Author Topic: Personal Internet Security malware pop-up and scan takes over computer  (Read 1457 times)

Offline privard

  • Newbie
  • *
  • Posts: 2
    • Personal Message (Offline)
Got a pop-up from Personal Internet Security (not a program I've ever installed) saying "system infected, run a scan"--program window then comes up and starts looking like it's running a scan.  Avast disappears from the task bar and I can't start it or any other programs--it's completely taken over the computer (presumbably until I click something in it and buy the program that "fixes" it).  Only thing I could do was shut down or restart.  Restarted, same thing happened almost immediately.  Restarted again, immediately ran Task Manager, saw a process I'd never seen before, and ended it in Task Manager.  The rogue program didn't start.  I ran a full system scan with Avast, then a full boot time scan.  Found and removed some threats but when Windows started up again (in safe mode), almost immediately the pop-ups and rogue program started and took over the computer.  I restarted again, immediately started Task Manager, hit Print Screen and then End Process as soon as the mystery process started.  Again, the rogue program seemed to be disabled.  I then got the name of the process from the Print Screen image, did a search,  and deleted it from a couple of places.  Seems to have fixed the problem.  But this is a real pain--I also sent a ticket to Avast Support so they can add protection against this.  Details:

The rogue process name in Task Manager was eI01300MhApJ01300.exe.

It was in WINDOWS\prefetch (with the prefetch extension appended)
and Documents and Settings\All Users\Application Data\eI01300MhApJ01300.exe

Online DavidR

  • avast! √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 69216
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Online)
Start by reading this, http://www.bleepingcomputer.com/virus-removal/remove-personal-internet-security-2011. Whilst I don't know is yours had 2011 tagged on the end, in essence they are variants on the same rogue.

Before doing this, sending a sample to avast for analysis is the only realistic way to go a support ticket can't be analysed.

Send the sample/s to avast as a Undetected Malware:
Open the chest and right click in the Chest and select Add, navigate to where you have the sample and add it to the chest (see image). Once in the chest, right click on the file and select 'Submit to virus lab...' complete the form and submit, the file will be uploaded during the next update. Note: manually adding to the chest doesn't remove them from the original location, so they still have to be dealt with in that location.
Or
Send the sample to virus (at) avast (dot) com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.

Note: what is in the prefetch folder isn't the same as the file, it just contains info on the file, its location on the hard drive to speed loading, so sending that won't help.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now