Question:
Fake Security Alert Virus, how to fix?
Gamerfreak
2009-07-02 20:27:03 UTC
When I turn on my Vista computer, lots of random applications are trying to access the internet. I block every single one of them. That is why the virus can't do anything. But the blocked programs are ALL in my user folder (like the folder that holds all my data with the name of my User Account name). They include iexplore.exe and 6 or 7 random letters, all capitals, then .exe. They change every time. There are two of those and iexplore.exe. Sure iexplore is a system app, but its not supposed to be in my user folder. Nothing happens yet. I can delete the two apps with random letters, but i can't delete iexplore.exe. I wait, then a new item tries to access internet. Another random lettered app. This time a shield icon appears in my right side of the system tray and says "Security Center Alert! Virus Warning! Your Computer is Infected!", and a fake browser that i can't close comes up with Windows 2000 Theme and nothing on it because i blocked its internet access. I go to my user folder, I can now delete the iexplore.exe, but not the random lettered new one. The new one has a yellow shield icon with a black exclamation mark in the middle, just like the icon in my system tray. A batch file with random letters is also there. I can delete that. I still can't delete the shield iconed app. I can, however, move it. I move it to an empty folder on my desktop. The shield icon goes away eventually, like overnight, and i can delete the folder with the application in it. Virus gone? no, when i restart the same thing happens again... all new letters and everything. sometimes when i move the shield app, the icon in my system tray doesn't even go away... malware bytes anti-malware doesn't open. I've tried multiple full system scans and malware scans....no virus detected. i've scanned the virus application specifically, no virus detected. I can't system restore because the virus deleted all system restore points... this virus has spread to all three of my computers!!! thru jump drive trying to save important files... I NEED HELP!!! how do i fix it???
Four answers:
♱♫True Colors☺♥
2009-07-02 20:34:06 UTC
HOW DO I GET RID OF THIS ROGUE SECURITY PROGRAM?

Programs such as Personal Antivirus, Anivirus System Pro, XP Deluxe Protector, WinBlueSoft, Antivirus Pro 2009, AntivirusBEST, and many more are actually rogue (fake and malware) security programs and if you run them will even infect your computer even more. Read here to learn more about them: http://en.wikipedia.org/wiki/Rogue_software . This is also a good article to read: http://www.techsupportalert.com/content/spyware-removal-guide.htm .



First back up your important files and documents in case anything goes wrong during the removal process. For the same reason create a system restore point. Yes this restore point might be infected but it is better to have that go back to then not being able to undo things if the cleanup affects your computer. You can always scan again. Once the computer is clean and working properly, we will get rid of the potentially bad restore points.



The pop-ups you get from this type of program are a sign your computer is already infected. There are literally hundreds of these rogue programs out that are plaguing so many people. The free program, not necessary to purchase the pro version, Malwarebytes' Anti-Malware (MBAM), is very good at detecting and removing rogue security programs. http://www.malwarebytes.org/mbam.php



Now some of these rogue programs are very tricky and will make it so you cannot run your security programs or will not let you download and install them. Here is a link that will explain how to get around this with MBAM and be successful downloading, installing, and running the program: http://www.myantispyware.com/2009/06/08/malwarebytes-wont-install-run-or-update-how-to-fix-it/

Once you are successful at downloading, installing, and updating MBAM you can then follow these directions: http://www.bleepingcomputer.com/virus-removal/remove-personal-antivirus . Please note these instructions are for PersonalAntivirus, one of the rogue programs, but the instructions are very similar for getting rid of any rogue program.



Also it would be a good idea after running the quick scan, and rebooting to run a full system scan. I have also seen it suggested to run MBAM in safe mode. You can also try this other free program called SUPERAntiSpyware that can be found here: http://www.superantispyware.com/ .



Once your computer is clean and working normally just to be on the safe side turn off system restore and wait 30 seconds, turn it back on and create a new restore point. This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.



Here is an excellent article to learn how to be safe on the internet, http://surfthenetsafely.com/index.html . It covers everything from viruses, spyware, and firewalls in great detail. The links in it that do not work right are pointing to this website http://www.techsupportalert.com/pc/security-tools.html . This website was reorganized so old links do not always work.



I would really like to hear how these steps worked for you or how else you were able to get rid of the rogue security program. You can email me via my Yahoo Answers Profile or email me at my_mailbox08@yahoo.com. Thanks.
?
2016-08-29 00:35:34 UTC
2
Preston L
2009-07-02 20:35:57 UTC
Well you are definitely infected with malware which is trying to get you to buy products that likely do not work and would not solve your problem. Here's your choices from my experience:



1. Take your computer in to a reputable computer repair center and pay to have them remove your computer's malware.

2. If you have the knowledge and experience, download an antivirus that boots from a burned CD-ROM. It's usually a Linux CD-ROM operating system with an anti-virus built in. You boot into Linux, then use the Linux's anti-virus program to clean your Windows drives. It's nearly impossible to clean up Windows from inside of Windows unless you have a lot of experience.
2009-07-02 23:18:05 UTC
You should use following troubleshooting steps to get rid off this issue :--

1. Please try to delete all the internet temporary files like temp, %temp% and prefetch files.

2. Scan your computer by using any updated antivirus program.

3. Try to install and download the "Antimalwarebytes" (freely available)

4. Try to update "Antimalwarebytes".

5. Scan your computer using the "Antimalwarebytes"..

6. Follow the same procedure for "Superantispyware" as you have done for "Antimalwarebytes" (Safe Mode).

7. Delete all it's entries from the registry.


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Continue reading on narkive:
Loading...