Had a strange bug on my computer when I tried to log onto the internet tonight.

Every site I tried to reach, I got a message, with an Internet Explorer logo at the top, from a Spyware company saying the site I was trying to reach was unsafe, and that I could buy their software for $49.99 to solve the problem.

When I found the icon for the Spyware company on my lower icons and right-clicked it, it began a "software" scan. Each time I hit it to stop, it would restart where it left off each time I tried to click on something else. Told me I had 74 "severe risk" viruses on my computer, and that their Spyware would fix it for $49.99.

Rebooted...nothing. Tried to log onto Yahoo, ESPN, CA, etc, and just get getting the message. Shut down, rebooted again, nothing.

Finally solved it with a system restore, restoring my computer to yesterday's settings.

Just a heads-up in case this is going around, got through all my virus protection and firewalls.

Had a strange bug on my computer when I tried to log onto the internet tonight.

Every site I tried to reach, I got a message, with an Internet Explorer logo at the top, from a Spyware company saying the site I was trying to reach was unsafe, and that I could buy their software for $49.99 to solve the problem.

When I found the icon for the Spyware company on my lower icons and right-clicked it, it began a "software" scan. Each time I hit it to stop, it would restart where it left off each time I tried to click on something else. Told me I had 74 "severe risk" viruses on my computer, and that their Spyware would fix it for $49.99.

Rebooted...nothing. Tried to log onto Yahoo, ESPN, CA, etc, and just get getting the message. Shut down, rebooted again, nothing.

Finally solved it with a system restore, restoring my computer to yesterday's settings.

Just a heads-up in case this is going around, got through all my virus protection and firewalls.

Apparently affected your spell-check in your title too..:r

My daughter had the same problem, but no clean restore point. Will have to reformat to completely remove it. Sounds like Conficker...

http://www.pcworld.com/article/162102/confickerhype.html?tk=rss_news

This virus has become active recently after freakin everyone out on 4/1.

Had a strange bug on my computer when I tried to log onto the internet tonight.

Every site I tried to reach, I got a message, with an Internet Explorer logo at the top, from a Spyware company saying the site I was trying to reach was unsafe, and that I could buy their software for $49.99 to solve the problem.

When I found the icon for the Spyware company on my lower icons and right-clicked it, it began a "software" scan. Each time I hit it to stop, it would restart where it left off each time I tried to click on something else. Told me I had 74 "severe risk" viruses on my computer, and that their Spyware would fix it for $49.99.

Rebooted...nothing. Tried to log onto Yahoo, ESPN, CA, etc, and just get getting the message. Shut down, rebooted again, nothing.

Finally solved it with a system restore, restoring my computer to yesterday's settings.

Just a heads-up in case this is going around, got through all my virus protection and firewalls.

Grandpa had the same thing. I ended up having to dig it out through a reg search. it sucked. freaking programs. I wonder how many people just buy the program

I am convinced that these viruses are made by Norton & Co. just to sell more of their product.

Apparently affected your spell-check in your title too..:r

My daughter had the same problem, but no clean restore point. Will have to reformat to completely remove it. Sounds like Conficker...

http://www.pcworld.com/article/162102/confickerhype.html?tk=rss_news

This virus has become active recently after freakin everyone out on 4/1.

Based on the article, should I restore my computer to a much earlier date? Makes it sound like the bug might have been there for a coupel weeks and just gone off today...

Based on the article, should I restore my computer to a much earlier date? Makes it sound like the bug might have been there for a coupel weeks and just gone off today...

I'd run a scan. I used the McAfee and the F-protect mentioned in the article. If you can, you could turn off your restore temporarily, just to make sure you don;t recreate it and see what happens.

My daughters PC got sick a week before the first, so I think she just picked up a stubborn virus.

You are right, though, it may have lain dormant until recently.

Where are the real nerds at when you need them? Is there a Star Trek marathon on SciFi tonight...:dance:

I'd run a scan. I used the McAfee and the F-protect mentioned in the article. If you can, you could turn off your restore temporarily, just to make sure you don;t recreate it and see what happens.

My daughters PC got sick a week before the first, so I think she just picked up a stubborn virus.

You are right, though, it may have lain dormant until recently.

Where are the real nerds at when you need them? Is there a Star Trek marathon on SciFi tonight...:dance:

I am so computer un-savvy. :r

I am so computer un-savvy. :r

Stop clicking on the "free cigar ****" links and you'll be ok.:r

My daughter picked it up through a games site. Had to be embedded in one of her games she downloaded.

Stop clicking on the "free cigar ****" links and you'll be ok.:r

My daughter picked it up through a games site. Had to be embedded in one of her games she downloaded.

Only thing I downloaded lately was a free Amazon MP3 of Ted Nugent....the Nuge wouldn't knife me in the back, would he? :r

Only thing I downloaded lately was a free Amazon MP3 of Ted Nugent....the Nuge wouldn't knife me in the back, would he? :r

Actually, I picked up a little booger through a downloaded song from Limewire, so it's possible.

Actually, I picked up a little booger through a downloaded song from Limewire, so it's possible.

It's a Free For All, Baby! :r

It's a Free For All, Baby! :r

Watch out for Cat Scratch Fever...:dance:

Watch out for Cat Scratch Fever...:dance:

Or that Wang Dang Sweet.....oops, this is a family forum. ;)

:hm

Or that Wang Dang Sweet.....oops, this is a family forum. ;)

As long as it's not "2 girls 1 cup"

Live from the Friggemall Building, It's the Tom and Sean Show!!

We should take this on the road.:r

I was going to say I'd get you in a "Stranglehold", but then thought better of it..:D

Live from the Friggemall Building, It's the Tom and Sean Show!!

We should take this on the road.:r

I was going to say I'd get you in a "Stranglehold", but then thought better of it..:D

If you did, I would go into "Hibernation"! ;)

Well you're a "Fist Fightin' Son of a Gun" aren't you? All I got left is Little Miss Dangerous.

We should take this on the road.:r





I'd buy tickets....... and then scalp them :D

I'd buy tickets....... and then scalp them :D

The tickets...or me and Tom?:r

I am convinced that these viruses are made by Norton & Co. just to sell more of their product.

A bunch of us, old IT guys, think this may be true. Don't forget, Norton was not much back in the day, all of a sudden a "virus" thing made it huge. As is, Norton is as much a virus as anything out there, it makes any PC crawl and it is next to impossible to root it out. I once spent a full day hacking through the registry and still didn't wipe it out completely. Same for McAfee, BTW.

The tickets...or me and Tom?:r

Have you seen Tom???? The tickets bro :D

ROFL!

buy a Mac... all your virus problems will be gone

Every site I tried to reach, I got a message, with an Internet Explorer logo at the top, from a Spyware company saying the site I was trying to reach was unsafe, and that I could buy their software for $49.99 to solve the problem.

When I found the icon for the Spyware company on my lower icons and right-clicked it, it began a "software" scan. Each time I hit it to stop, it would restart where it left off each time I tried to click on something else. Told me I had 74 "severe risk" viruses on my computer, and that their Spyware would fix it for $49.99.

Rebooted...nothing. Tried to log onto Yahoo, ESPN, CA, etc, and just get getting the message. Shut down, rebooted again, nothing.

Finally solved it with a system restore

I had the same thing happen to mine. I hate these v's

Ran a scan on a student's computer yesterday. She had around a dozen viri/trojans and around 60 spyware program instances (bunch of different ones) including this fake antivirus thing. Had to do some manual registry edits as well as dos boot antivirus scans and spybot. Quite a royal mess. Now I need to convince her to install Linux.

It's not the Conficker virus. It's either Antivirus 2009 or some variation of it. Restore very rarely works on these things.

Go here - and get the latest greatest and run the free version it.

Malwarebytes (http://www.malwarebytes.org/)

A month or so ago I had it real bad and took two weeks working with the guy that developed that and with the Eset team. In the past I have just done a format - don't have the time now so I was determined to clean it. There is a previous post I made on it somewhere.

Here is one of my logs from when I had it - it will give you some of the file names to look for and delete:

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\sekuseva.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{ecb252fd-1b0f-4695-abbd-8a4930662488} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ecb252fd-1b0f-4695-abbd-8a4930662488} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyappf (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\MSFox (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\cpm87154a51 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run\javomanene (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\sekuseva.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\sekuseva.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\sekuseva.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SysWOW64\wilelazi.dll (Trojan.BHO.H) -> Delete on reboot.
c:\WINDOWS\SysWOW64\sekuseva.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\system32\awtsqoNg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkLedcD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnKbcBS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opnnoopN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pmnlJcAr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xxyxXPfe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayyApPF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lamahazi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.


Also on edit: When a window pops up - don't click to stop it. Go to your processes and stop the iexplore32 process.




Ron

A couple years ago I came to the realization that Antivirus software is not something that I needed. As long as you don't open email attachments from people you don't know and don't download programs from unknown sources I think you should be OK. I've been clean and sober for 2 years. :al

Malwarebytes and AVG AV is what I use.

i use f-secure its very good it scans file on your pc on its own just i case u forget to scan it

Malwarebytes and AVG AV is what I use.

:tpd: Same here and for most of my home users... :ss

buy a Mac... all your virus problems will be gone

Next computer. ;)

It's not the Conficker virus. It's either Antivirus 2009 or some variation of it. Restore very rarely works on these things.

Go here - and get the latest greatest and run the free version it.

Malwarebytes (http://www.malwarebytes.org/)

Ron

Thanks Ron. :)

Ron, I looked at the website but was not sure which download was the right one, can you guide me?

Ron, I looked at the website but was not sure which download was the right one, can you guide me?

Tom it looks like Ron went offline - I believe this is the free trial of the latest version:

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button

Thanks Andrew....I think I tried the wrong version first, it performed a full scan but wanted $29.95 to clean it up.

Use the Cnet download. I just started using it in Jan. on the advice of Eset - and although it does have a pay section for the active scan - mine was free. Of course they might have changed.

I can say this though - so far it's done an excellent job at finding crap that no others could - and I may just pay for the full version in the near future.

And if those don't work - I have some others with detailed instructions that I got from Eset. They were working hard to keep me happy - :tu



Ron

Malwarebytes and AVG AV is what I use.

Malwarebytes is awesome. It was recommended by our IT guys when my mom's system slowed to a crawl. It found 75 problems. Once I ran it and followed the instructions it started running just fine. I use the free version, and just scan it once a week.

I wish I could use AVG, but the company requires that I run McAfee and I hate it.

Thanks Andrew....I think I tried the wrong version first, it performed a full scan but wanted $29.95 to clean it up.

If you can't find the free version let me know, and I can email it to you.

I second the malwarebytes installation. It will more than likely fix your problems. I've done this three times on two computers and it worked each time.