virus help

[Alpha32]

I have this virus which i just got i dunno what it is but it looks like a fake anti virus by the way its acting

it keeps flashing in the tool bar warning this application cannot be executed avastui.exe is infected and i have this fake AV saying i have 38 viruses and what it the virus does but when i run avast to a certain percent it restarts the computer and i can't install no other anti-viruses or ad-ware removeal tools as it stops it!!! i dunno what it do :| help please

it won't let me do nothing

system tool - protect your computer is what it says on the anti virus and it also changed my background wallpaper saying warning your in danger and goes on about what it might do and to what etc it also gives me a blue screen error just before it restarts

it must have came through java cos it opened up 5 mins or so before it happened

[Tarq57]

Do you have access to another computer to download stuff with, and a flash drive?
Does the sick computer have a USB port?

Download MBAM (from MajorGeeks - an approved mirror) and save it to the flash drive (usb stick.)

Rename the installer file to something like "Alpha222.exe" and transfer it to the sick computer, then double click it to run it. It will install MBAM on the computer (if it can be installed). Once installed, the default is for MBAM to run and update itself, let it do so. If that all works, run a quick scan. At the end of that scan it will produce a scan report. Select all it finds, and then click "remove selected". If it prompts for restart, do so immediately.

If it can not be installed or run:

Restart the sick computer in safe mode. Start taskmanager if you can, look under "processes" and if "system tool" is present, highlight it and select "end process". Ok your way out of the warning. Then (while still in safe mode) install MBAM - should be no need to rename anything - and run a quick scan. It won't be able to update in safe mode, but it might find the file that's causing the problem and zap it. Select "remove selected" at the end of the scan, reboot (into normal mode), update MBAM and scan again.

Let us know how that works.
If you don't have another computer, let me know.

[Alpha32]

I do have another computer but its broken however i did download mbam so i'll rename and see what happens (after next restart which will happen any second now)

edit: restarted - won't run the exe for mbam so i'll restart myself and try to run in safe mode and i'll report back to you

[Alpha32]

I did the mbam in safe mode - quick and full and found nothing!! shoild i try a system restore in safe mode and then scan afterwards?

[argus]

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds.scr to run the tool.

    * When done, DDS will open two (2) logs:
         1. DDS.txt
         2. Attach.txt

Save both reports to your desktop. Post DDS.txt back to topic.

[Alpha32]

Download DDS and save it to your Desktop from here:
http://download.bleepingcomputer.com/sUBs/dds.scr

Double click dds.scr to run the tool.

    * When done, DDS will open two (2) logs:
         1. DDS.txt
         2. Attach.txt

Save both reports to your desktop. Post DDS.txt back to topic.

Safe mode or normal?

[argus]

Normal mode.

[Alpha32]

Normal mode.

ok will wait til it restarts next which will be very soon

[argus]

will end in 20 seconds

It is a diagnostic program

[Alpha32]

will end in 20 seconds

It is a diagnostic program

yeah but i wouldn't of had time to post it

but it won't allow it to run, it closes straight after i open it.. and does nothing, no txt files or anything :|

i'd take a screenshot of what i have but i can't even open paint

edit: it's this one http://forum.avast.com/index.php?topic=67789.msg570507#msg570507 what he has/had

looking at the steps to get rid of it.. i won't be able to remember it all, don't have a printer either :/

[argus]

Normal mode

Download and save it to your Desktop from here:

http://download.bleepingcomputer.com/grinler/rkill.com

Click the Start > search (run) and copy this:

Code: [Select]

%UserProfile%\desktop\rkill.com
Click ok

Post log.txt back to topic.

[Alpha32]

Did what you said but still no luck

[argus]

Go into safe mode with metworking




> Download ComboFix from here and save it to your Desktop.
If you are unsure how ComboFix works please read this guide carefully.
note: ComboFix must be downloaded to your Desktop.

> Run ComboFix.
ComboFix will check if there is a newer version of ComboFix available.
Click Yes if prompted to download.
ComboFix will display DISCLAIMER OF WARRANTY ON SOFTWARE.
Click Yes to allow ComboFix to continue.
If Recovery Console is not installed, ComboFix will offer download & installation.
Click Yes to allow ComboFix to install Recovery Console.

> When the tool is finished, it will produce a log report for you. (typical location: C:\ComboFix.txt )
  Post log reports ( ComboFix.txt) back to topic.

[Alpha32]

This is really noobish but how do I disable avast? lol (never had to do it before)

[Tarq57]

Right click the orange icon, mouse over "avast shields control", and select "disable permanently". When required, re-activation is the same process, but re-enabling them instead of disabling them.