Jump to content


Photo

Malware Infection - Please help!


  • This topic is locked This topic is locked
4 replies to this topic

#1 ArthurOPlasty

ArthurOPlasty

    Advanced Member

  • Members
  • PipPipPip
  • 59 posts

Posted 05 February 2010 - 07:25 AM

Hi,

I've previously been infected with the antivirus systems pro malware, which keeps displaying false messages of severe virus infections requiring the purchase of software. I got rid of this simply by using the system restore settings.

This time however I'm infected with Win32.FraudTool.AdvancedVirusRemover, which appears to be very similar, and I can't get rid of it since it is blocking system restore. I can't even run task manager to see the processes that are running. I ran adaware and It detected and removed 3 out 4 items it found, and has quarantined the last one (smss.exe) and says a reboot is required. When I reboot, the malware starts its business all over again. At the end of the Adaware scan when the file is in quarantine, I can now access the system restore setting, however it strikes me as odd that there is only one restore point available, which is just more than 24 hours before I noticed the infection. How can I get rid of it please? One of the false messages displayed by the malware is that there is a Win32.Netsky infection, but i downloaded and ran the symantec removal tool which did not detect anything.

I'm thinking of running system restore but am worried it will 'break' my computer since a restart is required. The restore option clearly states that once it starts it cannot be stopped until finished. Once the computer restarts and the file is unquarantined or reinstalls itself i'm worried it might halt the whole system restore process if it is running.

Please help, in simple english, not tech talk. I don't understand a great deal.

Cheers, Wade

#2 visitor

visitor

    Advanced Member

  • Valued Member
  • PipPipPip
  • 2855 posts

Posted 05 February 2010 - 09:25 AM

Read the instructions in my signature about posting in the HijackThis forum where somebody can help diagnose/remove malware. Copy/paste or link to this post to describe your problem.
Before posting, please read the pinned topics atop the forums or check the Lavasoft searchable FAQs.

Lavasoft Support for Plus/Pro paid licenses.

Help fight malware! Upload Suspicious Files to Lavasoft.

Malware removal assistance? Please read this first.
After following the instructions, open a new thread in the HijackThis Forum where you can copy/paste your HJT log.
Note: do not bump HJT threads by replying - volunteer security advisors help the 0 reply threads on a first-come, first-served basis.

#3 ArthurOPlasty

ArthurOPlasty

    Advanced Member

  • Members
  • PipPipPip
  • 59 posts

Posted 07 February 2010 - 01:11 AM

I tried following the instructions, and have done everything except get the GMER log. I am using Vista, and each time I run the application it seems to freeze my computer and i need to reboot. The first time i was able to select scan and some files were showing up and then it just froze. The second time it froze just as soon as I opened it. What should I do?

Also when it says to close all running programs before the scan, does that mean adaware and norton antivirus which are just on in the background?

Edited by ArthurOPlasty, 07 February 2010 - 01:46 AM.


#4 visitor

visitor

    Advanced Member

  • Valued Member
  • PipPipPip
  • 2855 posts

Posted 07 February 2010 - 02:29 AM

Go ahead and open a new topic in the HijackThis forum - copy/paste or link to this thread to describe the problem, and let them know GMER didn't run. Post your HijackThis log if you were able to run it.
Before posting, please read the pinned topics atop the forums or check the Lavasoft searchable FAQs.

Lavasoft Support for Plus/Pro paid licenses.

Help fight malware! Upload Suspicious Files to Lavasoft.

Malware removal assistance? Please read this first.
After following the instructions, open a new thread in the HijackThis Forum where you can copy/paste your HJT log.
Note: do not bump HJT threads by replying - volunteer security advisors help the 0 reply threads on a first-come, first-served basis.

#5 visitor

visitor

    Advanced Member

  • Valued Member
  • PipPipPip
  • 2855 posts

Posted 07 February 2010 - 12:59 PM

http://www.lavasofts...showtopic=28498

Now that you've posted in HJT, I'll close this thread now. If you need it reopened, PM a moderator. :)

Edited by visitor, 08 February 2010 - 04:50 PM.

Before posting, please read the pinned topics atop the forums or check the Lavasoft searchable FAQs.

Lavasoft Support for Plus/Pro paid licenses.

Help fight malware! Upload Suspicious Files to Lavasoft.

Malware removal assistance? Please read this first.
After following the instructions, open a new thread in the HijackThis Forum where you can copy/paste your HJT log.
Note: do not bump HJT threads by replying - volunteer security advisors help the 0 reply threads on a first-come, first-served basis.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users