• I want to thank all the members that have upgraded your accounts. I truly appreciate your support of the site monetarily. Supporting the site keeps this site up and running as a lot of work daily goes on behind the scenes. Click to Support Signs101 ...

HELP... Virus

steve b

New Member
Got a virus on the home pc. Ran spybot and noticed in the scan the names virtumonde, smitfraud and a ton of bogus anti virus programs, But spybot didn't find any problems. I have avg free new version, ran a scan, and no problems found? This virus started out by redirecting my search results on google searches, every damn link I would click on would get re-directed to another site advertising something. So in my frustrations I dowloaded vondu fix, spyware doctor, they found nothing. Now this morning the pc won't start, not even in safe mode, It trys but just keeps cycling over and over. The pc is running xp pro service pack 3.

Any help would be appreciated.

Side note, these pricks that do advertising this way will NEVER get my business!


Thanks,
steveb
 

binki

New Member
try running spybot from safe mode. if you have another computer, download the updates to a flash drive and load them on the infected computer in safe mode.

start safe mode without netoworking to keep the thing from connecting to the internet.
 

choucove

New Member
The threads that Fred pointed out sounds exactly like your issue, as in my Spybot S&D scans every one of them came up with Virtumonde and Smitfraud. If you are attempting to fix this yourself, about the only sure way I have been able to remove the virus is, when the computer very first starts up hit the Ctrl+Alt+Del combo to bring up the task manager. You have to do this very fast before the fraud antivirus loads or it will lock you from being able to open up the task manager.

If you can open up the task manager when Windows first loads, then you should be able to find the process of the fraud antivirus program and end it once it loads. The name of the process differs depending upon the variant of the virus. With the fraud antivirus software temporarily disabled you should be able to then open your antivirus software, do a database update, and then perform a scan to remove the virus. Also do a scan with Spybot and see if that can remove any other issues. If AVG can't remove the virus with this process, you should try downloading and running Avast! Anti-Virus, as I have used that version so far to clear off this virus from 18 computers.

Also, I might be able to get you some better information if you can tell me the exact name of the fake antivirus program that is popping up. Is it AntiVir 2010?
 

choucove

New Member
You cant even boot in safe mode?

Booting into safe mode won't really do anything with this virus. In safe mode the virus application doesn't load so the anti virus application won't recognize it the way that it has been designed.

Additionally, I've noticed more and more computers that I have worked on (Dell and HP prebuilt systems specifically) are not allowing the user to log in or even fully boot into safemode. The system tries to start loading and then will crash. So even getting into safemode in those situations to try and scan for a virus is not going to work unfortunately.
 

mikey-Oh

New Member
you could at least try a win boot disk to see if you can get some form of functionality. my guess is the computer won't have a floppy drive, so you'll need the original windows OS cd
 

steve b

New Member
Thanks for the replys folks! I took it to my local pc shop and ended up buying a new pc. Problem fixed for now.
I still would like to know why these SOBs place these advertisement trojans and viruses on peoples pc's? I had one pop up( re-direct) to Mimi's Cafe (a local cafe) after searching how to make beer Butt chicken on a google link. I will never eat at Mimi's again, and will not patronize any other merchants that are involved and have been re-directed my way .
 

Keith Rae

New Member
Have anyone tried ultimate boot disk for windows? You have to make the disk while your system is still healthy but it boots from your cd/dvd drive into a virtual drive it sets up in your memory. When you make the boot disk you can select which programs you want to include in the boot up. It has saved me a couple of times, at the very least it lets you access your NTFS partitions on your drive to copy your data off. I don't know if it works with Vista or Win 7
www.ubcd4win.com
 

Techman

New Member
C'mon guys,.,

I see a ton of ideas and some suggestions, but a few are completely wrong.
Spybots and ad Awares will not stop or remove this stuff nor wil any antivirus stuff.
It has to be cleaned using the proper cleaners..

Virtumonde and Smitfraud. and easy to fix. But the latest one is not so easy ..

EAch of us should have on hand several tools

one
lspfix. to fix the winsock
two
tempfilecleaner
three
rootkit revealer
four
a copy of a good host file.. This is major because this is a hijack area where the redirects come from.
five
malwarebytes antimalware.
six
Avenger.

seven
a boot cd just in case you cannot get into a boot.

eight
smitfraudfix

These are just about all you need to get a machine back online. I use these plus a couple others that I will not mention because they are trade secrets.

Formats and reinstalls are not necessary.
 

choucove

New Member
I don't mean any offense by this, but the only reason why this virus should cost you a whole new computer is if you were already looking for any excuse to get rid of your old computer. Even having a professional computer shop remove this virus is going to cost less than a new computer.

The idea mentioned above about having a boot disk is very helpful. If nothing else it will allow you to safely boot to access your hard drive files for moving or backup. However, you also have to realize that this will allow you to copy the files of the virus to someplace else so be selective in what you are copying. There are also linux live CDs out there that do not need to be built using your current operating system. I've saved a few computers this way using Knoppix Live Boot DVD. There is also the SystemRescue CD that works similar.

I can honestly say that while Techman is right, and an antivirus or malware protection program generally will not catch these things, in my case at least it has not always been that way. Of the computers I've removed this virus from, after grabbing an updated definition for the virus database on Avast! Anti-Virus that program has been able to remove the virtumonde and smitfraud viruses two-thrids of the time. I've not tried many other tools besides manual removal in some more recent cases because I didn't need anything else besides Avast.
 

BrianKE

New Member
One of your best defenses in these types of situations is System Restore. Make sure your boot drive is monitored and if this happens, simply run System Restore and restore to a date in the past that you know worked.

This has fixed 99% of the problems I have helped others with when a virus protection doesn't.
 

steve b

New Member
No offense taken Choucove and I appreciate your suggestions as well as techmans. Your right about the new pc, But It was about time anyway. So now time to study up on making a boot disc.....

Thanks,
steveb
 

gabagoo

New Member
A lot of viruses make system restore non workable, I have found.

I have to admit since downloading the temp file cleaner I basically run it every day and amazed how many megs it frees up each time.
 

threeputt

New Member
Last Friday I got hit. Same symptoms as the OP. Wound up taking it to a computer shop here. Two hundred fifty nine bucks later, I'm up and running.

They removed AVG (the paid version) and SpyHunter. And put Avast (the free version) on the machine telling me it's much more effective. That and the one that comes bundled with MicroSoft XP Pro.

They said it's different in that it's a "resident" shield versus whatever AVG, Norton and McAffee offer.

Don't know about such things, have to trust the shop. Or...bone up on this stuff.
 

Techman

New Member
One of your best defenses in these types of situations is System Restore.

Sorry , but this is about the most wrong answer any one can give. These newer variants unlock the system restore, infect it and then relock it making every thing look all ok.

That is why the maggotware keeps coming back. It has to be removed. It cannot be removed by using system restore..

The best advice I've read here is where the above says to get a local IT tech on the friend list. Cleaning these latest maggotwares should not take more than about 30 minutes and ten of those 30 is getting a beverage ready..


As for tempfilecleaner. Its been around for a short while. When it was first released I posted it here. This type of utility is well known in geekland as is a few others that the average user will never find out about..
 
Top