I got a damn virus on my new laptop. It installed some Antivirus Pro program and it wont let me access anything.
I cant go into ad/remove programs, system restore, nothing!!!
A web page pops up that says osadware.com.
Any ideas on how to get rid of it?

Reboot to safe mode, and do a thorough scan with both your AV and anti-spyware software.
Posted via Mobile Device

We got this one at work. Nasty bugger. According to our IT guy (All Hail IT Guy!) it's not a virus. It's malware. He used a program called Malwarebytes to remove it. Good luck!

We got this one at work. Nasty bugger. According to our IT guy (All Hail IT Guy!) it's not a virus. It's malware. He used a program called Malwarebytes to remove it. Good luck!

Yep. Download Malware Bytes and run a full scan in Safe Mode. If that doesn't work, try ComboFix.

MCS

it wont let me access any website in order to download Malware.
Any website I go to, it says its infected.

it wont let me access any website in order to download Malware.
Any website I go to, it says its infected.

Have you rebooted in Safe Mode?

it wont let me access any website in order to download Malware.
Any website I go to, it says its infected.

You've tried ALT-CTL-DEL and looking for anything that looks like osadware in the running processes and ending it?

Else, DL the file onto a USB drive on a separate computer. Boot into safe mode .. press F8 when booting. You might have to F8 a few times. access the malware bytes program on the thumb drive and install it then run it.

sounds like vundo... that sux man... I deal with it at work too..

download malwarebytes, install it, update it, restart into safe mode and run it..

You may also be able to find the process listed in TaskManager like SeanGAR mentioned, I always look for processes with random letters and end those.

Maybe someone could paste manual removal instructions from a reputable site like Spybot, McAfee, or AVG? I'd do it, but the instructions are way over the clipboard limit for my phone..
Posted via Mobile Device

can you access this site: http://www.bleepingcomputer.com/virus-removal/remove-antivirus-pro-2009

Also, get malwarebytes on a usb drive or something by using another computer if you cannot access it.

Worst case, reformat (typical response)

Reboot in safe mode.
Go to your Local Drive.
Go to Documents and Settings (and choose You).
Go to Local Settings. (If this doesn't appear, go to tools/folder options/view/and click the tab beside "Hidden files and folders" and Apply)
Go to to Application Data
Look there for a nonsense folder that begins with the letter a (forget the string).
It's abeghfdgt or something ridiculous like that.
Inside that folder will be a program called osadware.exe (again, don't remember the exact file name) or something of that nature and it will say it is a Microsoft Corporation file. It is not.
Delete it and it's containing folder.
Empty your recycle bin.
Reboot into your normal mode.
Then be careful where you are getting your torrents. :tu

Oh yeah, once you've done that, you'll likely need to do a system restore to the day before you jacked up your rig. :tu

Fought it at work and BIL fought it a couple of weeks ago. There are a couple of things you can blow it away from the registry (script from symantec to unlock the registry) or there is a dos prompt to kill it and a restore point that will fix it also. More solutions are out there now on google but easier if you search from another computer. Time I fought it, it blocked malwarebytes install.

Fought it at work and BIL fought it a couple of weeks ago. There are a couple of things you can blow it away from the registry (script from symantec to unlock the registry) or there is a dos prompt to kill it and a restore point that will fix it also. More solutions are out there now on google but easier if you search from another computer. Time I fought it, it blocked malwarebytes install.
It's pretty much advanced to where it blocks all executables, and it hijacks your browser so you can't even do an online scan.
I found it last week, worked out the solution, re-aquired the virus purposely, and retested.
The system restore is a lot easier than cleaning the registry for the browser hooks. :tu

I had it about 8 months ago before I installed Kapersky....It was a ***** to remove then, I can only imagine what it is like now.....

Hope you get it all worked out Travis

There are some sites that can be accessed by typing directly into the address window. Sometimes you can also search by going through a third-party site like a news site. Clicking on links is almost 100% disabled. Its a serious pain and will take some time to get rid of all instances. I used ComboFix and a second program to clear a similar redirect a few months ago. Good luck.

It's pretty much advanced to where it blocks all executables, and it hijacks your browser so you can't even do an online scan.
I found it last week, worked out the solution, re-aquired the virus purposely, and retested.
The system restore is a lot easier than cleaning the registry for the browser hooks. :tu

I agree, these pain in the arse people need to invest their time in Linux then it really would bring down MS. Unfortunately though it looks like they are moving towards virus hijacking and ransoming of the computer which is what this is/is leading to.

My daughter clicked on one of those fake ativirus warnings and downloaded a rouge security malware. It was blocking all attempts to remove it.
I had to boot into safe mode and I ran a program called SuperAntiSpyware from a CD. It removed all the malware plus some adware plus the tracking cookies and a trojan backdoor. I rebooted and ran a Windows Defender full scan and found a couple more evil program files. This took hours. I will run a registry cleaner next.

Those fake antivirus warnings are convincing enough except I get them telling me my Windows files are infected when I'm not running Windows.:rolleyes:

Typically you can run either Malwarebytes or Combofix by changing the file name... :tu

I am lost when it come to the crap being sent out today. I am lucky, I have an IT friend that I give my lap top to twice a year and he goes through my files and cleans it up. If you cant figure it out, you may have to take it to someone for service.

I think my son has this now, /tagging this thread for reference

Man, I feel for you guys with this nonsense.
I got so tired of getting viruses and crashing.
Haven't had an issue now in over two years.
Don't want to mention what I know for sure I owe it to as it will start a debate.

I hate to say this, but if you got one of the new TDL4 or TDSS rootkits, go ahead and reformat your hard drive. There are ways to check if you have this. Malewarebytes, bleepingcomputer and kaspersky all have great forums to help out with the problem.

The new version of the TDSS rootkits are unable to be removed or quarantined. No software company has come up with a solution yet. I had this problem a few weeks ago now and got the newest tdl4 version of the rootkit. After many days and hours of research I ran across some hacking websites. They were discussing these new rootkits and how they act. To sum it up, when the guys who get paid to hack can't figure out "how" the rootkit is even reacting, it's time to re-format.

Nobody in this thread has had a rootkit to deal with yet, I think, but there is a guy at work with one. It takes over shortly after turning the computer on and won't let you do anything administrative. You would have to boot the computer to a separate disk and work on it. He just uses the computer offline.

I got that file one day at work, re-formatted my drive and re-installed Windows. Not pretty. Then about
4 months later I got it again. It is a pretty smart deal. Only advantage you have is most of your data is
easily saved. You can make backups all day. As long as you don't go online, it kinda stays quiet. Then
once you are done making all your backup DVDs, you can format your hard drive, lol.

Or take the good advice given here above. Wish I had read that before.
Did a total wipe twice in one year.

I got something like that a few weeks ago, I was able to get my antivirus to actually kill it by ending all processes on the task manager that didn't look normal, and then running my antivirus/ad-aware. Been fine since. If I ran the antivirus stuff without stopping the processes it would delete what I suspect were subsidiary virus files but not the main file that would recreate the subsidiaries every time the software deleted/quarantined them.