A virus warning came up, now I can't access LAN for Internet or other computers

[wallmg]

The virus warning came up when I was closing IE, and it went away so fast I didn't get to see what it was. But after that, I couldn't go online anymore, or connect to my home network via this computer. Other computers on the network are connecting just fine. When I was test IE on the infected computer, another Avast warning came up saying a virus was found - JS: FakeWarn or something like that - and I direct Avast to move it to the chest. Also, I noticed now, upon boot up, that some spyware/malware program seems to have been installed by itself, as a splash screen comes up for it. This is not a program I knowingly installed.

So I'm stuck with this computer having no access to the internet or my home network, and I can't figure out how to resolve it. Earthlink (my internet provider) and Linksys (my router manufacturer) provided no help.

I'm running Avast Boot Scan now, but what else do I need to do to get this system working correctly again? I have an old Ghost image of the boot drive that I could restore, but it's from probably a year ago, so I would have a lot of stuff missing on there that I have now. Is that even an option for repairing this problem?

[Asyn]

Run free Mbam to scan and clean your system..!
http://www.malwarebytes.org/mbam.php
asyn

[Pondus]

I noticed now, upon boot up, that some spyware/malware program seems to have been installed by itself, as a splash screen comes up for it. This is not a program I knowingly installed.

Sound like you got a rogue program installed

if you can see a name on that popup we may find a removal guide for that rogue

[Alexp]

Now apart from what you say the forumers, you can use Dr.Web Cure It, and pass it on Safe Mode.

If you have Vista or Seven you can use this tool for fix connection problem's after remove the infection: FixWin

Bye!.

[wallmg]

Thanks for the recommendations. I'll give them a try tomorrow. Meanwhile, I captured the splash screen for the rogue program. It's called "Antispyware Soft." I've tried attaching a capture of the splash screen. Not sure if attaching will work. Any help removing this app would be appreciated as well.

Mark

[Gargamel360]

There is a removal guide for that one here
http://www.bleepingcomputer.com/virus-removal/remove-antispyware-soft

[Asyn]

Thanks for the recommendations. I'll give them a try tomorrow. Meanwhile, I captured the splash screen for the rogue program. It's called "Antispyware Soft." I've tried attaching a capture of the splash screen. Not sure if attaching will work. Any help removing this app would be appreciated as well.
Mark

You're welcome and good luck..!
asyn

[polonus]

Hi malware fighters,

To further stay clear of this:
http://lists.clean-mx.com/clean-mx/md5.php?Kaspersky=Trojan.HTML.Fraud.n

polonus

[wallmg]

OK, so I went through the following procedure recommended above:
http://www.bleepingcomputer.com/virus-removal/remove-antispyware-soft

This got rid of the splash screen, and I'm now able to get online again. However, when online, I'm getting an occasional pop-up browser window feature at advertisement for some product or other, even though I have pop-up blocker on. I use to never get such pop-ups.

Also, while I'm able to get online, I'm still not able to connect with my other computers on the network. I can see the drives on those other computers, but when I double click on them, I get a message they are not accessible.

So, given these issues, I'm wondering if the bug is truly eliminated. Any other suggestions? I tried downloading Dr.Web Cure It, as suggested by someone else above, but every time  I would click download, it wouldn't prompt me where to download it to, and I have no idea where it's going to.

Thanks again for any and all help.

-- Mark

[Asyn]

So, given these issues, I'm wondering if the bug is truly eliminated. Any other suggestions? I tried downloading Dr.Web Cure It, as suggested by someone else above, but every time  I would click download, it wouldn't prompt me where to download it to, and I have no idea where it's going to.

So did you run Mbam, yet..??
asyn

[wallmg]

Yes. I followed the instructions in the link I referred to, which has you run rkill.com first and then mbam-setup.exe.

Mark

[Asyn]

If you like you can run EAM and see what it finds.
http://www.emsisoft.com/en/software/free/
asyn

[Altarir.]

If you like you can run EAM and see what it finds.

it will find a lot of things I believe! Even explorer.exe is malware!

[wallmg]

If you like you can run EAM and see what it finds.
http://www.emsisoft.com/en/software/free/
asyn

Thanks. I ran this software and it found 13 items - 2 high risk and the rest low risk. The low risk items were all called trace cookes, or something like that. I've attached the findings at the bottom of this post. But even with those things quarantined, everytime I try to go to a new web page, it gets redirected to some ad page. AFter this happened three or four times, a virus warning came up, and a Windows message (supposedly) asking me if I want to install an antispyware program. If I hit cancel, a new message comes up saying it is highly recommended that I install the program. My only option is to hit OK, then I"m back at the window asking me if I want to install the program. It's an endless cycle. So I have to force quite IE.

Obviously, my computer is still infected with something bad, and I'm not sure what else to do to clean it up.

Here's what Emisoft found:

Emsisoft Anti-Malware v. 5.0.0.53
(C) 2003-2010 Emsi Software GmbH - www.emsisoft.com

ID   Object
0    C:\Documents and Settings\Mark\Cookies\mark@mediaplex[2].txt  Trace.TrackingCookie.mediaplex!A2
1    C:\Documents and Settings\Mark\Cookies\mark@specificclick[2].txt  Trace.TrackingCookie.specificclick!A2
2    c:\vsts storage - not installed\plpareq_221\install_plpareq.exe  Riskware.AdWare.Win32.BetterInternet!IK
3    C:\Documents and Settings\Mark\Cookies\mark@doubleclick[1].txt  Trace.TrackingCookie.doubleclick!A2
4    c:\program files\ati technologies\ati.ace\graphics-full-existing\dxstress.exe  Trojan-Downloader.Win32.Agent.dryb!A2
5    c:\documents and settings\mark\local settings\temp\f57bdb1b.exe  Trojan-Dropper.Win32.Microjoin!IK
6    C:\Documents and Settings\Mark\Cookies\system@realmedia[2].txt  Trace.TrackingCookie.realmedia!A2
7    C:\Documents and Settings\Mark\Cookies\mark@com[1].txt  Trace.TrackingCookie.com!A2
8    C:\Documents and Settings\Mark\Cookies\system@doubleclick[1].txt  Trace.TrackingCookie.doubleclick!A2
9    C:\Documents and Settings\Mark\Cookies\system@www.entrepreneur[2].txt  Trace.TrackingCookie.www.entrepreneur!A2
10   c:\vsts storage - not installed\plpareq3_221\plpareq3_install.exe  Riskware.AdWare.Win32.BetterInternet!IK
11   C:\Documents and Settings\Mark\Cookies\system@questionmarket[1].txt  Trace.TrackingCookie.questionmarket!A2
12   C:\Documents and Settings\Mark\Cookies\mark@tribalfusion[1].txt  Trace.TrackingCookie.tribalfusion!A2

Any help is greatly appreciated.

[mikaelrask]

another highly recommenden program here is superantispyware that you can try.

http://filehippo.com/download_superantispyware/

if this not solve your problem try scan with http://free.antivirus.com/hijackthis/

savn and post th result so someone with knowledge can have a look

my self is not that kowledge about this kind of scanns.

good luck.