Today I clicked on a picture and my computer went haywire – some sort of app launched and “detected” “38 instances of spyware and malware” and then asked me if i wanted to remove them. When I clicked “yes” it took me to a site where I could purchase the app in order to remove them. The site looked VERY suspicious.
Haven’t I obviously run into some shady deal that infects you with various malware in order for you to buy their product?
I couldn’t find the app in my list of programs. When I try to run Adaware to deal with this, it won’t launch – error message says it’s “infected” too.
Google the name of the removal tool, you may get some more info… there is one of these that actually has a frereware removal tool, they just hide it in the hope you’ll buy the expensive one… the name of it escapes me right now…
And you should already have something stopping executable files from surprising you like that? I even think you do but the stress level made you forget?
They want to scare the sh!t out of you and look like they are the only one that can help you. But it’s not the truth … unless you like it?
First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 4 different versions. If one of them won't run then try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
Rkill.exe http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill.com http://download.bleepingcomputer.com/grinler/rkill.com
Rkill.scr http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill.pif http://download.bleepingcomputer.com/grinler/rkill.pif
_____________________
RKILL is a program designed to counter the malware’s attempts to stop you downloading or installing malwarebytes. Run Rkil First. Then Malwarebytes.
Part of your malware is a nasty sod which stops you from accessing popular security sites or installing popular security programs.
THIS IS THE LIMIT OF WHAT I KNOW
Doug - I’ve put the ‘warning’ so yuo know I don’t ahve that ‘skill’ which enables me to ‘walk you through individual bits’ if this process is not sufficient to solve the problem.
I will, however, stay by the computer, and kseep checking in …
If you need ME to download something for you, and put it on a ‘neutral’ serve, so YOU can then download it, ‘under the radar’ of the malware, I’ll be happy to do that.
Oh, sorry guys – I went out to dinner and was gone for a few hours
Anyway I think I got it. It was some type of “scareware” like Ulf said. It was called “System Tools” and I found the cure on the web – had to go into Safe Mode and remove it using Adaware (the Adaware was scanning very slowly so that’s why I went to dinner).
When i got back it looked like the Adaware had removed it, but when I rebooted it came up again. So I went back to the website that had instructions for removing it where they listed “registration” codes for “activating” System Tools and all I had to do was highlight it and chose “copy” and a message came up saying “38 entries removed.”
So I think it’s still in there, somewhere. The website showed what the registry entry should look like, should I delete it?
Yeah, I should not have hit “yes” but the window said “System Tools” and looked like a regular Windows message and yes I do feel like quite the idiot now!
IF it cannot run, then get VKILL from that link I gave you above, and run that to prevent the malware from stopping malawarebytes.
Doug … I was nearly ‘caught’ by precisely the same System tools fake message …
I just straightway phoned my antivirus company, and they remote-accessed my computer and fixed it in the way I am recommenting to you.
this is also a method recommended and described by Geoff … you know … used to post as HaXX)r on the old forum.
OK …
Ah … and yes … AVOID toushing or clicking anywhere withihn that nasty window … even the X at the top. Either rebood computer when it happens, or Call up task manager and close your browser.
I’ve tuned computers for years, as well as removing sticky viruses and trojans. My email is available on my profile page or website. If you are still running into problems, send me a link to the suspicious website, and any info you have gathered. I just have to visit the website, and my antivirus should go on alert, which will also give me a link to information on the avast threat site.
Also download this. Process Explorer - Free download and software reviews - CNET Download (Process Explorer). If you have a slow running system, it may be linked to a process, and this should at least give you some information on what that process might be. It may help in the investigation process.
fwiw … since it happened to me, I scoured through my rig to make dang sure there were no sensitive login details or passwords floating around on text files. Even got Roboform password safe to assure that even if buggerrs DID get stuff, it wold be encrypted beyond what’s worth their while.
that “particularly nasty stuff (I have four kids)” gave me a sudden abs-crunch laugh-spasm. I didnt quite break my jaw on the tabletop, but my funnybone is still feeling it.
All the best
Glyn
PS … eh Steve … Disk Image. PLUS ONE. I’ve got them going back to 2001.
Pain!
This is the way the idiots rule the world!
The rest of us must clean up after their mindless attempts of … of what?
Been there dont that too … even if it was a long time ago.
Maybe I should check my routines again? Better safe than sorry