Red_Alert
^^ Privileged ^^
- 92,301
- 8,234
- 533
- Joined
- Jan 10, 2010
- Hoopla Cash
- $ 1,956.00
- Fav. Team #1
- Fav. Team #2
- Fav. Team #3
Holy shit.
How long have you been getting that?
How long have you been getting that?
-
Have something to say? Register Now! and be posting in minutes!
computer help needed, where the guru?
- Thread starter cane_man
- Start date
- Thread starter
- #22
cane_man
I AM the liquor
- 16,411
- 6
- 38
- Joined
- Dec 19, 2009
- Location
- recovered swampland
- Hoopla Cash
- $ 1,000.00
- Fav. Team #1
- Fav. Team #2
- Fav. Team #3
had 1 more, but it wont upload. malware byts full scan came up empty too
- Thread starter
- #23
cane_man
I AM the liquor
- 16,411
- 6
- 38
- Joined
- Dec 19, 2009
- Location
- recovered swampland
- Hoopla Cash
- $ 1,000.00
- Fav. Team #1
- Fav. Team #2
- Fav. Team #3
started around noon
Jack_John_Mark
¿Cómo está usted?
- 60,089
- 2,186
- 173
- Joined
- Jan 11, 2010
- Location
- Lincoln, NE
- Hoopla Cash
- $ 100.00
- Fav. Team #1
- Fav. Team #2
- Fav. Team #3
This worked for me once......
Open up notepad, center it right in the middle of your screen, and then type "I know who you are you skinny fucking little queer four-eyed son of a bitch, and now you're going to get fucked."
Open up notepad, center it right in the middle of your screen, and then type "I know who you are you skinny fucking little queer four-eyed son of a bitch, and now you're going to get fucked."
- Thread starter
- #25
cane_man
I AM the liquor
- 16,411
- 6
- 38
- Joined
- Dec 19, 2009
- Location
- recovered swampland
- Hoopla Cash
- $ 1,000.00
- Fav. Team #1
- Fav. Team #2
- Fav. Team #3
and its all from "vista antimalware" if you check the IP of the attack I bet it comes back bs, all the rest have. plus my proxy server is supposed to switch IPs every 30 minutes so i find highly suspect that this could go on all day.
Red_Alert
^^ Privileged ^^
- 92,301
- 8,234
- 533
- Joined
- Jan 10, 2010
- Hoopla Cash
- $ 1,956.00
- Fav. Team #1
- Fav. Team #2
- Fav. Team #3
Do a System Restore back to yesterday. If it'll let you. It only takes a couple of minutes.
Have you created any documents or anything you care to save since yesterday?
- Thread starter
- #27
cane_man
I AM the liquor
- 16,411
- 6
- 38
- Joined
- Dec 19, 2009
- Location
- recovered swampland
- Hoopla Cash
- $ 1,000.00
- Fav. Team #1
- Fav. Team #2
- Fav. Team #3
nah. brb, Ill give it a shot
Ghost In The Machine
Nobody
- 8,822
- 3
- 0
- Joined
- Dec 19, 2009
- Location
- Florida
- Hoopla Cash
- $ 1,000.00
- Fav. Team #1
- Fav. Team #2
- Fav. Team #3
I find it hard to believe that those Vista messages are real. It's just trying to get you to click on the free virus scan.
Ghost In The Machine
Nobody
- 8,822
- 3
- 0
- Joined
- Dec 19, 2009
- Location
- Florida
- Hoopla Cash
- $ 1,000.00
- Fav. Team #1
- Fav. Team #2
- Fav. Team #3
Check this out...
Remove Vista Internet Security 2010 fake antispyware | Guidelines to Remove Malware
Here's a forum where some are discussing your problem...
http://www.bleepingcomputer.com/forums/topic295207.html
Remove Vista Internet Security 2010 fake antispyware | Guidelines to Remove Malware
Here's a forum where some are discussing your problem...
http://www.bleepingcomputer.com/forums/topic295207.html
Ghost In The Machine
Nobody
- 8,822
- 3
- 0
- Joined
- Dec 19, 2009
- Location
- Florida
- Hoopla Cash
- $ 1,000.00
- Fav. Team #1
- Fav. Team #2
- Fav. Team #3
XP Internet Security 2010 rogue | Symantec Connect
^^^ I would go with the symantec.com advice before the others.
^^^ I would go with the symantec.com advice before the others.
Red_Alert
^^ Privileged ^^
- 92,301
- 8,234
- 533
- Joined
- Jan 10, 2010
- Hoopla Cash
- $ 1,956.00
- Fav. Team #1
- Fav. Team #2
- Fav. Team #3
They are viral. They write themselves into your registry when you click anywhere inside the box on the first pop-up. Once they are written into your registry they commonly disable your antivirus and malwarebytes programs. Sometimes it'll even prevent you from restoring back a day or two.
If it does that he needs to bring his computer up in safe mode first. Then run malwarebytes.
Last edited by a moderator:
Ghost In The Machine
Nobody
- 8,822
- 3
- 0
- Joined
- Dec 19, 2009
- Location
- Florida
- Hoopla Cash
- $ 1,000.00
- Fav. Team #1
- Fav. Team #2
- Fav. Team #3
From the symantec forum that I linked to...
"While searching the web for iPhones, a fake security malware infected my laptop. Although I use Firefox and Symantec Endpoint, the trojan slipped through my XP SP3 system. When I ran a full scan, the March 5 r of Symantec did not identify the problem. After researching the web, I found a blog at "Bleepingcomputer.com," which fully described the problem and the solution. I used MalwareBytes' AntiMalware to remove the infected registries and files. Note that the rogue has other names, such as Vista Internet Security 2010, Win 7 Internet Security 2010, and several others. This rogue must be disabled before it allows other executable files to run. I used FixExe.reg.
Variants of the files infected are as follows.
%UserProfile%\Local Settings\Application Data\av.exe
%UserProfile%\Local Settings\Application Data\WRblt8464P
%UserProfile%\AppData\Local\av.exe <In Antivirus Vista 2010 & Win 7 Antispyware 2010>
%UserProfile%\AppData\Local\WRblt8464P <In Antivirus Vista 2010 & Win 7 Antispyware 2010>
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
My system had the "av.exe" rogue and six infected registry files.
Any questions, please reference the article posted Jan 27, 2010 by Grinler on BleepingComputer.com "How to remove XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010."
I also found an older article at Rogue Security Software | Fake Virus Alerts | Scareware
"While searching the web for iPhones, a fake security malware infected my laptop. Although I use Firefox and Symantec Endpoint, the trojan slipped through my XP SP3 system. When I ran a full scan, the March 5 r of Symantec did not identify the problem. After researching the web, I found a blog at "Bleepingcomputer.com," which fully described the problem and the solution. I used MalwareBytes' AntiMalware to remove the infected registries and files. Note that the rogue has other names, such as Vista Internet Security 2010, Win 7 Internet Security 2010, and several others. This rogue must be disabled before it allows other executable files to run. I used FixExe.reg.
Variants of the files infected are as follows.
%UserProfile%\Local Settings\Application Data\av.exe
%UserProfile%\Local Settings\Application Data\WRblt8464P
%UserProfile%\AppData\Local\av.exe <In Antivirus Vista 2010 & Win 7 Antispyware 2010>
%UserProfile%\AppData\Local\WRblt8464P <In Antivirus Vista 2010 & Win 7 Antispyware 2010>
HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"
My system had the "av.exe" rogue and six infected registry files.
Any questions, please reference the article posted Jan 27, 2010 by Grinler on BleepingComputer.com "How to remove XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010."
I also found an older article at Rogue Security Software | Fake Virus Alerts | Scareware
Red_Alert
^^ Privileged ^^
- 92,301
- 8,234
- 533
- Joined
- Jan 10, 2010
- Hoopla Cash
- $ 1,956.00
- Fav. Team #1
- Fav. Team #2
- Fav. Team #3
He's already run the quick and full versions of Malwarebytes.
The virus is overriding them.
If restoring to yesterday doesn't work, he needs to run Malwarebytes in 'Safe Mode".
The virus should be blocked from executing in safe mode, and Malwarebytes can do its job.
The virus is overriding them.
If restoring to yesterday doesn't work, he needs to run Malwarebytes in 'Safe Mode".
The virus should be blocked from executing in safe mode, and Malwarebytes can do its job.
- Thread starter
- #35
cane_man
I AM the liquor
- 16,411
- 6
- 38
- Joined
- Dec 19, 2009
- Location
- recovered swampland
- Hoopla Cash
- $ 1,000.00
- Fav. Team #1
- Fav. Team #2
- Fav. Team #3
fuck. did system restore, it took out my internet, malware bytes and ISO virtual dvd. went back to original settings, got internet back but malware and virtual dvd drive still gone. ran eusing registry cleaner and the problem seems to be gone. except, I keep getting a request for a BHO registry change, and it wont let me deny, so I just slide it to the side. will deal with that tommorow. fuck, this is exhausting
Red_Alert
^^ Privileged ^^
- 92,301
- 8,234
- 533
- Joined
- Jan 10, 2010
- Hoopla Cash
- $ 1,956.00
- Fav. Team #1
- Fav. Team #2
- Fav. Team #3
How far back did you go?
Did you try deleting your system32?
joyner82
I liek chocolate milk
this won't end well
WHY DO YOU HAVE TO RUIN EVERYTHING!
Red_Alert
^^ Privileged ^^
- 92,301
- 8,234
- 533
- Joined
- Jan 10, 2010
- Hoopla Cash
- $ 1,956.00
- Fav. Team #1
- Fav. Team #2
- Fav. Team #3
Don't do that.
Similar threads
- Discussion
- Discussion
- Discussion
