i need urgent help!

All replies

• 

  

  1

  Sign in to vote

  Hi,
  
  I am guessing you have one of the current malware versions using AV.exe and even if you
  don't use these methods to detect and remove the malware.
  
  Try Safe Mode with networking - repeatedly tap F8 as you boot up.
  
  The top two methods allow the scanners to run and/or get AV.exe out of the way or removal.
  
  1.
  CTRL SHIFT ESC  - Task Manager  OR Right Click the TaskBar - Task Manager
  
  Processes tab - End Process on AV.EXE and then proceed with the Uninstall Guide.
  
  Then if needed use Start - Computer  OR  Windows Explorer  to navigate to
  
  C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe  or where ever it is installed at - if
  needed Right Click the Malwarebytes - Properties - Shortcut tab - target line to see where it
  is installed.
  
  Right Click on it and Rename it to ZZMbam.COM (or anything different than it is now) and
  then double click on it and run it that way. You can rename it back later. Do similar with
  other programs as needed. Use this method for others as needed - DO NOT ASSUME any
  one program removes it all or that there is not other malware involved.
  
  ---------------------------------------------------
  
  2.
  Another method is to use these :
  
  Use Process Explorer to "Suspend" not Stop the Processes
  
  Then use AutoRuns to remove the malware startup items.
  
  Now use UnLocker to delete the files in the malware.
  
  You may have to do this one file at a time.
  
  Process Explorer - Free
  http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
  
  AutoRuns - Free
  http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
  
  UnLocker - Free (do not install the Ebay adaware)
  http://www.softpedia.com/get/System/System-Miscellaneous/Unlocker.shtml
  
  AV.exe
  
  ==============================================
  
  There are many names for this malware :
  
  XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010 are rogue antivirus, 
  scams to force you to pay for them while they have no benefits at all.
  
  How to remove all versions :
  http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010
  
  RENAME these as needed to allow them to run : (renaming .exe to .com can help as well)
  
  These can be done in Safe Mode - repeatedly tap F8 as you boot however you should also run them
  in regular Windows when you can.
  
  Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone. (If Rootkits
  run UnHackMe)
  
  Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
  
  Malwarebytes - free
  http://www.malwarebytes.org/
  
  Run the Microsoft Malicious Removal Tool
  
  Start - type in Search box -> MRT  find at top of list - Right Click on it - RUN AS ADMIN.
  
  You should be getting this tool and its updates via Windows Updates - if needed you can download it
  here.
  
  Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
  (Then run MRT as above.)
  
  Microsoft Malicious Removal Tool - 32 bit
  http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
  
  Microsoft Malicious Removal Tool - 64 bit
  http://www.microsoft.com/downloads/details.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en
  
  also install Prevx to be sure it is all gone.
  
  Download - SAVE - go to where you put it - Right Click on it - RUN AS ADMIN
  
  Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other security programs.
  This is a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see
  how to remove. 
  http://www.prevx.com/   <-- information
  http://info.prevx.com/downloadcsi.asp  <-- download
  

  PCmag - Prevx - Editor's Choice
  http://www.pcmag.com/article2/0,2817,2346862,00.asp
  
  Try the trial version of Hitman Pro :
  
  Hitman Pro is a second opinion scanner, designed to rescue your computer from malware (viruses,
  trojans, rootkits, etc.) that have infected your computer despite all the security measures you have
  taken (such as anti virus software, firewalls, etc.).
  http://www.surfright.nl/en/hitmanpro
  
  --------------------------------------------------------
  
  If needed here are some online free scanners to help
  
  http://www.eset.com/onlinescan/
  
  http://onecare.live.com/site/en-us/default.htm
  
  http://www.kaspersky.com/virusscanner
  
  Other Free online scans
  http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1
  
  --------------------------------------------------------
  
  Also do these to cleanup general corruption and repair/replace damaged/missing system files.
  
  Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup
  
  Start - type this in Search Box ->  COMMAND   find at top and RIGHT CLICK  -  RUN AS ADMIN
  
  Enter this at the prompt - sfc /scannow
  
  How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
  generates in Windows Vista cbs.log
  http://support.microsoft.com/kb/928228
  
  Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.
  
  How to Run Check Disk at Startup in Vista
  http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html
  
  -----------------------------------------------------------------------
  
  If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)
  
  http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/a8f665f0-c793-441a-a5b9-54b7e1e7a5a4/
  
  Hope this helps.

  ---

  Rob - Bicycle - Mark Twain said it right.

  Saturday, February 27, 2010 4:58 AM
• 

  

  1

  Sign in to vote

  Hi,
  
  Use above message to do an intense and thorough check for malware.
  
  To restore the ability to run .exe programs.
  
  1. Make a Restore Point so you can revert back if needed though not likely required.
  
  How to Create a System Restore Point in Vista
  http://www.vistax64.com/tutorials/76332-system-restore-point-create.html
  
  How to Do a System Restore in Vista
  http://www.vistax64.com/tutorials/76905-system-restore-how.html
  
  2 . Copy BETWEEN these lines and paste into Notepad - Save as exefileFix.reg  -  then Right
  Click on it and MERGE - REBOOT
  
  DO NOT COPY LINES
  -----------------------------------------------------------------
  
  
  Windows Registry Editor Version 5.00

  [HKEY_CLASSES_ROOT\.EXE]
  @="exefile"
  "Content Type"="application/x-msdownload"

  [HKEY_CLASSES_ROOT\.EXE\PersistentHandler]
  @="{098f2470-bae0-11cd-b579-08002b30bfeb}"

  [HKEY_CLASSES_ROOT\exefile]
  @="Application"
  "EditFlags"=hex:38,07,00,00
  "FriendlyTypeName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\
    00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,\
    32,00,5c,00,73,00,68,00,65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,\
    00,2c,00,2d,00,31,00,30,00,31,00,35,00,36,00,00,00

  [HKEY_CLASSES_ROOT\exefile\DefaultIcon]
  @="%1"

  [HKEY_CLASSES_ROOT\exefile\shell]

  [HKEY_CLASSES_ROOT\exefile\shell\open]
  "EditFlags"=hex:00,00,00,00

  [HKEY_CLASSES_ROOT\exefile\shell\open\command]
  @="\"%1\" %*"
  "IsolatedCommand"="\"%1\" %*"

  [HKEY_CLASSES_ROOT\exefile\shell\runas]

  [HKEY_CLASSES_ROOT\exefile\shell\runas\command]
  @="\"%1\" %*"
  "IsolatedCommand"="\"%1\" %*"

  [HKEY_CLASSES_ROOT\exefile\shellex]

  [HKEY_CLASSES_ROOT\exefile\shellex\DropHandler]
  @="{86C86720-42A0-1069-A2E8-08002B30309D}"

  [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice]
  
  --------------------------------------------------------------
  DO NOT COPY LINES
  
  If needed :
  
  Check the EXE file fix here
  http://www.winhelponline.com/articles/105/1/File-association-fixes-for-Windows-Vista.html
  
  Also check this one if it applies
  http://www.winhelponline.com/articles/165/1/Restore-the-exe-file-association-in-Windows-Vista-after-incorrectly-associating-it-with-another-application.html
  
  How to Set Default Associations For a Program in Vista
  http://www.vistax64.com/tutorials/83196-default-programs-program-default-associations.html
  
  Hope this helps.

  ---

  Rob - Bicycle - Mark Twain said it right.

  Saturday, February 27, 2010 4:59 AM
• 

  

  0

  Sign in to vote

  yeah it is the AV.exe i have closed the process, is there any way i can get to talk to you? or maybe even on teamviewer so you can help even more?
  
  and the things its doing is i cant run task manager from taskbar but i can if i ctrl alt delete i have also located where regedit has been put.<input id="gwProxy" type="hidden"></input> <input id="jsProxy" onclick="jsCall();" type="hidden" />

  Saturday, February 27, 2010 5:08 AM
• 

  

  1

  Sign in to vote

  Hi,
  
  Sorry this is not live. Run those detection methods in an intense manner (meaning use them all) and
  rename any that will not run using a different name and extension. Be sure to name them back to
  what they where later.
  
  mbam.exe     rename to   ZZmbam.com
  
  mrt.exe         rename to   ZZmrt.com
  
  and so on - the name to the left of the .com is totally optional but has to be different than it was
  originally.
  
  
  
  

  ---

  Rob - Bicycle - Mark Twain said it right.

  Saturday, February 27, 2010 5:15 AM
• 

  

  0

  Sign in to vote

  http://www.winhelponline.com/articles/105/1/File-association-fixes-for-Windows-Vista.html
  
  
  
  i fixed the exes with this and i got rid of the AV.exe and founds it file where it was uploaded and deleted i used AVG and it threw it into vault. now i am useing malwarebyte
  
  
  i do not know how to use the Regedit<input id="gwProxy" type="hidden"></input> <input id="jsProxy" onclick="jsCall();" type="hidden" />

  Saturday, February 27, 2010 5:21 AM