I think I may have a virus on my CPU. It only manifests itself on my wife's login and not on mine. Any ideas as to what this could be? Her IE doesnt work, when opened it says Windows Explorer is infected and gives options to buy an Antivirus software, which is obviously bogus. Why is my user fine and hers infected? :confused: I also cant open anything on her side without a security alert showing up saying the file is corrupted. Any ideas? We dont have an anti-virus software.

Google AVG virus scan. It is free and does a decent job. Also empty your history file and cookies.

what version of windows are you running?

She clicked on something that downloaded this. I understand it's very difficult to get rid of. Not uncommon- in fact it pops up and when you try to "x" out, it downloads itself. Someone said the only way to prevent this is to shut down your computer right then and there w/o clicking on anything having to do with the pop up. Hopefully an IT pro can help you with it. Not sure why it's just she and not you both- unless it discerns log-ons as seperate entities.

Oh- and get some anti-virus! There's free stuff out there that will protect you. Good luck!

We dont have an anti-virus software.
oops!

I prefer Comodo anti virus (also free) plus get ad-aware, a great anti-adware program. PM if you need more info, I'm great with computers. I'd even be willing to talk you through something over the phone if you need it brother, this was my job for a long time...

I have McAfee Security Center but I never renewed the subscription. Will buying this and running it clear the infection?

probably not. My advice here is to offload any files you need from her account to an external Hard drive. Delete her account. Install AVG free or another anti virus. Defrag your hard drive. Then set up a new account, connect the external hard drive, scan it, clean it, then delete that account. Defrag again, setup a new account for her and tell her to never randomly click on stuff again. For web browsing, I would setup a separate account with no admin privileges and let her use that for web surfing. Delete it occasionally and make a new account.
I am a computer engineer whose wife constantly infected her machine via myspace, facebook, etc...

It sounds like overkill, but it is the best way, I have found to deal with Windows viruses. Or buy a Mac and install anti virus from the get go.

There are literally hundreds if not thousands of different malwares out there. Many of which could cause this type of problem.

Try using adaware first. If it doesn't solve the problem you may need to attempt to isolate the process that is running and use your administrative tools to cause it to stop running and to not auto-start.

If you cannot isolate the process you can try to do msconfig scenario where only the most basic and vital processes will boot when the is does. From there you can attempt to run adaware again, as well as antivirus and such other stuff.

If you can boot in safe mode it may give you the ability to try to investigate the problem without having it pop up every 3 seconds and causing system crashes.

with this kind of virus it is debatable(some of these big system viruses can be a *****!). Seeing as its only affecting 1 user though, it should be easy to get rid of.

Mcafee isnt on of my favorites but they do work, its a big system hog though, IMO. Every AV,firewall ect has its holes though none of them are perfect.

favorites have been symantic(my AKO corporate version), bitdefender and panda. that i have used.

You won't make it any worse if you do. And besides if it is a virus then it should find and fix it.

I have McAfee Security Center but I never renewed the subscription. Will buying this and running it clear the infection?

Erick, there are FREE anti-virus programs out there that are just as good (read "better" than McAfee).

http://personalfirewall.comodo.com/free-download.html

choose your operating system and then select "Download Comodo Internet Security for Windows"

and adaware:

http://download.cnet.com/Ad-Aware-Free-Internet-Security/3000-8022_4-10045910.html?part=dl-ad-aware&subj=dl&tag=top5

:tu

I just ran my Malwarebytes Anti-Ware and it didnt find any infected files. Now I am doing this from my user not hers since nothing works on that side.

It should scan the whole computer, regardless of logged in user. Try a different program
Posted via Mobile Device

Anyone know if I need to download a 32 or 64 bit program?

Nevermind found it. I am downloading the Comodo software now.

I think you may be infected with one of the versions of "Antivirus 20xx"

Here is a link with instructions on removal. I took the first resuls from google so there are other options. google "Antivirus 2001 removal"

As a side note, it is very easy to get, and a pain in the ass to remove. Only antivirus program I have ever had to catch it was Kaspersky..

There was also a thread about this on here... lets see if I can find it

Here is the previous thread http://www.cigarasylum.com/vb/showthread.php?t=25007&highlight=virus+removal and it has some good info as well

When doing the malwarebytes scan are you choosing full scan or smart scan? It is very odd that it won't pick up on the trojans/malware in your other users folders.

First, make sure you update it. There is an update tab. I have had it update to a new version within an hour, so always update first before you scan. Try doing a full scan and make sure every user is chosen. That should find something. Remove what is found and let it restart.

If that doesn't work, unplug/disconnect the internet and boot up safe mode. Then run a full scan of malwarebytes from there. Again, remove any trojan/malware found and let it restart.

Also, if it finds something, I would suggest going here: http://support.kaspersky.com/viruses/solutions?qid=208280684

Download that TDSSkiller software and run it. If it finds something, it will get rid of it 99% of the time. If it is still happening after the tdsskiller has run, post back in this thread and I'll give you some more links and help if I can.

MiamiE make SURE you uninstall McAfee first before you install Comodo. Again, if you have questions, please PM me brother.. Viruses can be a long painful process.

It would also be a good idea not to have the Internet hooked up on your wifes log in. Download everything you need on yours and install it on hers without the Internet.

Take a look at Majorgeeks 4-5 step anti virus. It's like 4-5 free programs you run. Saved me a reload before.

Don't forget Windows' built in anti-virus. It works pretty good as long as you keep it updated, which is critical in Windoze anyway. After doing an update win$ will run a scan when it reboots. Things called rootkits get around this but you probably don't have one.
I have been able to get rid of most infections by running SuperAntiSpyware followed by WinDefender followed by a security update.

Don't forget Windows' built in anti-virus. It works pretty good as long as you keep it updated, which is critical in Windoze anyway. After doing an update win$ will run a scan when it reboots. Things called rootkits get around this but you probably don't have one.
I have been able to get rid of most infections by running SuperAntiSpyware followed by WinDefender followed by a security update.

If he can't run anything on her side, it is acting exactly like a rootkit. A scan with malwarebytes should show that.

If he can get in as Administrator and get to security updates and use control panel and run Malwarebytes it's not a very good rootkit. Rootkits replace the kernel and you are no longer even running Windows, you are running malware that runs Windows for you, meanwhile it can do whatever it wants with your computer. Keep track of your every keypress, decode encrypted transactions, read any file and hide some from you, turn on your webcam and microphones, anything.
I like Malwarebytes. I just happen to carry SAS around on a thumb drive with me.

If he can get in as Administrator and get to security updates and use control panel and run Malwarebytes it's not a very good rootkit. Rootkits replace the kernel and you are no longer even running Windows, you are running malware that runs Windows for you, meanwhile it can do whatever it wants with your computer. Keep track of your every keypress, decode encrypted transactions, read any file and hide some from you, turn on your webcam and microphones, anything.
I like Malwarebytes. I just happen to carry SAS around on a thumb drive with me.

That was the old rootkit's 1 and 2 that may have done that. Rootkit's 3-5 (5 no one has confirmed yet) does not work this way.

One simple solution that has taken care of some (not all) of these, is a system restore to a date before this happened. In short some are worse than others, meaning some you have to catch before they load, some have to be taken care of in DOS, and some are a restore point away from being gone. Good luck.

Download and Install SpyBot Search and Destroy. It's free and it's very good. Make sure to boot into safe mode to run the scans...as some virus', bots, and maleware can stop a scanner from running properly.

It's known as "FakeAV". I have fought and beaten this exact issue. A freeware application called HitManPro will find and remove it. Install it while logged in under your profile, reboot into Safe Mode (hit F8 as it is booting up), and run a full system scan.

Many of the other common anti-malware/spyware apps will not work on this one. I have tried MalwareBytes, AVG, SpyBot, Symantec AV, McAfee AV, Trend Micro, and more. HitManPro is the only automated way. I have removed it manually by digging through the registry and tons of DLL files, but I doubt you want to venture into that.

Good luck.

Erick, all fantastic advice given to you except the most important.

Here goes
:D

Ready?
:D

Get a Mac!!!;s

Other than that, not much else I can offer.

It's known as "FakeAV". I have fought and beaten this exact issue. A freeware application called HitManPro will find and remove it. Install it while logged in under your profile, reboot into Safe Mode (hit F8 as it is booting up), and run a full system scan.

Many of the other common anti-malware/spyware apps will not work on this one. I have tried MalwareBytes, AVG, SpyBot, Symantec AV, McAfee AV, Trend Micro, and more. HitManPro is the only automated way. I have removed it manually by digging through the registry and tons of DLL files, but I doubt you want to venture into that.

Good luck.

Kaspersky is the leader in this field. I have removed trjoans, malware, etc multiple times from multiple machines with the tdsskiller. Malewarebytes will remove all the associated files from cookies and so on, and also let you know whether it's a rootkit or not. Then run tdsskiller and it "should" be gone. If that doesn't work, I have more last option, but I am not going to list it till the OP tries the others first.

I don't mean to argue with you, and I am sure you have removed it through other programs (gmer is also a good one). I have a lot of experience with this malicious software and have read hours on hours of bleepingcomputer logs to feel confident in my advice.

Erick, all fantastic advice given to you except the most important.

Here goes
:D

Ready?
:D

Get a Mac!!!;s

Other than that, not much else I can offer.

Unfortunately, Mac's are not immune to rootkits.

Kaspersky is the leader in this field. I have removed trjoans, malware, etc multiple times from multiple machines with the tdsskiller. Malewarebytes will remove all the associated files from cookies and so on, and also let you know whether it's a rootkit or not. Then run tdsskiller and it "should" be gone. If that doesn't work, I have more last option, but I am not going to list it till the OP tries the others first.

I don't mean to argue with you, and I am sure you have removed it through other programs (gmer is also a good one). I have a lot of experience with this malicious software and have read hours on hours of bleepingcomputer logs to feel confident in my advice.

I too have extensive experience with this stuff in a work environment. I do use MalwareBytes quite a bit, but I've seen it detect and remove potions of FakeAV and leave other parts behind. Maybe the newer versions do a better job. Kaspersky very well may work. It is not one I've used so I can't comment on that either way. I know HitManPro will work and it's free. Either way I feel he has good advice from guys who've done this before, not just random "try this" suggestions from folks who are trying to help but don't have the background/experience.

I did the Malwarebytes and Comodo AV full scans. It detected the 4 viruses and deleted them, but my wife's IE still doesn't work. Says there no connection to the proxy server. This may be due to Comodo creating a unique IP? She can open all her files again. Thanks for all your help guys! Much appreciated.

I did the Malwarebytes and Comodo AV full scans. It detected the 4 viruses and deleted them, but my wife's IE still doesn't work. Says there no connection to the proxy server. This may be due to Comodo creating a unique IP? She can open all her files again. Thanks for all your help guys! Much appreciated.

Did you run tdsskiller?

I am going to have to do that one later.

Copy her files such as documents, favorite, mail settings...

Delete her profile and create a new one until you find the AV software to dig deeper.

I did the Malwarebytes and Comodo AV full scans. It detected the 4 viruses and deleted them, but my wife's IE still doesn't work. Says there no connection to the proxy server. This may be due to Comodo creating a unique IP? She can open all her files again. Thanks for all your help guys! Much appreciated.
Are you trying to connect to a proxy server!? I doubt you are... A better question may be, how do you connect to the internet (modem, dsl, cable etc)

I have DSL. When I loaded Comodo it asked if I wanted to create a different IP.

I have DSL. When I loaded Comodo it asked if I wanted to create a different IP.

In IE, click tools, Internet options, then click the Connections Tab. Near the bottom click "LAN Settings" and uncheck the "Use Proxy" option. You'll have to close IE completely and re-open it. Some viruses (Virii) setup bogus proxies in IE to steal personal information. You can also get to these options in Control Panel under Internet Options.

For most DSL/Cable providers it is not necessary to use a proxy. Sometimes their install CD points you to one, but that is only for their benefit. They sell the tracking info of where you go, what you browse, and how often you make purchases, and where. They do no collect personal info, but I still don't like participating. Comcast amongst others does this with their proxies. This is why I don't install their CD. You don't need it to get online. Just an IP address, gateway, and a subnet mask. 99% of the time that is automatically provided by DHCP to the cable/DSL modem, so you're good.

Did you run tdsskiller?

Just ran this and it found no threats. My wifes IE has reverted back to F'd up after a restart... :sh

Found the bastard with Hitman Pro 3.5.8

3 Trojans, 1 Malware, 1 Rootkit, and 3 Tracking Cookie. Question is what do I do now? Delete, quarantine, or ignore?

I am not familiar with hitmanpro, but if it found something that tdsskiller did not, I would be wary.

Quarantine it and see what happens.

You can always go with my last option which is combofix.exe but let me know before you choose to do this step.

I also forgot to mention that you MUST run and save the tdsskiller.exe on your desktop. Or it won't work properly. Here is the basic use for it: http://www.bleepingcomputer.com/forums/topic377240.html

TDDSKiller did not detect anything. I quarantined them.

TDDSKiller did not detect anything. I quarantined them.

Did you run it from your desktop?

Yes I ran it from my desktop and did it a few times with no results. :(

This helped revert it! Thanks so much!

In IE, click tools, Internet options, then click the Connections Tab. Near the bottom click "LAN Settings" and uncheck the "Use Proxy" option. You'll have to close IE completely and re-open it. Some viruses (Virii) setup bogus proxies in IE to steal personal information. You can also get to these options in Control Panel under Internet Options.

For most DSL/Cable providers it is not necessary to use a proxy. Sometimes their install CD points you to one, but that is only for their benefit. They sell the tracking info of where you go, what you browse, and how often you make purchases, and where. They do no collect personal info, but I still don't like participating. Comcast amongst others does this with their proxies. This is why I don't install their CD. You don't need it to get online. Just an IP address, gateway, and a subnet mask. 99% of the time that is automatically provided by DHCP to the cable/DSL modem, so you're good.

Yes I ran it from my desktop and did it a few times with no results. :(

That is really odd. I may have to look back into hitman pro if it found something kaspersky missed.

By your desktop, I assume you meant hers.

Is everything ok now?

I actually ran it from mine in Safe Mode which I wasnt doing before. The Trojans came up in C:/Vanessa so they were on her side.

If everything is fine now, I wouldn't worry about it. But if it pops up again, try running it from her desktop.

Everything seems fine for now, thanks to EVERYONE! You guys are awesome! :tu

Erick, glad they helped you sort this out.
Now, being all is working fine, while you can, because this level of fine won't last long, go online and order your Mac.:r

Everything seems fine for now, thanks to EVERYONE! You guys are awesome! :tu

Good! I wander what made your IE proxy server setting get selected!? Glad you're up and running now. Anyways, anymore PC problems let me know brother:tu

Good! I wander what made your IE proxy server setting get selected!? Glad you're up and running now. Anyways, anymore PC problems let me know brother:tu

I've seen viruses do it. Often the scanners will remove the virus, but not the proxy setting it left behind. Glad its working.