Never thought i'd get a virus. Heck, I didn't. A friend helped me get it :bang head

Anyway, it was one of those fake AV things. I managed to get rid of it, but now IE is MIA (not that i care), Chrome can't connect, and FF is the only working browser. I'm still cleaning out traces of the virus, but random things can't get to the internet. Zune software can't login to my Zune Account, Weather gadget doesn't work, Chrome doesn't work, and i'm sure there are others. It's only some things though. Anyone know what to do...? I can't reinstall as my Zune pass is already at it's trade out limit this month, and i've have to spend an hour talking to Bob from China for help getting my pass reset :bang head :bang head :bang head :rain: :fight:

What about a repair install? It leaves registry + programs, but cleans out the core windows files and reisntalls them. Might help.

Also check your hosts file

had this happen to me with my girlfriends laptop a few weeks ago. exactly down to the fake AV program that set it off ;)

there's proxy setting that got flipped in IE. i forget where it is exactly but its in the IE program, fish around in its proxy preferences and make sure its not looking to connect to a proxy. uncheck the box and you should be good to go! i dont know why other browsers default to IE's proxy settings with the exception of firefox but it is what it is i guess. all the more reason to run FF.


http://www.overclockers.com/forums/showthread.php?t=643267

heres my original thread haha

if i remember right i ran spybot search and destroy from safe mode and that took care of the Antivirus7 (was the rendition of the fake AV i had) problem and then the damage control i listed above took care of the rest.

What about a repair install? It leaves registry + programs, but cleans out the core windows files and reisntalls them. Might help.

Also check your hosts file

Hmm, how would that work? Never heard of that haha

had this happen to me with my girlfriends laptop a few weeks ago. exactly down to the fake AV program that set it off ;)

there's proxy setting that got flipped in IE. i forget where it is exactly but its in the IE program, fish around in its proxy preferences and make sure its not looking to connect to a proxy. uncheck the box and you should be good to go! i dont know why other browsers default to IE's proxy settings with the exception of firefox but it is what it is i guess. all the more reason to run FF.


http://www.overclockers.com/forums/showthread.php?t=643267

heres my original thread haha

if i remember right i ran spybot search and destroy from safe mode and that took care of the Antivirus7 (was the rendition of the fake AV i had) problem and then the damage control i listed above took care of the rest.

That took care of it! Antivirus7 was also the name of the fake AV i got. Somehow went straight through my firewalls and AVG :/

I had to run a few scans, and then i nuked all of the temp directories just to be safe. Had to redownload all my gadgets and give outlook a new personal files file, but at least i cleaned up about 4GB of stuff in there too.

antivirus7 was definatly a piece of work. after it got infected it wouldnt allow anything to run, i couldnt even bring the task manager up to see what was going on. the only thing the pc would do was to direct to the 'buy our product now!' site.

i had gone to a website i knew had a history of rogue ads on her laptop not thinking anything of it as i usually do that sorta thing from my macbook. as soon as the infection warning popped up i just kinda looked at her and gave an 'oops' look.

I had the Windows7 performance monitor locked to my task bar, so i managed to get that open. Everytime i tried to open AVG it killed the scan within 3 files, and task manager closed as soon as it opened. I haven't seen anything like that in a while... and i've NEVER had it happen to my PC.

I had to restart the computer, scan in safe mode with AVG, then Malwarebytes, and then when i got it back together, i couldn't get half the stuff on the internet... wonder what else it changed :/

I guess they call it "startup repair" now:
http://pcsupport.about.com/od/operatingsystems/f/repair-installation-windows.htm

I see this one at work very frequently. Couple of notes.

1) Running a program as administrator or using a custom .bat file is usually enough to bypass the block it uses.

2) Malwarebytes usually does a good job in cleaning it up.

3) I could not find it when I searched, but there are registry files that will fix the problem if MB does not take care of it all.

There are always ways of getting things 'fixed' but IMHO you would be much better off backing up your files, reformatting the entire driver and reinstalling everything. Sucks because of time involved but you will be happier with the result.

That would be a good time to make a back up image of your drive for times like this.

Another option when a program will not run. Is to rename the exe something else. Some of the infection will block common exe's for removal software.

There are always ways of getting things 'fixed' but IMHO you would be much better off backing up your files, reformatting the entire driver and reinstalling everything. Sucks because of time involved but you will be happier with the result.I am also suggesting this. I used to work for a university fixing student computers. So many laptops came to me infected with the fake AV (and other various virii/malware/etc). I was able to clean them all up, but it almost always left something wrong with the operating system. Either something didn't work or the system ran slowly. I started just backing up needed files and formatting them. Once I got it back up and running, I scanned their files through another system, moved it back to their and setup preventative measure so that it doesn't happen in the future. I rarely saw the same laptop twice.

1+ that is the only way to get it right, format then reinstall and do a image backup for the future.:burn:

It would also be worth pointing out that sometimes when you get it "clean but not back to normal operation" in reality its not completely clean. There is still part of the virus/malware/etc. lurking. Once you get a virus you're pretty much asking for trouble if you don't reformat. Not just trouble in the way of annoyances, but trouble in the way of stolen bank accounts etc.

Does it only run apps named iexpore or firefox? One I mentioned in another thread here does.

If so, just rename your antispyware tools to one of those before running.

the infection me and the OP (as far as i can tell) had wasn't really a virus per se but rather a rogue app that installed itself and then continuously popped up "your system is infected click here to fix" in an attempt to scam the unsuspecting user out of some money.

I use the following situation I had in the thread i listed its similar situation to this thread:
the cleanup wasn't that difficult once i was able to get control of the OS once more (safe mode). i think the reason the proxy got switched in the first place is due to the way the software directed you to its website regardless of where you directed it while infected. cleaning up removes the problem but the proxy setting remains in IE.

heres a rundown of the rogue app:

http://www.bleepingcomputer.com/virus-removal/remove-antivirus7

personally i wouldn't be too concerned with leftover infection after the removal as in my case nothing seems to be causing issue with my girlfriends laptop 2 months later, but correct me if im wrong CompuTamer in any of these counts.

I removed something very similar yesterday. It was called AV Security Suite. I caught it pretty early so getting rid of it went quick. It was like 10 reg entries, 5 files and 3 scans later the computer was clean. Definitely not the worst infection I have dealt with. Though I have to thank you guys for the proxy trick. That saved me a lot of time.