Tech Support banner

Status
Not open for further replies.
1 - 11 of 11 Posts

·
Registered
Joined
·
16 Posts
Discussion Starter #1
my original thread got closed and I still had some questions, hope it's ok if I post this continuation.

original thread: http://www.techsupportforum.com/f50/another-antivirus-system-pro-problem-436294.html

original problem:
hi all,

so my mom's computer this morning was overrun with the "Antivirus System Pro Powerfull PC Protection" spyware or malware or whatever. it is redirecting her when she opens IE7 to the Antivirus System Pro website, continuous popups that her computer is "infected", ad pop-unders, windows security center keeps popping up, etc. also I had previously installed Spybot Search & Destroy, Ad-Aware, AND Hijack This on her computer, but now I can't even run any of those programs because the ASP is saying that they are "infected" and not opening them. So, I can't even post a HJT log or scan or anything...

Does anyone know how I can remedy this without being able to open any programs? or other steps I can take??

Thanks very much,
Kelz

--

chemist advised I save and run rkill but it doesn't work. I tried using an external hard drive but that still didn't work. I tried saving it to the desktop, but I can't open rkill at all. it just keeps saying "Application cannot be executed. The file rkill.com is infected. Do you want to activate your antivirus software now?" which just leads to the fake anti-virus software site opening up and a million popups overtaking my system. this happens if I save anything on to the desktop or onto the external.

as such, I can't post any dds or hjt logs or literally run anything. no programs work. I can't even get into "add/delete programs".

does system restore fix it? I am not opposed to wiping this computer clean if I have to.

thoughts? am I doomed?
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Try each one of these....


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif


Once the tool has run, do NOT reboot the machine, and then try once again to run DDS and GMER.
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Does Task Manager work? Ctrl + Alt + Del ?

Can you run any of the rkill files from a USB stick drive?

If not, you can try System Restore, but frequently in such cases, it won't work.
 

·
Registered
Joined
·
16 Posts
Discussion Starter #5
hi, thanks for your reply.

none of those work from the flash drive either. I get the same fake message. does it matter what kind I use? it's a Western Digital external HD.

which process should I close if I do ctrl alt del?
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
Shouldn't matter what type of USB device.

About what process to kill, well, it's hard to tell without logs. There might be something like a randomly named file with all alpha-numeric characters. There might be msa.exe or

# c:\Windows\svchast
# c:\Windows\svchasts
# c:\Windows\svohost

NOT svchost.exe

If you can open Task Manager, perhaps you can give me the rundown of running processes.
 

·
Registered
Joined
·
16 Posts
Discussion Starter #7
(I am doing this over the phone with my mom) but when she clicks "task manager" after doing ctrl alt del, it just closes itself out and shows her her desktop again.
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
It's best for the person who is going to be doing the fixing at the machine be the one I am communicating with. Third party fixes are often a recipe for misstep. I'm loathe to run any removal tools without first trying to see what's there. Without logs, I'd be working blind. It's quite unusual for these rogues to block all variations of rkill, and block .com files as well as .exe
 

·
Registered
Joined
·
16 Posts
Discussion Starter #9
I actually was the one doing the things that you suggested until this last step. I was home for thanksgiving and am not anymore. all those rkill versions really didn't work.

but, ok. I guess she will just take it in and have it looked at. thanks very much for your help and your patience, I appreciate it.
 

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts

·
TSF Security Manager, Emeritus
Joined
·
52,197 Posts
1 - 11 of 11 Posts
Status
Not open for further replies.
Top