[iTorran]

He thought he got rid of it but its pwnt his PC.

I'm creating this topic for him since he cannot really do it himself..
****** returned nothing, so maybe someone here knows something..

While browsing for something on Nightly (Firefox), he got a dialog reportedly from "Internet Explorer" saying "Are you shure?" (thats not a typo) which took about 10 clicks to get rid of..
When installing Avast, although successfully installing, his PC froze.
On restart, Lucid Virtu drivers were giving him errors, and so was OMSI Addon Manager..
He ran a virus scan in safe mode, which found two things.. He deleted them, but that did nothing.

He had just recieved a ******** message when Microsoft Security Essentials picked up a Trojan and a Password Stealer, however he had other tabs open.
Microsoft Security Essentials said it had got rid of them but clearly not, as he found out the next day.

So.. does anyone know anything?

[Scones]

Try using malwarebyte's anti-malware

[[MM]IKKE]

Those 10 clicks might have gotten other viruses in his computer.

So, here's how I delete viruses: Run your computer in safe mode. Unless it's a really powerful virus (which I doubt, and never have seen before), it will not start up. Type in "run..." "msconfig" and look at tab "Start Up". You will see a lot of processes there, all the programs which start up when you start your computer up normally. Look for suspicious programs, or random names (****** it?) and delete the entries out of the startup folder/registry/just untick the box over there if you're not sure. This will prevent the virus from starting up.

Look where the location of that .exe file is. Go to that location and scan the folder. This will likely get rid of most of the stuff.

Then, run a full OFFLINE computer scan. DISABLE your internet and scan with an internal antivirus (he should have one then). This will likely delete the virus completely.

However, to be sure, also scan your computer using Spybot S&D (I always turn my internet off each time I start a scan). This should find corrupt entries, changed browser settings etc.

To be 100% sure, I then start my computer up normally and run 2 online virus scans:
NOD32 http://www.eset.com/us/online-scanner/
and Microsoft's Security Essentials scan (look it up on ****** - don't do this scan if you have already scanned it with a full version, that'd be pointless).

I'm using free AVG, had a lot of viruses before, got rid of all of them without formatting or deleting anything. Currently running a legit Windows 7 and didn't have any viruses in years. Watch out for what you're downloading and you should be safe.

I once had a virus because I attempted downloading a video. I downloaded "video.exe" without thinking about it et voila, I had a virus.

[IceCube!]

Had somthing similar that Norton 360 or Windows Defender couldnt remove it ended like this:

https://sampforum.blast.hk/showthread.php?tid=331113

Tell your friend to back up everything :S, if its the same thing I had that happens as it corrupts everything. Once he gets a crash I dont know what type as I was out of the room then I turned it back on but next time it was restarted Windows wouldn't start up even when Norton and Windows Defeneder said they removed it. Before the files get to corrupt tell him to wipe his PC as I couldn't get access to create a repair disc or search the internet on my phone to get things. It wasnt until my friend gave me a link on skype that I was given the chance to save me buying windows again -.-. If it wasnt for my friend I would be out of pocket for this as my phone could download but not browse that day and heck the download took forever.

NOTE: I didn't get as far as clicking loads of boxes I think the link that gave me the virus/trojan/Back door sht, I had mine sent to me on skype in a internet link. (I think)

EDIT: Although this one problem I have ever had any trouble with Norton so dont shit on it :P

[park4bmx]

It could be many things that might cause that but one thing is for sure it's an infection.
I dealth with a small app on my brothers pc and It didn't allow him to performs 70% of Windows's functions!
Well a the end it all got sorted the HARD way.

What I would say is run task manger look for any sort of processes u don't know.
If taskmg is blocked the show the running take thought CMD "tasklist
Then just kill the manually "taskkill /IM name" use that to kill the procces to force it add "/f" the end
Also have a look in the register files for anything unusual.
If all fails just backup important data and format simplest solution.

[IceCube!]

Quote:

Originally Posted by park4bmx It could be many things that might cause that but one thing is for sure it's an infection. I dealth with a small app on my brothers pc and It didn't allow him to performs 70% of Windows's functions! Well a the end it all got sorted the HARD way. What I would say is run task manger look for any sort of processes u don't know. If taskmg is blocked the show the running take thought CMD ( Then just kill the manually ". Also have a look in the register files for anything unusual. If all fails just backup important data and format simplest solution.

I tryed this when I relised it wasnt being removed I couldn't for the life of me find anything adnormal..

[RyDeR`]

Quote:

Originally Posted by [MM]IKKE Those 10 clicks might have gotten other viruses in his computer. So, here's how I delete viruses: Run your computer in safe mode. Unless it's a really powerful virus (which I doubt, and never have seen before), it will not start up. Type in "run..." "msconfig" and look at tab "Start Up". You will see a lot of processes there, all the programs which start up when you start your computer up normally. Look for suspicious programs, or random names (****** it?) and delete the entries out of the startup folder/registry/just untick the box over there if you're not sure. This will prevent the virus from starting up. Look where the location of that .exe file is. Go to that location and scan the folder. This will likely get rid of most of the stuff. Then, run a full OFFLINE computer scan. DISABLE your internet and scan with an internal antivirus (he should have one then). This will likely delete the virus completely. However, to be sure, also scan your computer using Spybot S&D (I always turn my internet off each time I start a scan). This should find corrupt entries, changed browser settings etc. To be 100% sure, I then start my computer up normally and run 2 online virus scans: NOD32 http://www.eset.com/us/online-scanner/ and Microsoft's Security Essentials scan (look it up on ****** - don't do this scan if you have already scanned it with a full version, that'd be pointless). I'm using free AVG, had a lot of viruses before, got rid of all of them without formatting or deleting anything. Currently running a legit Windows 7 and didn't have any viruses in years. Watch out for what you're downloading and you should be safe. I once had a virus because I attempted downloading a video. I downloaded "video.exe" without thinking about it et voila, I had a virus.

I used to do exactly the same thing and it worked pretty well so do this and you'll be good.

[iNorton]

Well simply if not possible to get rid of it I would reinstall the windows straight away.

[[MM]IKKE]

Quote:

Originally Posted by IceCube! I tryed this when I relised it wasnt being removed I couldn't for the life of me find anything adnormal..

Most viruses are protected against this. I know someone who makes viruses to check server security. Currently, he makes .exe files which change 3 times per second to a random name in a random folder. Shutting them down will cause another application to load it again. Etc etc. That's why you need to be in safe mode. That won't start up the virus itself.

That's also a reason why, when you've got a Trojan, you'll find most of the times up to 4 .exe files. Because it's made like that to regenerate itself.

Quote:

Originally Posted by park4bmx Also have a look in the register files for anything unusual.

I advise you not to do this, unless you found out what virus it is, and Microsoft itself tells you what registers might be corrupted (just ****** the virus). The registry is an essential part of your computer, changing something you don't know might cause it to be permanently out of use. And it contains hell of a lot unusual stuff.

[Hal]

Quote:

Originally Posted by Scones Try using malwarebyte's anti-malware

%100. It has saved many people I know on every occasion.

But if you EVER think you have a virus, always disconnect your internet. You don't want those virus' calling home before you have removed them.