02-08-2010, 08:34 AM | #1 | ||
Coordinator
Join Date: Jun 2002
Location: The scorched Desert
|
Question for Tech types regarding possible CPU Virus
First off I am using The Shield Deluxe 2009 for my antivirus / internet security program and it has been pretty solid for me.
Yesterday though I got a pop-up from a program called "Internet Segurity 2010" telling my I was getting attacked, I had a Trojan Virus, etc. It appears to be one of those programs that somehow installs itself, then sends false infection warning popups to get you to go to their site and purchase, presumably with the intention to steal credit card information. I run my antivirus and it can't disinfect or delete two of the files and I continue to get the popups. I try manually deleting the two portions of the file and get a message that it is use by another person/program and can't be deleted. I try system restore and I get a message saying the program is infected and can't run (So I assume this program is now blocking me from restoring to a time prior to it's installation) First off I am pissed my The Shield even allowed this to bypass my security settings, but the main question is, any ideas how I get rid of it? |
||
02-08-2010, 08:38 AM | #2 |
Hall Of Famer
Join Date: Oct 2002
Location: Massachusetts
|
Remove Internet Security 2010 (Uninstall Guide)
Remove Internet Security 2010, removal instructions How To Uninstall / Remove Internet Security 2010 Virus (Removal Guide) – SoftSailor
__________________
Get bent whoever hacked my pw and changed my signature. Last edited by DaddyTorgo : 02-08-2010 at 08:38 AM. |
02-08-2010, 08:41 AM | #3 |
Coordinator
Join Date: Jun 2002
Location: The scorched Desert
|
You're awesome DT, thanks!
|
02-08-2010, 08:41 AM | #4 |
Grizzled Veteran
Join Date: Nov 2006
Location: Minnesota
|
I would run malwarebytes followed by combofix. It would actually be better if you turned off your restore until this problem is fixed as that is where the virus can recover itself.
|
02-08-2010, 08:43 AM | #5 |
Hall Of Famer
Join Date: Oct 2002
Location: Massachusetts
|
test
__________________
Get bent whoever hacked my pw and changed my signature. |
02-08-2010, 08:48 AM | #6 |
Coordinator
Join Date: May 2003
Location: Utah
|
I have been combating this for the past week...the daughter got on the laptop and AVG missed it and I used Combofix, Malware Bytes combo to get rid of it.
__________________
"forgetting what is in the past, I strive for the future" Last edited by MacroGuru : 02-08-2010 at 08:49 AM. |
02-08-2010, 08:48 AM | #7 |
Grizzled Veteran
Join Date: Nov 2006
Location: Minnesota
|
Is this thread f'ed up? I cant see past the first 2 posts.
|
02-08-2010, 08:50 AM | #8 |
Hall Of Famer
Join Date: Oct 2002
Location: Massachusetts
|
strange - so i posted those 3 links and now i can't see anything below that in the thread...nor is my "edit" button there for them so i can delete them...weird
__________________
Get bent whoever hacked my pw and changed my signature. |
02-08-2010, 08:52 AM | #9 |
Coordinator
Join Date: Jun 2002
Location: The scorched Desert
|
I get your links still, but my original post is gone???
|
02-08-2010, 09:06 AM | #10 |
College Starter
Join Date: Oct 2000
|
i had to remove this from my father in law's computer last month. it was nasty and took me about 6 hours.
__________________
... |
02-08-2010, 09:52 AM | #11 |
College Benchwarmer
Join Date: Jan 2006
|
Malwarebytes is the best tool I have found for getting rid of this problem.
|
02-08-2010, 10:12 AM | #12 |
Coordinator
Join Date: Jun 2002
Location: The scorched Desert
|
This is a bear, I started the process as indicated on the website, using rkill first, then Malwarebytes and suddenly lost all my icons and had no way to start it back up.
Cold booted in safe mode and got my icons back and Malwarebytes is now cleaning. what really bothers me is that thi sprogram has already found 46 infected files that my Anti-Virus software completely whiffed on!! |
02-08-2010, 10:25 AM | #13 |
Hall Of Famer
Join Date: Dec 2002
Location: Mass.
|
Sorry that you all are having to suffer through this one. The links posted above really do as good of a job explaining how to remove it as I could. A few comments though on the original post from BYU..
I don't recommend the shield to anyone. If you want a good solid free antivirus, right now I recommend avast the most followed by avira (even though avira's update process lately sucks, it is pretty rock solid for combatting viruses). Also as best I am aware, the way Internet Security 2010 virus infects your computer is as you say by making you think you are already infected. It usually uses iframe exploits on web pages to allow the popup ad that you see appear. There are different variants of the virus, but the most common one is by getting you to click on the ad and then hitting ok to "scan" your system it actually infects the virus at that point. The best way to prevent those type of viruses is by running noscript with firefox and blocking iframes, or going deep into internet explorer settings and turning off almost everything. |
02-08-2010, 03:09 PM | #14 |
Coordinator
Join Date: May 2003
Location: Utah
|
Alright...
I am ready to pull my damn hair out. I go through clean everything off to the point Spybot, Malware Bytes and Combofix report it all removed...I run fine for a while and then wham...something else is back....this time it's the Your PC Protector....I am going to freaking scream and through my laptop out the damn window. It's almost making me want to move purely to Linux.
__________________
"forgetting what is in the past, I strive for the future" |
02-08-2010, 09:13 PM | #15 |
Coordinator
Join Date: Jun 2002
Location: The scorched Desert
|
Just got home and Malware Bytes reports everything removed, going to run combo fix to be sure and then check out Avast as you suggested Alan.
Still pretty f'd up when a free anti-virus program outperforms one that costs almost 50 bucks. Going to leave my system restore off for a couple of days to make sure it doesn't resurface, this one was a real pain in the ass!! |
02-08-2010, 09:16 PM | #16 | |
Hall Of Famer
Join Date: Oct 2002
Location: Massachusetts
|
Quote:
you trying to remove this one? it's clearly hibernating in your system somewhere - use that rkill program?
__________________
Get bent whoever hacked my pw and changed my signature. |
|
02-08-2010, 09:19 PM | #17 |
Hall Of Famer
Join Date: Oct 2002
Location: Massachusetts
|
weird - so internet explorer errored on my original post and i couldn't see the rest of the thread all day...but at home firefox has no issues with it.
yeah yeah i know...but i have to use IE at work due to some compatibility issues with certain websites i use everyday
__________________
Get bent whoever hacked my pw and changed my signature. Last edited by DaddyTorgo : 02-08-2010 at 09:19 PM. |
02-08-2010, 09:56 PM | #18 | |
Coordinator
Join Date: May 2003
Location: Utah
|
Quote:
I think I finally got it... Combofix, reboot....spybot...reboot....malware bytes....rkill....It's all good so far.
__________________
"forgetting what is in the past, I strive for the future" |
|
02-12-2010, 08:11 AM | #19 |
Coordinator
Join Date: Jun 2002
Location: The scorched Desert
|
Gotta give you guys props on Malwarebytes, since running it my CPU performance is noticeably better and solved the IS 2010 issue no problems.
|
02-15-2010, 08:52 AM | #20 | |
Coordinator
Join Date: Jun 2002
Location: The scorched Desert
|
Quote:
Let me second that, I won't even go into detail about what happened after my last post Friday in this thread, because I am an idiot and would prefer to avoid everyone else knowing the degree of my stupidity. Needless to say when I get my computer back from the guy I have fixing it, I will never speak the name of the Shield again unless the TV show comes back. |
|
02-15-2010, 09:13 AM | #21 | |
Coordinator
Join Date: May 2003
Location: Utah
|
Quote:
Smart Move! I am truly sorry you are experiencing what you have been.
__________________
"forgetting what is in the past, I strive for the future" |
|
02-15-2010, 09:29 AM | #22 |
College Starter
Join Date: Nov 2004
Location: Out of Grad School Hell :)
|
My wife got this on her laptop last night, and I did a system restore in safe mode. It disappeared, should I do the malware thing just to be safe?
|
02-15-2010, 09:33 AM | #23 | |
Coordinator
Join Date: May 2003
Location: Utah
|
Quote:
Yup, I would.
__________________
"forgetting what is in the past, I strive for the future" |
|
02-15-2010, 09:44 AM | #24 |
College Starter
Join Date: Nov 2004
Location: Out of Grad School Hell :)
|
|
02-15-2010, 09:56 AM | #25 | |
Coordinator
Join Date: May 2003
Location: Utah
|
Quote:
I don't think so, but then again you are talking to someone who just dealt with this on his machine.
__________________
"forgetting what is in the past, I strive for the future" |
|
02-15-2010, 11:07 AM | #26 | |
Coordinator
Join Date: Jun 2002
Location: The scorched Desert
|
Quote:
The free version did the trick for me. Malwarebytes is very solid for a free program, don't forget to run it in conjunction with RKILL though. (RKILL firstm then Malwarebytes) Last edited by BYU 14 : 02-15-2010 at 11:08 AM. |
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
|
|