HELP!!! THINK I'VE 'ACQUIRED' A COMPUTER SCAM!!!
Sorry for the belated response peeps. (Cheers joey for the s/w - it worked 
).
Weird, the MW seemed to just disappear without me doing anything!!! Ergo, I went to turn off the netbook, and when I hit the hard button, as soon as the turn-off pop-up, er, popped up, the software interface simply just disappeared and the computer worked perfectly from that point on. I'm confused. Do you reckon the MW was programmed to "time-out" or something?
Regardless, I have ran the MWbytes prog and there were 1440!!! infected files that needed deleting!! So did that anyway/rebooted, etc. and it's all working fine again anyway!
Cheers to everyone that has helped. This thread has highlighted how online forums are such a great facility; the response, in such a short period, has been nothing short of amazing!
No matter how you may think "it's only me that it affects", the reach of the internet makes you feel you're not the only one out there on your own!
ScoobyNet FTW!
).Weird, the MW seemed to just disappear without me doing anything!!! Ergo, I went to turn off the netbook, and when I hit the hard button, as soon as the turn-off pop-up, er, popped up, the software interface simply just disappeared and the computer worked perfectly from that point on. I'm confused. Do you reckon the MW was programmed to "time-out" or something?
Regardless, I have ran the MWbytes prog and there were 1440!!! infected files that needed deleting!! So did that anyway/rebooted, etc. and it's all working fine again anyway!
Cheers to everyone that has helped. This thread has highlighted how online forums are such a great facility; the response, in such a short period, has been nothing short of amazing!
No matter how you may think "it's only me that it affects", the reach of the internet makes you feel you're not the only one out there on your own!
ScoobyNet FTW!
Last edited by joz8968; Feb 1, 2011 at 01:19 PM.
Hi mate I'd still like this prog anyway (see above post) - I'll PM the addy in a bit.
(All the online links to RKill seems to redirect to bloomin' other free downloads, that aren't the actual RKill prog! Drives me mad, that.
)
(All the online links to RKill seems to redirect to bloomin' other free downloads, that aren't the actual RKill prog! Drives me mad, that.
)
Last edited by joz8968; Jan 29, 2011 at 08:45 PM.
Joined: Apr 2002
Posts: 38,078
Likes: 310
From: The hell where youth and laughter go
Just this second got this virus I think: fake AV software called "spyware sheild" off a mobile phone website
That'll teach me to have UAC disabled. First time nod32 has let something through. Quite naughty one this: It runs script to prevent you opening task manager, installs on the task bar and start menu, and also kills nod32 along and prevents it restarting, also kills regedit and admin tools.
Easy to kill though, I just right clicked on this "spyware protection" icon in the start menu, and selected "properties".
That gave the location of the .exe file (/users/xxxxx/appdata/roaming), I navigated to there, found the offending program (called "defender.exe" and renamed it (it wouldn't allow me to delete it), then I moved it to the desktop. And rebooted the PC.
Presto program is dead. Just need to remove the reg and startup entries it left behind.
Start-up entry can be vaped from ccleaner, and run a ccleaner registry clean to pick up the entries referring to the (now) missing file.
That'll teach me to have UAC disabled. First time nod32 has let something through. Quite naughty one this: It runs script to prevent you opening task manager, installs on the task bar and start menu, and also kills nod32 along and prevents it restarting, also kills regedit and admin tools.
Easy to kill though, I just right clicked on this "spyware protection" icon in the start menu, and selected "properties".
That gave the location of the .exe file (/users/xxxxx/appdata/roaming), I navigated to there, found the offending program (called "defender.exe" and renamed it (it wouldn't allow me to delete it), then I moved it to the desktop. And rebooted the PC.
Presto program is dead. Just need to remove the reg and startup entries it left behind.
Start-up entry can be vaped from ccleaner, and run a ccleaner registry clean to pick up the entries referring to the (now) missing file.
Scooby Regular
Joined: Oct 2007
Posts: 2,091
Likes: 0
From: Wanting the English to come first in England for a change!
Joined: Apr 2002
Posts: 38,078
Likes: 310
From: The hell where youth and laughter go
Just had to deal with a client's computer with a similar program this time called "MS shield"
Was a win 7 computer; Rogue file was stored in c:\programdata\
The folder was a random alphanumeric folder containing two files of the same name. I just renamed them all and rebooted. Program died. Deleted the files, ran a virus scan and Ccleaner. Job done.
I belive it gets in through dodgy Java script. So keep your Java upto date.
Was a win 7 computer; Rogue file was stored in c:\programdata\
The folder was a random alphanumeric folder containing two files of the same name. I just renamed them all and rebooted. Program died. Deleted the files, ran a virus scan and Ccleaner. Job done.
I belive it gets in through dodgy Java script. So keep your Java upto date.
Last edited by ALi-B; Apr 1, 2011 at 03:28 PM.
