LG John

This morning my computer seems to have come under attack and it decided to randomly change the desktop background to white with a box displaying a message (see picture). I went to system restore to roll back and, conveniently, it appears all my restore points are gone! This looks like virus activity.

Does anyone know what I'm dealing with here, what it does and how I can get rid of it?

JackClark

I'd try products like Spybot. The home of Spybot-S&D!

LG John

God, this thing is a nightmare. When you do google searches it redirects you from nearly all helpful links to other sites. It simply won't open the link above but my laptop, which I'm using just now, will!

myblackwrx

iTrader: (1)

Google search the items in your 'alert' and have a look as there seem to be a lot of removal tips and tools out there.

It's scamware trying to force you to buy some crap.

LG John

The problem on my computer is when I click the links it re-directs me. I've done the google search from the laptop and I did manage to directly type the link to a piece of software that scanned and found the problem but, shock, horror, they wanted $39 to remove it It was probably the company that provide the software that made the virus/scamware/whatever in the fvcking first place.

JackClark

Download the software on your laptop, then copy the set up files to your PC. You may be able to do the install and repair in Safe Mode, which would help.

pimmo2000

iTrader: (6)

It is.. they have probably changed your DNS settings.

Assumin it XP

control pannel, network connections, right click on the one you use for the internet and click properties..

Yours Looking for IP v4 I cant remember the full title.. double click it and make sure everything DNS is set to auto !

Then install Spybot

LG John

Pimmo I've tried going into properties of my internet connection but there is nothing like or relating to IP v4. There is a check next to each of the following:

Client for Microsoft Networks
File and Printer Sharing for Microsoft Networks
QoS Packet Scheduler
Internet Protocol (TCP/IP)

I've been in the properties for each of those and, again, nothing like you describe. It's XP btw.

LG John

ARRRRRRRRR!!!!! This is impossible!!! Every time I try to navigate to a website to download a program to kill this thing I get re-directed or told the page is unavailable, which is blatant lies as my laptop can get there no problem!!!!

phoenixgold

iTrader: (2)

It's the Internet Protocol (TCP/IP) settings. You need to check that your DNS settings are on automatic.

pimmo2000

iTrader: (6)

Protocol (TCP/IP) settings sorry

LG John

So should I set mines to have all those numbers

joey_turbo

iTrader: (26)

I had one like this. Has it disabled your Task Manager too?
I used Spyware Doctor, was the only thing that worked in the end.

pimmo2000

iTrader: (6)

No mate, you see where the options to set as automatic .. set as that

GC8

Does it only work in IE or does it affect Mozilla/Firefox too?

LG John

It's kicking the crap out of them both - I normally use Mozilla fwiw.

GC8

Probably easiest to boot from a write protected Win98 (or WinXP if you use NTFS, youll need to download the WinXP bootbisk maker from MS) diskette and manually remove it.

MJW

Can you download Spybot on your laptop & copy the installer to the infected machine with a USB flashdrive or something ? If Spybot finds something that it can't remove there & then it will reboot your machine and run itself before any other programs start up

GC8

Anti-spyware type applications only tend to work with the lower end malware. Id suggest downloading McAfee's 'Rootkit detective' and see what hidden processes and keys are found. Google them and take it from there (in addition to googling the virus: Im assuming that you AV software detects it but cant remove it?).

LG John

Update

I appear to have killed the bugger - took 14 hours!! I found a thread on MajorGeeks forum that gave a step by step guide to kill all malware from your computer and it worked well. I also got rid of Norton and am tooled up with recommended firewall (online armor) and AV (AGV). Fingers crossed

Thanks for input in this thread.

Aztec Performance Ltd

iTrader: (234)

Glad you got it in the end.

Just stay off those dodgey websites

Vista is streets ahead of XP IMHO.

pimmo2000

iTrader: (6)

For a change I'll say it before Ian does... AVG is poo ..

MJW

No virus thread would be complete without at least 5 posts from people who claim your PC will explode if you don't un-install AVG and install NOD32 instead.

Aztec Performance Ltd

iTrader: (234)

I hate virus checkers.

GC8

Far more computer engineers use Eset than AVG.....

LG John

Ok so what do I want to replace AGV with (direct link please so I defo get legit software). It must be free btw

pimmo2000

iTrader: (6)

What is a computer engineer ???

Surely billy IT support sees more Viruses that an "engineer" ??

kbsub

Antivirus and Antispyware Software - Download ESET NOD32 Antivirus or ESET Smart Security and eliminate viruses

Its not free but do want to spend another 14 hours ....

Why does it have to be free ?

JackClark

An engineer creates. Billy IT support might see a lot of virus alerts but has probably never seen a virus.

LG John

Why pay for something when, it seems, there are free versions that work just as effectively