TECH Horrible Malware on My Computer!

teefleur

teefleur

Veteran Member
I thought I'd post this on Main, since it seems that a lot of folks have encountered this and I couldn't find it mentioned when I did a search...

My computer has been infected with the worse case of malware in the history of computers!

This crap-ware makes its presence known but multiple pop-ups, which appear to be normal warnings from Windows, but are not. It disables, one by one, EVERY program you attempt to open, even to the point of denying access to the internet! I don't know what people who have only one computer will do to manage this monster...I have a little notebook computer, thank goodness!

As the "attacks" continue, it takes your computer to a website called Antispyware Soft, which is already running a scan of your computer - then urges you to buy the program in order to fix all the bugs you have. Don't! While you are trying to find a way out of this nightmare, it blithely takes you to a couple of porn sites, Porno.org, Adult.com and a Viagra website! And you continue to get the innocuous little pop-ups warning you and offering to "activate your antivirus software."

It has multiple names, "Trojan.FakeAlert," "BankerFox.A" and "Win32/Nuqul.E" - and believe me, I did a tremendous amount of research on tech websites and helpsites - nothing I found at any of them helped to get rid of this. A LOT of people have had problems with this same malware, so it's been around for a while.

I run updated Ad-Aware, Malbytes' Anti-Malware, Spybot Search and Destroy and AVG free, all on a regular basis. AVG missed it entirely. Ad-Aware just froze up and I could never get it to finish. Spybot found it (them or some of them) and SAID it removed them. NOT! Malwarebytes would not run at all.

:kpc:

I have spent the better part of the last two days trying to overcome this crap-ware. I have no clue how I contracted it... some of the websites I perused suggested email, some suggested websites like Facebook and some even suggested cell phone videos were carriers.

Through my search for a fix, I found a program recommended in PC Magazine, called PCTools Spyware Doctor with AntiVirus. It isn't a freebie, but I have become desperate to get this resolved and off my computer, so I forked over the $39.99 and have been running the program as directed.

I say "have been running," because the paid for program has removed a number of the offenders, around 70 out of a total of 85, but not all of them. I'm still getting the pop-ups and still being taken to porn sites. I have spoken with an ENGLISH speaking tech named Mike, who emailed some work-around suggestions to me. I have re-run the scan, sent the results of the scan to Spyware Doctor - and am awaiting a "cure" via email. Not here yet.

UPDATE – I shut down the computer and went outside and beat my head on the brick wall – oh – and fix supper, too. I checked my email, still no new correspondence – but here’s the REAL news. NO MORE POP-UPS! NO MORE TRIPS TO PORN SITES! YEA!

Spyware Doctor seems to have worked.

I feel compelled to send this information out to everybody I can, since it IS still out there. I hope no one gets this crap-ware. In no way am I promoting the purchase of Spyware Doctor – I’m just relating what I had to do to get rid of it. Those of you with knowledge beyond C prompt and a flashing cursor may have a cheaper solution, but this worked for me.
 
CGTech

CGTech

Has No Life - Lives on TB
I would also download both malwarebytes, and a-squared free (do the updates on both) and run full scans with both. I can guarantee there is still infections on your system. Both of these can be obtained thru www.download.com and are both free.
 
B

BoatGuy

Inactive
If you do a System Restore, it may remove it. You shouldn't lose any data.. only programs that have been installed. So, it sounds like you only need to take it back a couple of days. It's worth a shot, I should think.... and it's free and you already have the System Restore built into Windows.
 
Dennis Olson

Dennis Olson

Chief Curmudgeon
_______________
So - why are you still using Internet Exploder rather than Firefox with the NoScript add-on? If you were running that, none of this would have happened.
 
Maryh

Maryh

Veteran Member
I got it also and I use google chrome. Anyway, I started it in safe mode, went to system tools and cleaned the computer and voila! it is gone. I also have norton running so i am perturbed!
 
Kris Gandillon

Kris Gandillon

The Other Curmudgeon
_______________
ComboFix is specifically written to get rid of this one if you have the malware it sounds like you have.

Google it and get it from BleepingComputer.

Reboot in Safe Mode with Networking and run it from there.

Follow-up with scans using Malwarebytes and Spybot.

Kris

eta: Mary...no single product is perfect and catches everything. That is why there are a multitude of tools. MOST Antivirus products do not catch this one.
 
Kent

Kent

Inactive
Format your hard drive and reload your next to latest image of your c drive from your weekly backup, and then switch to Firefox.
 
teefleur

teefleur

Veteran Member
I should have elaborated...

Thanks for all the good tips... I run the latest version of Firefox, but that crap-ware kept taking me to the porn sites in IE. Haven't used IE in years.

I have Malwarebytes - which would not run at all. Spybot ran, said it removed it, but it was still there.

I tried everything (that I could get to work!) in both normal boot and safe mode.

A-squared is a new one to me, so is Combofix. And I agree with whoever said there are probably parts of the malware lurking... Will definitely will try those two.

So far, so good with the Spyware Doctor, but I am paranoid, since I've NEVER had anything like that befall my computer before!
 
N

NC Susan

Deceased
Last edited:
C

ceeblue

Veteran Member
I had that too. My computer has Vista and I was using Chrome. I'd noticed the net getting boggier for a couple days and when entering my username and password, the cursor would jump to the other box. I shouldn't have ignored that. The last week or so something had been running on my hard drive in the background and I couldn't find out what. I shouldn't have ignored that either. Next time I'll do System Restore right away, just for good measure.

I finally got the computer up in Safe Mode, did a system restore, downloaded Avast and let it scan, and am humming away again. System Restore seemed to have been what fixed the problem.

The computer locked up for good when I was downloading that video of a governor reaming a reporter. I thought it was the video download messing up everything.

I'm not certain what caused the problem or what fixed it.
 
N

NC Susan

Deceased
snipping parts from : http://www.livescience.com/technology/091111-top10-facts-malware-infections-1.html


Malware amounts to an ecosystem

There's viruses that replicate themselves and spread to other computers, sometimes just for its own sake.
They're called worms if they do it through e-mail or instant messaging.


Trojans follow the metaphor of Homer's Trojan Horse, whose occupants emerged in the night to open the Troy's gates to a devastating attack.



Spyware watches your actions for marketing purposes.


Adware produces annoying popup ads.


Malware, incidentally, is any software you didn't ask for, especially software that has malicious intent. A bug, meanwhile, is any software that doesn't work right--and may be preferable to malware.

Malware has many sources.

You can get an infection by visiting a malicious Web site, or by clicking a file attached to spam e-mail, through a p2p file-sharing network, by downloading what you thought was free software, or by using an infected removable device like a USB memory stick. Intrusion attacks can come in over the Internet.


Malware can bite.

Many trojans will download other malware that take root in our computer and start doing nasty things. These include password stealers and keyloggers that will try to swipe your account information so that someone else can swipe your money. Or they may turn your computer in to botnet node, under the remote control of a bot herder, who will typically use it to spew spam.


Trojans rule (in the U.S.)

If you're going to get an infection, at least in the U.S. it's likely to be some kind of Trojan. According to the SIR, 42 percent of the infections that the MSRT discovered were Trojans. Adware was also big at 16.3 percent. Nasty password stealers amounted to 4.1 percent. Elsewhere, infections are a toss-up. In Brazil, for instance, password stealers aimed at on-line banking predominate. Spain and South Korea have little in common, but both are afflicted by worms that target on-line gamers.


Vulnerabilities vary.

Not all operating systems are equally vulnerable. Microsoft's figures show that unpatched Windows XP has an infection rate of about 32.5 per thousand--about four times the global average. The rate falls to a sub-average 8 for thousand for Windows XP with Service Pack 3 (i.e., fully updated.) The rate for updated Vista machines was 3.1 per thousand for the 32-bit version, and 2 per thousand for the 64-bit version.


Patching works.

Hackers have a reputation of being ahead of the software vendors, but in reality they often use vulnerabilities for which patches has already been issued. Even when the bad guys get the upper hand, it may not be for long. Microsoft likes to use the example of the "Reno" Trojan that was attacking Vista, causing Windows Explorer to generate trackable error reports. After Microsoft issued a patch, the reports fell from 1.2 million error reports daily to less than 100,000--in three days. Within a month it was off the chart.


Malware is not the only danger.

The big news is the rise in phishing--e-mail that tries to trick you into revealing information that could be used for ID theft or other fraud. The phishers have been going after denizens of social networking sites and even large corporations.


Anti-Malware Software
Anti-Spam Software
Identity Theft Prevention Services




more at link........
 
Kris Gandillon

Kris Gandillon

The Other Curmudgeon
_______________
Teefleur:

Oh yea, forgot to mention...this one looks specifically for the MalWareBytes progam name and will NOT allow it to run. It also looks for several other common fix-it tools and will not allow them to run either.

Simple way around the problem though...rename the .exe to something different. I usually just rename it to a variation of my name. Renaming Malwarebyte's mbam-setup.exe to krisfix.exe got around the problem of it not letting Malwarebytes run.

Kris
 
Dex

Dex

Constitutional Patriot
Once you have all the software you need, you need to turn off your network connection. You also have to turn OFF system restore before you boot into safe mode. Then you run the program that kills the process that starts the snowball effect, in safe mode. THEN you run malwarebytes, also in safe mode. There are several steps. You may also need to delete some registry keys in several different places. After all of that you need to run an anti-virus program like AVG and then run it in regular mode and run Malwarebytes again in regular mode...all the while having networking shut off.

After you do all of that you really should get your important files backed up and restore the computer back to factory after doing a disk format. You really should just do that in the first place and skip all of the agonizing. The only reason I would fix the virus first and then backup the files is because some of your personal files might be infected. A jpeg can have a virus so that it why it's necessary to literally clean the system first and THEN do the format and factory install and then security patches. This way your aren't carrying a virus in your backed up files and don't have to worry about it so much once you put those files back on the fresh OS. All of this can be done in a couple of hours depending on how cluttered your disk is. Delete your browser cache before you do the scans too, saves time in not having to scan cached files.
 
CGTech

CGTech

Has No Life - Lives on TB
Kris Gandillon said:
Teefleur:

Oh yea, forgot to mention...this one looks specifically for the MalWareBytes progam name and will NOT allow it to run. It also looks for several other common fix-it tools and will not allow them to run either.

Simple way around the problem though...rename the .exe to something different. I usually just rename it to a variation of my name. Renaming Malwarebyte's mbam-setup.exe to krisfix.exe got around the problem of it not letting Malwarebytes run.

Kris
Click to expand...

Interesting idea Kris! Hadn't thought of that one. Thanks!
 
Foothiller

Foothiller

Veteran Member
I found a neat utility that will kill all the active malware processes so you can run malwarebytes, spybot, avg et al without running in safe mode.

It's called 'rkill'. google it, it's a free download.

Hope this helps.
 
trkarl

trkarl

Contributing Member
teefleur said:
Spyware Doctor seems to have worked.
Click to expand...

Last year after having malware problems and nothing would work I tried Spyware Doctor and it fixed everything. I keep it up to date and have not had a problem since. Put it on a friends computer and same result. Cleaned out all the nasties and now it works fine.
 
sy32478

sy32478

Veteran Member
I had to deal with this once and it does disable your ability to run .exe files. However I was able to get Malwarebytes to run and do a cleanup by renaming the extension to either .com or .bat. :D

More than one way to skin a cat.
 
BigBadBossyDog

BigBadBossyDog

Membership Revoked
Firefox is no guarantee and No Scripts is a pain in the butt.

Something I've never seen anybody here mention is to run MRT (Microsoft's Malicious Software Removal Tool). I heard Leo LaP talking about it one day, so I ran it. The first time, it found something and removed it. So now I run it about once weekly. Along with a few other things.

Go to Start, Run, type mrt, follow the prompts.
 
blkmtntom

blkmtntom

Inactive
teefleur;

I suppose you're always running with administrator privileges?
Create a user account to run your computer. That will stop most of that junk from ever installing.

tom :wvflg:
 
D

Double_A

TB Fanatic
This is why I bought my elderly mom an Apple Mac. It was worth the extra couple hundred to not have to have her (and I) worry about this, not to mention the trouble to fix it. I used to get calls from her saying, I read this story about the horrible troubles this person had, do we have to do anything to my computer?, no Mom we (my brothers & I) bought you a Apple so you would never have to deal with this. It's been six years now and those calls have stopped.
 
teefleur

teefleur

Veteran Member
Those of you with knowledge beyond C prompt and a flashing cursor - that would be me...

Thanks again for the good information but I am still terrified by the thought of renaming exe files, wiping and reinstalling and anything to do with {{{shudder}}} the registry!

I'm doing good getting into safe mode!

My computer is running fine today, thank goodness... While trying to fix the thing, (yesterday and the day before!) I DID disable network connection, but forgot about disabling System Restore. I had also tried the Microsoft Tool, to no avail.

Thinking of Dennis' suggestion on the NoScript feature, I went into Firefox Tools/Add ons/Plug ins and noticed all the information on Quicktime. I have always had problems with Quicktime - seems like on every computer I've ever owned. I have Quicktime already installed on my computer, 7.3 I believe, but Firefox apparently has a history of incompatibility issues with that program. Coincidentally, on the same morning that the crap-ware began, I used Quicktime to view a couple of short video files sent from my son's cell phone... I have to seriously wonder if THAT is where the malware came from...

Any opinions out there on Quicktime/Firefox issues???
 
Dennis Olson

Dennis Olson

Chief Curmudgeon
_______________
No, but I will ask this: do you use a non-Admin-level account on your PC to do your "everyday stuff"? Most people just use the default Administrator account to do everything. If you use a non-Admin account, you will be ASKED if you want to modify the registry. You should NEVER get that message when you're just surfing the Web. As a user-level user, you can just say "NO", and the malware cannot install.

That will fix almost every potential malware issue.


BTW, FF has a forum you can sign up for, where you can ask those questions of the larger FF user community. FYI.
 
I

intothatgoodnight

. . .
teefleur said:
Those of you with knowledge beyond C prompt and a flashing cursor - that would be me...

Thanks again for the good information but I am still terrified by the thought of renaming exe files, wiping and reinstalling and anything to do with {{{shudder}}} the registry!

I'm doing good getting into safe mode!

My computer is running fine today, thank goodness... While trying to fix the thing, (yesterday and the day before!) I DID disable network connection, but forgot about disabling System Restore. I had also tried the Microsoft Tool, to no avail.

Thinking of Dennis' suggestion on the NoScript feature, I went into Firefox Tools/Add ons/Plug ins and noticed all the information on Quicktime. I have always had problems with Quicktime - seems like on every computer I've ever owned. I have Quicktime already installed on my computer, 7.3 I believe, but Firefox apparently has a history of incompatibility issues with that program. Coincidentally, on the same morning that the crap-ware began, I used Quicktime to view a couple of short video files sent from my son's cell phone... I have to seriously wonder if THAT is where the malware came from...

Any opinions out there on Quicktime/Firefox issues???
Click to expand...

QuickTime is a media player program/framework, produced by Apple, that allows the playing of several types of online audio, video, and still images. Assuming that you installed QT from a legitimate installer/source, there will be no malware installed as part of a QT install. QT is a widely utilized by many Windows users, and is an integral part of the Mac OSX operating system.

Assuming that you had the latest up-to-date version of QT installed on your Window computer, I am not aware of any malware issues regarding QT.


intothegoodnight
 
nanna

nanna

Devil's Advocate
Superantispyware was able to root out and kill a massive vundo infection we had here, on 2 computers. I highly recommend it being added to the antimalware arsenal.
 
You must log in or register to reply here.
Top