Virus Pro Copy Cat

Hi

I rated that a good answer, well done.

I did a System Restore in safe mode, then ran Malwarebytes in full scan to find the offending files. I trust we are talking the same virus.

Tony

I tried the system restore path in safe mode and this thing must turn that off as well and with xp that clears out the history. As smart as this thing seems it must also rename/create files and directories with random names. I think this hard drive might be trash from a confidence stand point.

Great Advice, thank you. GA

RHABE

You need to shut down everything straight away, dont click on any of the "buttons" on the pop ups

Assuming the virus is trying to infect your computer via a browser pop-up, apparently the most popular method these days, a shutdown is not necessary. Ctrl-alt-delete to bring up Task Manager, then kill the "browser".exe application. Then don't go back to that address when you resume browsing.

Depending on the way you shut down, you can create as much damage as a virus. Shutting down through the start menu is generally ok, but removing power is sometimes not. As Tob says, do not click anything in the browser window, not even the pop-up's X button. Do not hit the Escape key to dismiss the pop-up. (If I were a virus writer, I would definitely hook my code into those functions.)

Much of this advice is older than dirt (very young dirt, of course), but new computer users are being created every day.

My experience with this particular beastie is that it doesn't allow Task Manager to run at all.

Yes the "pro bug" popped up again later and I had to go through the process again.

Frustrating thing for me is that all of our Antivirus/malware protection is done at the servers, so once it's past that its almost a free for all. Our IT policy doesn't afford me god status on my computer so I'm not allowed to "individually" fortify my work machine.

Unlike my home machines which hide behind a router firewall, as well as Anti virus/mal/botware.

Now I was running both IE8 and Firefox 3.6 so I'm not sure which one let it in. It has just been a TPA! Which is what the oxygen thievin sh*ts want, oh and money for nothing.

Already good advice here, but here is a further method that requires even less knowledge.

Many Antivirus companies have a free downloadable bootable Linux CD. You just have to download the .ISO image, make the CD and have a PC where you can change the BIOS to boot first from CD....

Load CD, boot from it and run the antivirus software scan.

The good point is that Windoze is absolutely "DEAD" at this point, the whole hard disk contains just "Data" and no active programs at this point.

Furthermore, I would just like to say that if you observe the security rules (don't visit questionable websites, which INCLUDES Facebook and Twitter by the way...warnings have been made about them for at least a year in Germany for example) AND you have a hardware firewall, software firewall and good antivirus software - all at the latest versions, this should never happen.....

Scan your computer FULLY at LEAST once a week.....update the relevant softwares DAILY at least!!! Automatically is best!!!

Anyone who even thinks differently is just lying to themselves and just asking for trouble.....

Company networks are often a hive of bad bees, looking at porn, questionable sites etc.......

One of my kid's laptops just picked up a nasty bug running Internet Explorer that was a phony anti-virus program. It slipped by the AVG security and corrupted it so AVG could not counter-attack and it also hijacked the browser and took control of the networking by changing the LAN settings...something I rarely check.

Startup in safe mode with networking. First, get back into your internet options, connections, LAN settings, and make sure that the box that says "use a proxy server for your LAN" is not checked. Then download and update Malwarebytes and run a full system scan, clean, reboot and run scan again. It took three times to completely get rid. I also ran Super AntiSpyware twice just to be sure and it picked up a few kernels left behind. FYI, Firefox, Chrome are safer programs than IE and I rarely get issues with these guys. Good luck.

You are correct the LAN was set to proxy, I tried downloading ms defender and it blocked it. looks pretty sophisticated.

I would personally contribute to have one of our guys figure a way to blow this guys server and hardware.

Otha, follow my instructions and you should get out of the woods on this nasty virus.

Get your LAN set properly first, and that will stop the hijacking whilst you get the malware software from malwarebytes.com installed AND updated in SAFE mode. This is a new virus, and you need to get the latest. Run the program several times until it is clear...this takes at least two or three. Clear your cache, close all programs at startup that are not necessary (which is only about three), restart and boot to your normal programs...then decide to go with something like Firefox or Chrome which are far less susceptible to these critters than IE.

I think I must have picked up this virus also because Windows will not even start on my computer. I turned my computer on yesterday and found this problem. I was in Facebook the night before but I did not see anything suspicios before I turned the computer off. I am getting a message that says that the BOOTMGR is missing. anyone have an idea what this mean? I tried to do a restore but I get a message that says that I need the driver for the CD,DVD or Floopy Drive??????

The best way I have found to deal with these insidious fake anti-virus software (also known as RANSOMWARE) is to immediately shut down the computer (save your current files that are open if desired), remove the affected hard-drive from the machine and install it in one of these USB based external hard-drive cases. Then connect the external hard-drive case to a running computer with known, good AV software installed and run a scan on the USB-based drive.

You will not be able to run your normal AV on the boot drive with ransomware installed. They have figured out how to disable most AV programs at start up. Safe mode doesn't help either.

Thanks I will try that. I have no other choice. I cannot access any of my files. I think I have lost them. If this does not work then I will format the drive. Is there an antivus for this?

Try the free software "Recuva" first.....

Thanks for all the input guys.

Here is how it all washed out. I was beginning to get paranoid with these virus programs, I realized that anyone of them could indeed be as bad as the one that had invited itself to my wifes computer. In fact I was half way through installing one and had second thoughts about the whole thing and aborted it.

Tomymech and yourself gave me enough assurance that I was willing to try Malwarebytes. This new variant of this virus would lock out the application as soon as I tried to load it. I went to JustAnswer.com and they suggested that I down load a file named rkill and install it prior to installing Malwarebytes. This worked out just fine and seems to have killed the intruder. I am still a bit nervous about passwords and such.

The rkill file can be googled and is a free download.

GA, Otha. I had not heard of rkill, but a little searching provided good info. It kills processes that disable certain other processes like regedit & legitimate antivirus programs, allowing you to remove the offending malware.

If you have not done so, you still need to run Malwarebytes to actually remove the nasty. rkill only turns it off, it doesn't delete it.

Thanks, I did go to the site that you supplied the link to. I think the discussion section of it was more enlightening than the body of the description.

Up till this point I had not realized that there were 4 different extensions in case this virus was set up to wholesale shut down .exe extensions or .com or whatever.

I was lucky mine went right through with the .exe extension. As stated in the discussion it does now give you a report as to what it did.

You might all like to have a look at this site.

Some informative stuff;

http://www.us-cert.gov/reading_room/

I put our IT dude onto it he has found it most helpful.

Never download any avg programs from the net, the only way to get full protection for this on your computer is to go out to agros or tesco and by a copy on cd, this way if you do develop a virus you can at least take it up with the company you purchased the cd from, the web has thousands of virus on it, and it only takes 1 crack in your system young or old to be able to enter and cost you a new system, trust me, ive tried it. and cost me....! beware the web.