Computer infected! Please help!

MY computer seems to be infected by a virus. It is opening a "anti-virus" softwere thing that pretends to scan and find virus's on my computer. And when its done it wants me to pay to fix the problam. I keep getting a windows security alert and it wont let me open anything. There are log files of unautherized changes, but no action. The anti-virus softwere is called antivirus soft. And norton is not doing anything about it. Please Help!

I have windows vista 32 bit, and norton 360. Oh and it keeps taking me to this link [Removed]

[edit: Please do not link to potentially dangerous websites per the Participation Guidelines and Terms of Service.]

Welcome to the forum

I am sure we can help you . We need to be clear about several things.

1. A software thing - please be more precise it helps to identify the virus. We need clear detail or screen shot ideally. I could guess what you see but then the fix will be a guess too.

2. What version of Norton 360 was loaded

3. What is the windows security alert you are getting? i.e. No AV, out of date AV

4. It wont let me open anything. OK please advise if you cannot run execuables and exactly what message you receive.

 

 

I think I am likely to propose that you get your executable running first and can provide a variety of fixes but I also want to be sure that you dont have an av running.

 

Can you please run a HiJackThis scan and post the log file here for review?Please download HiJackThis for this web site

http://free.antivirus.com/hijackthis/

 

Save the file to the desktop. Run the file and then select the first option on the main screen. i.e Do a system scan and save a log file.

 

When finished, notepad opens with the log file displayed. File, save the file and then attach it to a post here using the Add Attachments option under the main edit window.

 

If necessary rename the executable .com.. If that fails try naming the execuable iexplore.exe or iexplore.com. Dont worry if you cant, just advise.

 

 

Do not close or reboot the damaged computer for the moment.

 

The poster has already stated the name of the Rogue "The anti-virus software is called antivirus soft" and the Link also tells you, which I have asked the mods to remove the link

 

The Rogue is NOT the same as the threads with the rogue family, including Vista Guardian.

 

This one uses the O4 section to run,

 

UserProfile%\Local Settings\Application Data\[random]\[random]sysguard.exe
UserProfile%\Local Settings\Application Data\[random]\[random]sftav.exe
UserProfile%\AppData\Local\[random]\[random]sysguard.exe
UserProfile%\AppData\Local\[random]\[random]sftav.exe

 

http://community.norton.com/t5/Norton-360/New-Antivirus-Soft/m-p/200451/highlight/true#M26560

 

Quads


Quads wrote:

The poster has already stated the name of the Rogue "The anti-virus software is called antivirus soft" and the Link also tells you, which I have asked the mods to remove the link

 

The Rogue is NOT the same as the threads with the rogue family, including Vista Guardian.

 

Quads


Really. Maybe you dont read left to right, top to bottom. The poster said "It is opening a "anti-virus" softwere (sic.)  thing"

 

That reference may or may not be related to a separate statement the poster made which said "The anti-virus softwere is called antivirus soft".

 

I have reasonably asked for clarification.

 

It is clear you are trying to score points but as I teach English to foreign students I am very precise in my language and when others aren't I dont think they are in a position to question.

 

Neither did I say this infection was the same as any other threads. That is why besides asking for clarification, I have proposed that the OP runs hijackthis - a tool I happen not to favour.

 

At this point nobody and certainly not you with your crystal ball can say what infections the user has or may have had. You only can know what you have been told. I like to see some information to be sure.

I'm not trying to score points, I am stating things,  Like not only did the poster state the Rogue name but the link in his post goes to a site to try and get the person to buy "Antivius Soft" as well as the persons comment of "Antivirus Soft" That is why I have asked the mods to remove it.

 

I know my Malware, whereas I don't post on threads that are not my specialty, Networking, Ghost etc.

 

And haven't you got "tx" to fix still, with his WIN32 error with with trying Malwarebytes.

 

I have had Threads on this forum in the past that are a lot longer and tougher than one Rogue, like when you get Rootkits, Rogues etc. Multiples where it has taken loads of posts to break it down individually one by one to allow other programs to. 

 

"Antivirus Soft" works differently, 

 

I really are not worried about what you say about my ability or English,  The Amount of removals for people over the net or a PC in front of me is proof,  To where a user leaves with a Clean PC as I have followed though to the end. Making sure it's all gone. Even if it's 100 posts + later

 

Quads


Quads wrote:

I'm not trying to score points, I am stating things,


I have explained my post already - although I hardly think I need to do so. Perhaps you simply do not comprehend. What is in one sentence is not necessarily the same as another. I don't presume, instead  I ask. That way we avoid errors because of presumption.

 

You may know your Malware. I don't believe I have ever said you did not. So again you are just scoring points as far as I am concerned. You presume I dont. If you have a problem with the rules of this forum (as it appears you do) you should take it up with the mod or administrator. I dont think it right you should use this thread to air your grievances.

 

If you wish to advise users to go to bleeping computers or whatever that is your right.

 

 

The reason I have sent people to Bleeping PC etc. is that I will not be trying to work out what has been tweak in the registry or other. So it is better the person goes to a forum that has rules about who posts on Malware.

 

I sent the poster that way because the thread has not moved, given the next removal instruction.

 

I am not scoring points, If a piece of Malware needs to be worked out, to a point I haven't heard of it but have and idea I will infect my working (not test or VM) with it and work out how to remove the infection and repair the likes of Safeboot id needed.

 

I have given the info on the Rogue above so that should help.

 

Quads

I cannot open paint up to get the screenshots on here because it says "application cannot be extracted. The file mspaint.exe is infected. do you want to open you antivirus softwear now? If i click yes it opens up the antivirus soft thing. I also keep getting windows security alerts. And as im typing this the "application cannot be extracted even tho i am not opening anything. And hijackthis will not install cause i keep getting the message that the application cannot be extracted.

I cannot open anything but norton and the internet! O and in my C: users/brady/appdata/local/xdmstu there is a file called vibcsftav.exe and when i try to delete it, it says i dont have permission, does this have anything to do with the problam?

cwhh,

 

I see you are using Norton 360 so I've asked a moderator to move this thread over to the Forum that deals specifically with that apoplication.

 

You won't lose track of it since it leaves a tracer here with a link to the new location.


cwhh6322 wrote:

I cannot open paint up to get the screenshots on here because it says "application cannot be extracted. The file mspaint.exe is infected. do you want to open you antivirus softwear now? If i click yes it opens up the antivirus soft thing. I also keep getting windows security alerts. And as im typing this the "application cannot be extracted even tho i am not opening anything. And hijackthis will not install cause i keep getting the message that the application cannot be extracted.

I cannot open anything but norton and the internet! O and in my C: users/brady/appdata/local/xdmstu there is a file called vibcsftav.exe and when i try to delete it, it says i dont have permission, does this have anything to do with the problam?


 

That fine. It all helps to give a picture of what is happening. When you download hijackthis please try to get the executable and not the installer version. The executable requires no installation. The executabke can be renamed to end in the suffix .com is it does not work as an executable.

 

I regret there is a conflict between gurus and I am going to withdraw with a white flag at this point. You are welcome to PM me for advice if you do not receive a satisfactory solution in this thread (albeit that it may be moved to N360.) One word of caution. At this point nobody really knows how many virus infections you may have. That is why I take a careful approach before I ask you to carry out any operation which could result in making your system worse than it already is.

good luck.

cwhh6322:

 

Since your machine has been infected with a fake AV or Rogue as has been discussed in the other posts, I suggest that you choose one of these free malware removal forums for assistance. Ensure that you put the name of the infection in the header of your post when you ask them for help.

 

www.bleepingcomputer.com

http://www.geekstogo.com/forum/

http://www.cybertechhelp.com/forums/

http://forums.whatthetech.com/

 


Quads wrote:

The poster has already stated the name of the Rogue "The anti-virus software is called antivirus soft" and the Link also tells you, which I have asked the mods to remove the link

 

The Rogue is NOT the same as the threads with the rogue family, including Vista Guardian.

 

This one uses the O4 section to run,

 

UserProfile%\Local Settings\Application Data\[random]\[random]sysguard.exe
UserProfile%\Local Settings\Application Data\[random]\[random]sftav.exe
UserProfile%\AppData\Local\[random]\[random]sysguard.exe
UserProfile%\AppData\Local\[random]\[random]sftav.exe

 

http://community.norton.com/t5/Norton-360/New-Antivirus-Soft/m-p/200451/highlight/true#M26560

 

Quads


 

 

Thread creator states "C: users/brady/appdata/local/xdmstu there is a file called vibcsftav.exe "

 

Which is the same as I mentioned above "UserProfile%\AppData\Local\[random]\[random]sftav.exe"

 

To the user It is better that you go to one of the other listed forums so that Your PC is protected better for Malware removal.

 

Quads