Question:
Help with a strange virus! I don't know what to do!?
?
2010-01-07 23:10:06 UTC
I have a very strange virus on my computer. Now, I'm experience with computers and I don't do anything that I shouldn't be doing. I make sure I don't click on suspicious links, or sites, all of that

There are several things that are strange: This virus has changed my desktop image to have a big sign that says "YOUR SYSTEM IS INFECTED! System has stopped due to spyware activity.It is recommended to use spyware removal tool to prevent data loss" etc. and it WILL NOT let me change my background.

There is also a button on my taskbar (red button with white x) and occasionally a balloon will pop up telling me that my system is infected and that i should scan it.

I first noticed all this when I started getting pop ups, which I never get. Also, when i start my computer, a legit looking, microsoft window said something about a virus from "NetSky" and that it will steal passwords and such.

I'm hoping that this is a prank, or that this is common and someone knows what to do. My computer has always been bad with downloading so i can't really get something to protect from viruses.

Hope you guys can help.
Eleven answers:
optimo
2010-01-07 23:20:03 UTC
Lots of programs look like antivirus or antispyware and just aren't. They're usually harmless Internet Explorer windows masquerading as the system until you install what they want and they can start to do damage and steal important data.



I'd recommend a spyware/malware scan by one of these two programs. They both do the same thing: finding and removing spyware. (And of course they're free.)

http://download.cnet.com/IObit-Security-360/3000-8022_4-10967594.html

http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html



If that doesn't flush out the virus you may have to install an antivirus suite too. Doing so is a good idea anyway. I'd recommend Avast, AVG, and Avira in that order. (They're all free too.)

http://download.cnet.com/Avast-Home-Edition-Free-Antivirus/3000-2239_4-10019223.html

http://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html

http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html
2010-01-10 22:27:54 UTC
• If you suspect you have a virus (or any other malware), you should take steps immediately. The following procedures work for most malware (except perhaps for completely new, unknown or unusually malignant strains). It is better to complete all steps, so you can be (reasonably) sure that all traces have been removed.



1. Signs to look out for (infections may cause one or several of the following):



Slow computer, and/or slow internet connection.

Strange pop-ups or web browser redirections (beyond those expected from dodgy websites).

Program failure, or inexplicable errors (even after a fresh install).

System functions unavailable (eg: Control Panel, Task Manager, Internet Explorer).

System giving a "RPC error", giving a window with a 30 second countdown to a restart.

Excessive internet cap usage, i.e high internet traffic on your computer.



2. steps to remove virus free from your PC:





Following these steps :



1> Back up your data. Above all else, be sure your data is backed up, and that the backed up data is stored in such a manner that a single disaster will not destroy both copies.



2> Run your virus-scanner, but beware, many modern viruses can circumvent (or hide from) anti-virus programs. Quarantine anything suspicious.

Make sure you are using a reputable antivirus. Some good free ones are Avira AntiVir, AVG, and Avast!



3> Install Anti-virus/Anti-Spyware and update it. Don't scan for malware yet.



4> Reboot into Safe Mode - Restart your computer and press F8 before Windows loads. Press F8 several times if you need to. Select Safe Mode from the resulting menu. Safe Mode disables much of the startup routine (including some common Malware hiding places).



5> Run your Malware Scanners - Run both the scanners sequentially, deleting any references found.



6> Enjoy your sanitised computer.



Finally, if these steps can't help to work you do have to reformat PC or reinstall OS. Perhaps, some hand hearted computer expert will offer a help .



However, here i'd like to introduce you some really working anti-virus programs:



1.Free ones:

avast! Home Edition 4.8

Avira AntiVir Personal 9

AVG 9 (use Threatfire with this program)

Panda Cloud Anti-Virus

Microsoft Security Essentials



2. Charge ones:

ET NOD32 Antivirus – Effective and easy-to-use

Download: http://www.eset.com/products/nod32.php



BitDefender Antivirus – Maximum security and speed

Download: http://www.bitdefender.com/



Kaspersky Anti-Virus – Award-winning antivirus and antispyware software

Download: http://www.kaspersky.com/





The essential software for your health PC

http://www.system-tools-software.com/spyware-removal/the-essential-software-for-your-new-pc.html
Max Avion
2010-01-07 23:30:32 UTC
Hi Derek,



Sounds like you have got yourself a bit of a bug. Please see some troubleshooting steps below:



1) Restore your operating system to an earlier time. This will remove the infected data that the virus has planted and will undo any registry changes:



- Boot your computer in safe mode with command prompt. Hit the F8 key continuously while the computer is starting up until you see an advanced menu appear.

- Select "Safe Mode with Command Prompt" as your option of choice.

- You will see all of your drivers loading and then will come to your login screen. Use the administrator account or your personal account if that fails.

- Once the command line opens, type in the following exactly as shown: %SystemRoot%\system32\restore\rstrui.exe

- The system restore utility will launch. Pick a restore point from a time which is before this issue started. Click Next, Finish etc... and complete the restoration.



2) Use a virus/malware scanner to remove any infected files:



- Use: Malwarebytes Anti-Malware to remove any infected files or registry keys: http://malwarebytes.org/

- Make sure that you have a good anti-virus program (I like AVG 9.0 free edition, works quite well)

- You can also use a Spyware scanner (thought Malwarebytes should take care of most of these) such as Spyware Doctor or Spybot Search and Destroy.



Hope this helped.



Regards,

Max
vlj2002
2010-01-08 09:12:34 UTC
Use combofix from bleepingcomputer.com, then go download malwarebytes from softpedia.com or cnet.com and use it(rename the installer if it doesn't let you install it such as winlogon.exe), then clean the rest of the virus with superantispyware and Hitman Pro 3.5 from softpedia.com/cnet.com and just in case you do have a rootkit on your system use GMER from majorgeek.com(Use gmer to scan and anything in red delete.)



Future Protection use this wizard to recommend security protection for your system:



http://www.techsupportalert.com/secwiz



or go to safe mode and then do the above:





To get into Safe Mode with Networking:



1. Log out and reboot your machine.

2. When the machine starts the reboot sequence, press the F8 key repeatedly.

3. Select Safe Mode with Networking from the resulting menu.



Note: Rogue security software is a form of computer malware that deceives or misleads users into paying for the fake or simulated removal of malware.



Or Manually:



Terminating the process:



1.I verify that a Rogue is present. This isn't hard, since it's usually popping up just about every few seconds.

2.Click CTRL-ALT-DELETE (if it's available)

3.Click Task Manager

4.Click Processes

5.Find a process that usually contain all numbers. For example 2342342.exe. If you do not see all numbers then your rogue has a name like...SystemSecurityPro.exe or GreenAV.exe...etc.

6.Select that process and click end process.

7.At this point the rogue process has been terminated.

Removing Rogue Anti-virus that is named with random numbers.



1.Click Start

2.Click Run (or for Vista type in the start search box)

3.For windows xp type: C:\documents and settings\all users\Application Data and click OK. A window will open containing a folder with about 8 numbers. Your Rogue is in there. Delete that folder.

4.For Windows Vista type C:\users\all users in the "start search" box and click enter. Your randomly named folder with about 8 digits should be in there. Delete it.

Removing Rogue Anti-Virus that has a name like System Guard Pro, AV2010, etc



1.Open Windows Explorer.

2.Open your C:\ drive.

3.Open Program Files

4.Find the Rogue and Delete the folder.



If not seek an expert. Good Luck!
Keyano Reev
2010-01-08 02:23:24 UTC
Use any of the antiviruses for virus protection



eTrust EZ Antivirus

McAfee Antivirus

avast! Antivirus

Kaspersky AntiVirus



Step 1.

As soon as you suspect that your computer has a virus, remove your computer from any networks it might be on, as well as from the Internet, so that you don't inadvertently spread the bug to others. Unplug your network cable if you have to.



Step 2.

If you have virus-scanning (anti-virus) software installed, run it.



Step 3

If you don't have anti-virus software, you'll need to obtain some. If you can't get it from a network administrator or download it from an uninfected computer, you can mail-order it from a retailer.



Step 4

Start your computer (still not connected to a network) and follow the instructions that came with the anti-virus software.



Step 5

Keep running the virus-scanning software until your computer comes up clean.



Step 6

Reconnect your computer to the Internet and check with the anti-virus software's publisher to make

sure you have the latest updates. If not, download them now.



Step 7

After updating the anti-virus software, run it again until your computer comes up clean.
2010-01-07 23:19:51 UTC
This happened to my old computer. Make sure to not click on any of the spyware removal schemes that are popping up, you should already know that.



This is a very serious virus, and I fixed it by:



Getting a new computer. I lost all my files, my database, everything.



I'm not exactly what you call a "professional", but I'm sure a technician will gladly help you.
Danny
2010-01-08 04:36:29 UTC
To remove NetSky Follow these instructions:





Restart the computer



Tap the F8 button repeatedly while it is booting



Choose "Safe mode with networking"



Go here and download this:

http://www.spyware-techie.com/wormwin32netsky-removal-guide/



Then install it, update it, and run a quick scan



That should get it.
I Am Tom
2010-01-07 23:15:51 UTC
This doesn't look to be a prank. The virus seems to have infected deep into your operating system.



My recommendation is to take this to a technician locally so they can take a look at it and help to remove the virus if they can.



Worst case scenario: your operating system is going to need to be nuked and replaced, and you will likely lose your files this way.
2010-01-07 23:18:25 UTC
Go in safe mode, download a free antivirus called "Malwarebytes", and run a full scan.
2010-01-08 02:03:11 UTC
I think it is Fraud Tool! You can not fall into its trap!

Although bad downloading, you still need to get security tool for protecting your PC.

Now it is the warnin for you that you haven't got one!
?
2010-01-07 23:23:51 UTC
its not a virus- well not technically. The only way to fix it is to reinstall windows- its a massive spyware infection


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Continue reading on narkive:
Loading...