HELP! My computer has been taken over by a virus!

[chris_b]

Hi guys, I'm posting this from my laptop because my desktop has been DESTROYED by a virus. I've never seen anything like this before.

I downloaded some old e-books from a torrent site, and next thing I know an alien Antivirus scanner is running on my desktop, called "Antispyware Soft", telling me "There are serious threats on detected on your computer. Your privacy and personal data may not be safe. Do you want to clean and protect your PC?"

Plus I have a little green shield icon on my taskbar that keeps popping up with the message "Windows Security alert. Windows reports that your computer is infected..."

Then when I close down the scanner I get another, uncloseable popup called "Antivirus software alert" telling me: "Vulnerabilities found. Your computer is infected by spyware - 34 serious threats have been found while scanning your files and registry".

Besides that I've got another "Security Warning" popup saying "Application cannot be executed. The file control.exe is infected. Do you want to activate your antivirus software now."

Plus, every once in a while IE tried to connect to a website called "porno.com". I've disconnected from the net so that it won't access.

To make it all worse, I can't even open the task manager, or my system restore!

Please can somebody help me with this? I don't know what to do

Edit: forgot to mention: I'm running Vista 64-bit and avast is my AV programme.

[Lisandro]

I suggest:

1. Clean your temporary files.
2. (not for you, as there isn't boot time for x64) Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
3. Use MBAM (or SUPERantispyware or even Spyware Terminator) to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete them.
4. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
5. Make a HijackThis log to post here or this analysis site. Or even submit the RunScanner log to to on-line analysis.
6. Clean your Hosts file (replacing it) with HostsMan tool.
7. Disable System Restore and then reenable it again.
8. Immunize your system with SpywareBlaster.
9. Check if you have insecure applications with Secunia Software Inspector.

Step 6 is necessary for you.

[Pondus]

you probably have a clone of this one

Removal instructions for Antivirus Soft
http://forums.malwarebytes.org/index.php?showtopic=39312

[chris_b]

Hi pondus, thanks for the advice.

That is the exact virus I have. The problem is that I can't do the update.

It says that you have to uncheck the LAN settings in IE and quickly click the 'update' tab in Malwarebytes, but everytime I do that I get this error:

"An error has occurred. Please report this error code to our support team. MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest)"

Is there something I'm doing wrong?

[Pondus]

Have you installed MBAM ? then run it without updating and see what happens !

Try this

Hitman Pro 3 - Second Opinion Malware Scanner http://www.surfright.nl/en/hitmanpro
Hitman Pro in Force Breach Mode http://hitmanpro.wordpress.com/2010/03/16/hitman-pro-in-force-breach-mode/

If this works then after you have run Hitman pro run Malwarebytes and post the log here

If this does not work, follow this guide from Essexboy and post the OTL log`s here
http://forum.avast.com/index.php?topic=53253.0

if the logs are big: down left corner > Additional Options > Attach

[Asyn]

A-squared can remove it.
http://support.emsisoft.com/topic/1403-antivirus-soft-adware-removal-instructions/
Free version here: http://www.emsisoft.com/en/software/free/
asyn

[casscom1]

Hi there-

I had this exact same thing... everything, including porno.com trying to be opened aah!
This happened to me on Tuesday the 20th at about 8pm,
I called a friend and they taught me to... reboot my laptop.? A system reset? And it reset it to 3pm that day. there were no more popups, etc when I turned my laptop back on- I ran an avast scan after the system reset but had to stop it halfway through because of time- ran it again today & there is a Win32:Trojan-gen virus in a temporary internet files folder. It has been moved to the virus chest.
I'm really new to this and I have NO idea where to go from here.
Help?

I just deleted my temporary internet files. Is this all I need todo?

[Asyn]

I'm really new to this and I have NO idea where to go from here.
Help?

Welcome to the forum.
Here 2 links to free malware scanners, you can run to check if your system is clean again.
http://www.malwarebytes.org/mbam.php
http://www.emsisoft.com/en/software/free/
asyn