Virus
Hello all,
I have a virus, well I wouldn't exactly call it a major problem but, it is irritating and I would like a little more info on it. The virus is called "Security Suite," but it also has other names. I have my suspicions as to where it came from as it has infected my computer, and a laptop. They both share many programs, but there is one that I find suspicious, it is called "AirMouse." It goes along with an iphone application called airmouse. I downloaded it on both computers, and a month later (for each of them!) this virus pops up. It is nothing fatal, and is neither a trojan, or password stealer, etc. It is just trying to get money. What happens is that, all of these alerts come up in different forms saying that "your computer is infected with such and such virus." I know that it is fake because, it says that the virus was sent from an ip-address that is grammatically incorrect, and I have dealt with it before. I was wondering if the program I described actually installed the virus, or if I am wrong, also I was wondering how to get it off. Malwarebyte's is currently scanning on high intensity, but if for whatever reason, it doesn't pick it up, what do you recommend I do?
Thanks, I appreciate it,
t0xik
What operating systems?
Generally what I do is run ComboFix, and if that doesn't do it run HijackThis. I don't think that ComboFix works on 64-bit systems, but I'd have to check. You can still post the HijackThis log here.
this look like it? http://www.bleepingcomputer.com/virus-removal/remove-security-suite
maug wrote: What operating systems?
Generally what I do is run ComboFix, and if that doesn't do it run HijackThis. I don't think that ComboFix works on 64-bit systems, but I'd have to check. You can still post the HijackThis log here.
this look like it? http://www.bleepingcomputer.com/virus-removal/remove-security-suite
Yes it does, but there is an updated look for it, that doesn't say security suite. I recognized it instantly from previous problems.
And thanks for your ideas, it never hurts to try stuff.
Edit: I run a windows vista home premium, and it sucks.
Thanks, t0xik
Actually, malwarebyte's didn't work. I was investigating around, before I did what you recommended, and I discovered two things.
-
It is a copycat security suite, same thing, same format, different person.
-
It is an html file, and I have found the file location. There is just one problem, when I try to move the file to the recycle bin, it just says that the file is running in another program. The problem is that I have no idea how to close the program.
Further instruction required
Also for those that are curious, I found it in the temp folder.
Thanks,
t0xik
When it pops up again, bring up your task manager and see what all is running. You can usually track down the location this way. I had a virus that was in the users AppData on windows 7. It had random text as a name. This one sucked though cause when it was running it wouldn't let me open anything else, including a cmd or tskmgr. So I placed a batch to open tskmgr in my startup file.
Malware bytes, AVG, and AVG's live cd didn't pick it up.
techb wrote: When it pops up again, bring up your task manager and see what all is running. You can usually track down the location this way. I had a virus that was in the users AppData on windows 7. It had random text as a name. This one sucked though cause when it was running it wouldn't let me open anything else, including a cmd or tskmgr. So I placed a batch to open tskmgr in my startup file.
Malware bytes, AVG, and AVG's live cd didn't pick it up.
Its same thing, same random numbers in appdata, same not being able to load stuff up, except this time, I outsmarted it in a way. To open things, you have to open them in the first twenty seconds of the computer starting up/logging in.
Can you please send me the batch code (in the forum of course) to open taskmanager.
Thanks, t0xik
No scans I have tried have worked, and detected it. I think I got it. I put taskmgr in the startup folder and deleted the files for the virus (C:\Users\"my user"\AppData\Local\Temp\"virus folder")
Something odd that is still a problem, is that although I can use all of the programs again, the internet is still not working correctly. (by still, I mean that it was disabled other than the sites that the virus wanted me to go to.) There is no error from the virus, but, no webpages whatsoever are working. They all have the Internet Explorer, "Diagnose connection problems" thing, which doesn't actually do a bit of good for me right now.
Any ideas, please speak your mind.
Thanks, t0xik
backup your registry and run a reg cleaner.
www.ccleaner.com is a possible program, it also makes a backup of your registry.
lol ok, have you checked your network? router etc?
if everything's good, you have checked and there are no suspiciou processes running there anymore, try the netsh command.
if regedit and taskmgr is disabled then the malware has made changes to that on the registry. you can download a vbs script that automatically fixes this (regedit and taskmgr enable) just google.
the netsh command might work too:
c:\netsh int ip reset all
and
c:\netsh winsock reset
then restart.
hijackthis is also a good way to inspect your registry and delete a file/files on reboot.
you can also try bitdefender to scan.
if nothing else and you think it has gone deep, just reinstall.
gruenfeld777 wrote: lol ok, have you checked your network? router etc?
if everything's good, you have checked and there are no suspiciou processes running there anymore, try the netsh command.
if regedit and taskmgr is disabled then the malware has made changes to that on the registry. you can download a vbs script that automatically fixes this (regedit and taskmgr enable) just google.
the netsh command might work too:
c:\netsh int ip reset all
and
c:\netsh winsock reset
then restart.
hijackthis is also a good way to inspect your registry and delete a file/files on reboot.
you can also try bitdefender to scan.
if nothing else and you think it has gone deep, just reinstall.
I checked the network and router already. No suspicious processes. I will try the netsh command though. I have also used CCleaner already though. I also reenabled taskmgr by putting it in start. The virus is already gone, I believe, I just need to get the internet back up and running. Its all connected and everything, outlook express even works. The prob is internet explorer. (as usual ;))
t0xikc0mputer wrote: Thanks for your help everyone, even though I did not use it.
That's a surefire way to get help in the future.
BTW maug was correct on using ComboFix to get rid of this, If the system restore point won't work (Didn't see anyone mention that) ComboFix always does. I've removed the same virus several times already this year.
Yeah, I was just a little too lazy to install programs, and transfer them to the other computer. And it would have been to challenging because I would have had to run them in like the first twenty seconds of the computer loading.
I'm positive that I will need help in the future, and if the virus is not as simple, or even if it is, I am sure that I will use it.
Thanks,
t0xik
Next time to make it easier on yourself, read the forum posts that you asked for. Combofix doesn't install, it just runs. That would have gotten it, according to Korg.
If you followed the link, they mention that you can run RKill, and then scan with malwarebytes (which you said was running but couldn't see it). That would have gotten it.
And if both of those didn't work, again you could have looked at the link (in the first response to your thread) and you would have found a guide that takes you through the entire removal process, hand in hand, with pretty screen shots at every turn. That would have gotten it.
I don't like you anymore.