Virus

Norton Security / Norton Internet Security un
1

I have a potential virus which I'm unable to remove. It's from Astromenda Games (Cut the Rope).Can someone help me remove it?

2

Merci.

Vous trouverez ci-joint le rapport.

 

Dans l'attente de conseils, je vous remercie par avance.

3

Thanks for the response, but I'm not sure what you said.

I know viruses change quickly.

Also, everything I've researched (using my old computer) refers to DOJ ransommalware as a virus. If it isin't a virus, what is it other than a scam?

4

Thanks intesec for your response.

Here's a rundown. I was using an article contained in PC Pitstop newsletter that refers to the DOJ ransommalware virus. It contained a link to MS Windows Defender. I clicked on that link and when the web site opened, I downloaded Windows Defender for 64bit computers.

I then burned the program to a CD.  Following the instructions in the PC Pitstop article, I loaded the CD and while ithe computer  was loading, I pressed f12.then enter for "load from CD or DVD".

After about 15 minutes, I got a window that said no viruses/malware found and all security was up-to-date. I never got any other windows that the PC Pitstop article said I would get.

Needless to say, the malware is still in my computer and I cannot find any way to get it out.

Right now, I'm using the same computer. What I did was, when the computer loaded and I got the usual white screen, I opened Task Manager. In the lower right corner of the screen is the button to either shut down or restart the computer. I clicked on "shut down" and just as it started to shut down I clicked on Cancel. After that, my normal screen came up and my computer is operating normally.

However, not sure about malware.

Don't know what to do next. If you have any ideas, please let me know.

 

Thanks

P.S. Sorry for such a long reply.

5

You should post this in the new Malware Discussion board for help removing this problem. http://community.norton.com/t5/Malware-Discussion/bd-p/Malware

Start by reading Guidelines in the first post at the top of the page.

Be sure you do not run any scans or utilities until instructed by the Malware Expert (Quads), as changes made with those programs can remove the traces of the malware that are needed to diagnose and fix the problem.

 

 

6

My apologies for posting in the wrong forum.

I chose this one because I wasn't lookinh for an answer to remove. I was more interested in why Norton internet Security hadn't caught this one as it has been around for quite sometime.

Will not pursue this further as I was able to eliminate the problem.

Thank you.

7

I chose this one because I wasn't lookinh for an answer to remove. I was more interested in why Norton internet Security hadn't caught this one as it has been around for quite sometime.

 

 

I gave you the reason why, it is the same reason why the likes of FBI / AFP etc keeps appearing to the user looks the same but to us, it is not the same, files are different, registry objects change etc.

 

Quads

8
boongsong wrote:

My apologies for posting in the wrong forum.

I chose this one because I wasn't lookinh for an answer to remove. I was more interested in why Norton internet Security hadn't caught this one as it has been around for quite sometime.

Will not pursue this further as I was able to eliminate the problem.

Thank you.

Quads covered the answer in his post above. Although the infection looks the same as something that has been around for a while, different variants are released every day. The changes can be enough to make detection impossible until the new variant has been identified and a fix developed.

 

 

Unfortunately you can get infected if you happen to get caught before the new definitions are created.

 

 

 

9

One or two months ago I started getting "plesk: command injections"  through skype. At first I thought it was a false positive but it started happening like two or three times every day.

 

Found a thread about this on the skype forum but no one seems to care so I gave up and started ignoring the command injection attack.

 

Asked a friend about this and he told me to reinstall windows to make sure that the threat was gone, I did and the problem is still there.

 

So again I started ignoring this problem for a few days and the attacks finally stopped so I ran NPE. And it found:

"\registry\machine\software\clients\startmenuinternet\firefox.exe.\shell\open\command"

 

my friend told me to delete my partitions and reinstall windows, I did and the problem is still there?!

 

so after I  format/deleted my harddrives everything should be gone right?  What virus is this?

 

So I googled "\registry\machine\software\clients\startmenuinternet\firefox.exe.\shell\open\command" and found a guide on Malewarebytes to destroy this problem.

 

Did a diskcheck.

 

I ran a new NPE  and deleted the threat for the second time. And I installed Malewarebytes Anti-Rootkit and I did a scan with that also and the scan was clean.

 

Installed adwcleaner and did a scan and deleted some things

 

installed securitycheck and did a scan, everything was fine.

 

Installed delfix to uninstall the programs above.

 

The problem should be gone now but is it?

 

Can someone tell me what kind of virus this and remove my paranoia, I want my computer to be clean 100% of the time..

 

10

bonsoir,

vous etes bien sur que se soit se virus ??, car je trouve rien par apport au nom que vous dites CFXFER MSG WIND TITLE.