 · Nov 15, 2011

Next time don't use AVG...it's basically acts like a virus as well.

Grisu · Nov 16, 2011

many viruses are hard to remove while windows is running....so it's usually best to run a linux live cd with a virus scanner that just scans the windows drives.

for example the Avira AntiVir Rescue System or Knopicillin (only in german, I think)

Unix · Nov 17, 2011

Not sure if you've still got it or not. In my job I manually remove viruses and fix computers remotely all day long. To give it a try yourself at removal, I'd suggest running this program.

http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html

It's programmed to remove any traces of most of the well known fake antivirus program. It was last updated November 9th I believe.

Narnia · Dec 31, 2011

If you still haven't fixed your computer, try microsoft's process explorer and autoruns. Like other people have stated, malwarbytes is also good. They are free downloads off the internet, you should be able to get them on your computer via usb/cd/etc.

Also, if you can still access it, try disabling it via msconfig (use the run command and type in msconfig, it should already be on your computer).

Also, run all of these commands the minute you log on, if your fast you can sometimes start a program before the virus gets a chance to start up. And if you use process explorer to kill it, be sure to suspend it first, don't kill it outright. Some viruses will use several processes and if you kill the process, the virus might detect that one of it's processes quit working and will restart it. However, if you first suspend all of the virus's processes, you will disable it, you can then kill it's processes without it restarting them. You should then be able to use real antivirus software to find the virus and remove it.

Spoiler :

PS: good luck

Computer Virus

Dubzilla8

Just Right of Center

Antilogic

--

Tecknojock

Keeping the world running

aimeeandbeatles

watermelon

cardgame

Obsessively Opposed to the Typical

muhtesem insan

Amateur Revolutionary

innonimatu

the resident Cassandra

CommonKnowledge

Warlord

Camikaze

Moderator

Atlas14

"Sophomoric Troll Master"

Grisu

Draghetto

Unix

Chieftain

Narnia

Prince

Similar threads