• Welcome to Overclockers Forums! Join us to reply in threads, receive reduced ads, and to customize your site experience!

Nasty virus attack !!!

Overclockers is supported by our readers. When you click a link to make a purchase, we may earn a commission. Learn More.
OC101

OC101

Member
Joined
Oct 30, 2007
I have not had any virus for years.

All my computers are behind a firewall of my router. I also have AVG and Ad-aware installed on all computers. All security settings in the Internet Options are at the highest level.

Just now, I was watching a new DVD arrived from netflix. Then all the sudden both AVG and Ad-aware popped up windows to tell me multiple Trojan/virus attack were blocked. AVG even listed the names of the files which were detected on open, I clicked the button "remove all unhealed files".

So I thought it was nothing.

Then, when I tried to be sure and to use AVG to do a complete scan, it popped up a window and said "AVG.exe was infected".
I tried to do a full scan with Ad-aware, a window popped up and said "Ad-aware is infected".

I then noticed there is a minimized icon at the bottom right. Something I've never seen before. It is called "Security Suite". I clicked on it, it popped up a window and "looked like" it scanning my computer for spyware. It "found" a bunch of spyware and asked me to upgrade to full version. Of course I am not buying it, I tried to close it but there is no way to do so. I tried to close it in msconfig, and there popped up a window said "msconfig.exe is infected".

I tried to search for solution online, and found internet is unaccessable on this computer. All web page shows "Internet explorer warning - visiting this web site may harm your compute". Well first, I use firefox. Second, all the web pages I had saved before were completely safe. Something like netflix, yahoo, wikipedia etc. ALL pages show the same message and won't load.

Although there is one other page came out of nowhere - antivirone.com.
It took me to a page where it wants me to buy this "Security Suite" which is the icon minimized at my bottom screen.

I tried to go to control panel to check for this program so I can uninstall it if it is there. I found "add or remove programs" will not open.
I tried to go to Internet Options, it will not open either.

I restarted the computer, AVG loaded, but Ad-aware did not. But AVG will not work. I tried to do a full PC scan with AVG, it started, then it ended with "scan finished" in just 2 seconds.

There is also one more thing, there is always this window pop up says "Windows security warning" which I doubt it is really a warning from the windows security.

It seems somehow I got a virus that had disabled not only majority of my computer functions, but also disabled my AVG and Ad-aware, and the internet. It tried to make me believe the only way to fix it is to buy this "Security suite" from this antivirone.com.

What now? :bang head
I am typing this on my laptop. Looks like other computers on the same network have not been compromised yet.
 
Last edited:
Maybe somebody put it in when they had it?

I thought all the DVD's that Netflix uses were the ones you couldn't write on.

I'd try system restoring though, if that doesn't work try booting into safe mode and doing a system restore or using virus removal tools while in safe mode.

If all else fails do a complete system restore.
 
Go into safe mode command prompt. remove the startup entries from msconfig, then reboot and run malwarebytes. That should do it. Seen this thousands of times, easy fix. You will also have to reset IE Proxy Settings to get the internet back after it is removed.
 
It is not always an easy fix but yeah

I keep a machine running AV software upto date and with autoplay disabled. Take the infected drive and attach it to that computer, scan and remove the virus then go back and finish up cleanup on the "infected" machine.
 
I am 99% sure that security suite is a virus and it tells you other items are infected to screw with you. What bchur said should work although I always scan with at least 3 scanners to be safe. Call me crazy.
 
I know this "Security Suite" is the virus.

I never saw it before and certainly did not install it. I have no idea where it came from.

Both AVG and Ad-aware put up a fight and lost.

All web access were disabled except to their web site. I simply tested it to click on buy it. of course, the next page I will have to give my personal information including credit card number.
This might be their goal after all.

First, disable everything and make it look like there is a virus. (which there is...)
Second, disable internet access so you can't get help.
Third, tell you that this magical "Security Suite" had detected all the threats but unable to remove them until you upgrade to full version.
Fourth, try to leave you no choice but to get this "quick fix" and willingly giving them your credit card number.

Their web site (antivirone.com) is up and running. Why nobody is stopping them?
I want to see cops break down the door and knock the guy out before drag his @SS to the jail !
 
Last edited:
Last edited:
petteyg359 said:
Sounds similar to "Antivirus 20<insert-year-here>".

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-2010

From everything I've experienced on my own systems, heard about other people's systems, and read on any site other than AVG's, AVG is a joke when it comes to actually protecting your system. Get something better (last time I checked, Avira and NOD32 were near the top of the list).
Click to expand...

But AVG has a no pop up free version. Not many others have that. Tried a few others with good reputations. They either have pop ups to tell me to upgrade once in a while, or have limited time(like a few months) for free.

In the last restart, I somehow was able to disable the thing in misconfig startup before it was loaded. I simply disabled something in startup which I don't recognize. A few seconds later, the thing was loaded. Everything wouldn't work again. I guess it only disable the functions after it was loaded up. AVG loaded up before the virus, but AVG full scan will be shut down as soon as it start. Everything could be opened for a second then it would be shut down by the virus.

Of course, since I disabled it from the startup, after another system restart it did not load up. AVG loaded. Ad-aware loaded. Both are doing full system scan right now and both have picked up more threats.

Firefox would not load any web page until I changed the proxy server settings. (it was changed by the virus to a proxy server that would not work).

As for right now, I think the root of all evils is still there. It somehow is planting new threats. Every 10~20 minutes, a new threat is detected on opening by AVG.
 
I have experience with this garbage "Security Suite". A few friends have had it come up on their systems. Download MalwareBytes from a clean system to a flash drive. Boot the infected system into safe mode with networking, install MalwareBytes and let it update. Scan, while still in safe mode, remove everything it finds, and reboot the system. You should be good from there. I have had great success with this method, with a lot of these problems coming up. I think the most important steps are safe mode, and letting it update. Booting into safe mode with networking will boot with only the basic kernel files of the OS, and network drivers, so the malware won't be active, making removal much easier. Good luck.:thup:
 
Others have made good suggestions and I may offer another, thought I admit I haven't read every post in full.

Are you able to bring up task manager at all? If it is, try killing everything that isn't system critical and then try a scan with avg/adaware.

This may make your PC usable for now until you find a way to thoroughly clean it out.
 
Good suggestions, people.

I will try them.

@ Mooyo
Before I was able to disable the virus in startup before it loaded after a fresh restart, nothing worked. Task Manager would open for a second and being shut down immediately by the virus. Just like msconfig, just like AVG scan, just like add/remove programs. Everything would open for a second before being shut down by the virus.

I was able to disable the virus in the startup for the next system restart before it loaded up again and made me unable to do anything. After another system restart, it did not load up again because I disabled it in the previous restart.

So now everything works again, but the virus is still there somewhere and is planting new threats every 10~20 min. which is being picked up by AVG. It is still there. AVG only picks up the branches grow out of the source.
One of the things being repeatedly detected and removed by AVG is called "Trojan - False alarm". Well it is one of the evil doings of this virus... to create false alarms.
 
IMNSHO, lack of pop-ups isn't worth having your machine taken over. There's always MSE, if you must have free and zero pop-ups.
 
I've had this one on my computer, and a few others. Idk how they get there, but they seem to be pretty nimble to get around AVG, Norton, etc.

AVG has a safe mode command line scanner. Restart into safe mode, and then let that run. Then run adware, and run malwarebytes. That SHOULD get rid of it all, but i've had cases of it slipping past. If it does, just run it again until it stops coming up with stuff (by it, i mean all of them)
 
OC101 said:
But AVG has a no pop up free version. Not many others have that. Tried a few others with good reputations. They either have pop ups to tell me to upgrade once in a while, or have limited time(like a few months) for free.
Click to expand...

Another recommendation for Avira here..........If it's the nag screen bothers you, a quick sniff around on the web will show you how to disable that in about 20 seconds.
 
I'm pretty sure I was hit by the exact same thing 2 days ago. I was browsing slickdeals.net and amazon.com while it happened. Maybe xtremesystems.org / here / and hardforum. Nothing else, these are all of the websites I always visit.

The laptop's running Vista home, and it was updated.

It was extremely annoying. I searched on another computer for a solution and found out nothing except for a single thread specifying the problem on some hacking forum (hackforum.com or something). The guy turned off this worm by running the task manager when the computer was turning on, before this software was able to turn on. That's the key. Did the same thing, and it worked for me. Just try alt+ctrl+delete a few times when after your PC turns on, and it should work.

After that, search for it in under Documents. Should be there somewhere. (at least in my case) Delete it.

Then, turn off the proxy in the internet options (it set it to something).

Last but not least, this is not a virus. It doesn't seem to attach itself to any other processes.
 
You must log in or register to reply here.

Similar threads

BruceUSA
no internet access
Replies
9
Views
183
BruceUSA
BruceUSA
TerranBrackiatt
Win11 "Local Security Authorization is off" Warning: A bug
Replies
1
Views
580
TerranBrackiatt
TerranBrackiatt
Railgun
Dusting off the OG Titans
Replies
6
Views
277
Railgun
Railgun
magellan
Liquid metal TIM for 4090?
Replies
14
Views
146
yoadknux
Y
JrClocker
Considering Switching from Spectrum Cable Internet to Frontier Fiber
Replies
7
Views
2K
JrClocker
JrClocker
Back