f***ing rogue antivirus has made itself at home on my PC

Technology and Gaming Help and Support
#21

I had a serious virus on my windows xp pc last month.

I tried to remove it with everything I could think of, but there were a lot of registry keys that were affected.

The antivirus and antispyware removed them, but they were still there when I rebooted. I deleted them manually, but the same thing happened.

What finally saved me was installing Comodo firewall. It sandboxed the applications that were trying to run, and blocked the harmful registry entries. Then I did a couple rescans with the antivirus and antispyware, got rid of all remnants and rebooted. Now it works perfectly.

TL;DR: comodo firewall + malwarebytes + avira or avast = saved me.

They are all free products.

here’s the link for the firewall https://personalfirewall.comodo.com/free-download.html

#22

edit: here
https://www.bleepingcomputer.com/virus-removal/remove-security-tool

First result.

Happened to a couple of friends. All I did is I’ve searched “Virus name here” removal on google(that is if your internet is still working. usually it shows you a page about your pc being infected blah blah.) and BAM. You got tons of solutions there.

#23

Pretty much this.

Update everything OS and Internet related (Java, Flash, anything Adobe, your browser [Firefox, right?]). In Firefox, use the Adblock Plus add-on and if you want to be safe, NoScript. Immunize with Spybot. As for removing the thing, run MBAM in Safe Mod, ComboFix if necessary, and make sure your AV is up to date.

#24

I was going to suggest my usual virus removal techniques, but this seems to be a tl;dnr version of what I was going to say-simply bludgeon it with every free (& TRUSTED) antivirus program until the problem goes away, then uninstall all the annoying ass antivirus stuff. and for future reference and advice, the best antivirus is common sense.

#25

ok, I shoulda done this before: what hasn’t worked so far-
-I has malwarebytes already, I can only access it in safe mode (with networking) where I run diagnostics and try to delete it and it says it’s got rid of the virus, but when I go back to normal nothing’s happened. so anything along those lines won’t work.
-I’ve tried deleting the files but again, only safe mode works, and they’re simply not there.

Todo-
-Catz’, idea.
-full system clensing via a reinstall of windows.

#26

I printed out and followed that page to the letter and I didnt have to do a system restore or anything. You just have to keep it from launching, then kill it, then burn the left over carcasses all over your computer.

If it helps, when you boot up, cntl alt delete right away as soon as you get to your desktop, and then kill anything in the task manager that starts to launch that looks goofy. Killing it from running and replicating itself should help you at least get access to the computer to start getting rid of some of the crap.

#27

ok update: the issue is that malwarebytes isn’t actually deleting the software. it says it has, but when I reboot it’s there as if nothing’s happened.

#28

Been fixing Rogue Antispyware/ Antiviruses for years on PCs.

My fix order is as follows:

Download Smitfraudfix, CWShredder, Hijackthis (only if you know what you are doing), Spybot, Avast.

  1. Boot into Safe Mode (without networking)
  2. Launch Smitfraudfix. Press 2 for clean. Also, let it clean registry and temp files.
  3. Run CWShredder.
    ONLY IF YOU KNOW WHAT YOU ARE DOING ->> 4. Run Hijackthis and delete entries that don’t belong <<- ONLY IF YOU KNOW WHAT YOU ARE DOING
  4. Immunize with Spybot, Scan and remove everything with spybot, change to advanced mode and uncheck all startup entries to be safe, and after threat is eliminated, turn things on you need slowly)
  5. Then run a boot scan with Avast.
  6. in CMD run “sfc /scannow” with your Windows install disc in the drive. This will check and replace any altered windows system files.

If it still doesn’t work, I’d say backup and reformat.

#29

no, I don’t know what I’m doing.

ok, methinks we’re just gonna call PC world, but you peoples- many thanks for the helps anyways.

#30

The Hijackthis program is only if you know what you’re doing, the rest is easy.

Before you give up. Just try those first two steps that I listed. Download Smitfraudfix and go into Safe Mode.

To get into Safe Mode, restart computer and while it’s booting up (before it goes into windows) keep tapping F8 on the keyboard until you see a screen with a bunch of white text. Using the arrow keys select Safe Mode (without networking) and press enter. Let it load, hit yes on the warning message and run smitfraudfix. Press 2 to clean. Agree to the registry cleaning and the deleting of temp files.

You can also try and use your Malwarebytes program in Safe Mode. Alot more likely to work with it being in Safe Mode.

Then restart and see if it’s gone.

#31

Start your pc in safe mode and install Malwarebytes Anti malware. Scan you’re pc and delete every shit malwarebytes find and be happy.

I had 2 pcs with that fake antivirus virus…virus.

#32
#33

fake signature is fake

#34

except its not.

#35

I would advise anyone having difficulty in getting rid of a persistant self-replicating or self-installing virus or malware program, (or indeed any infection), to ask for help on the Spybot Safer-Networking Malware Removal Forum at:

https://forums.spybot.info/forumdisplay.php?f=22

After you submit details of your problem, (making sure you follow the instructions in the “BEFORE YOU POST” sticky), a member of the team will give you a detailed step-by-step method for safely removing all traces of infection from your system.

This can take a bit of time, but believe me it’s time well spent.

:slight_smile:

#36

What operating system do you use? Windows 7, vista, xp etc?

#37

funny… when I followed those instructions I got clean and haven’t had a problem since. ARe you sure you did all 24 steps like they said?

#38

I didn’t need to. but somehow by the grace of merciful God it’s dissapeared.
sorry for the hastle guys. but many thanks.

#39

it probably just went into stealth mode for a while

your PC is infected until you format the HDD and scan all of your backed up files with at least 3 antivirus programs

#40

The same thing happended to me; but it happended this way. Some damn self installing AV spyware virus got into my system. On normal I scanned several times and later when I was gonna install a skin for counter strike I found a FAKE system 32 folder, so I deleted it and the next day when I started my PC it was gone.

Founded in 2004, Leakfree.org became one of the first online communities dedicated to Valve’s Source engine development. It is more famously known for the formation of Black Mesa: Source under the 'Leakfree Modification Team' handle in September 2004.