[jewelcraft]

Please help me, my computer has been overtaken by a fake virus allert trying to get me to buy its pIt has pretty much locked me out of everything saying files infected. I can not download and run any removal programs and i cant even get into my controll panel to try to deleat it. It says "system security 2009 and I just want to find a way to get it off my computer.

[Kenny94]

Hi jewelcraft and Welcome to TSG!


Click here to download HJTInstall.exe

• Save HJTInstall.exe to your desktop.
• Doubleclick on the HJTInstall.exe icon on your desktop.
• By default it will install to C:\Program Files\Trend Micro\HijackThis .
• Click on Install.
• It will create a HijackThis icon on the desktop.
• Once installed, it will launch Hijackthis.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

• Open HijackThis, click Config, click Misc Tools
• Click "Open Uninstall Manager"
• Click "Save List" (generates uninstall_list.txt)
• Click Save, copy and paste the results in your next post.

In your next reply, please include these log(s):

* HijackThis Uninstall List
* HijackThis log (new)

[jewelcraft]

I got it downloaded to my desktop but the virus will not let me open it at all. I keep getting a warning this file is infected. It wont let me open anything, it always says the same thing. Files infected.

[Kenny94]

Right click on the HijackThis.exe file and select "Rename". Rename it geek.exe.

Then run HijackThis again and post a new log please.

[jewelcraft]

I did rename it and again, it said file geek.exe is infected can not open... Help

[Kenny94]

Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to Combo-Fix.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

Note: During this process, it would help a great deal and be very much appreciated if you would refrain from installing any new software or hardware on this machine, unless absolutely necessary, until the clean up process is finished as it makes our job more tedious, with additional new files that may have to be researched, which is very time consuming.

Also, please do not run any security programs or fixes on your own as doing so may compromise what we will be doing. It is important that you wait for instructions.

[jewelcraft]

Again, I did as you said, renamed it Combo-Fix.exe and tryed to run it and again the pop up said file Combo-Fix.exe is infected can not open. What am I going to do? I am getting so frusterated.

[Kenny94]

I wonder if your computer is infected with the Win32.Virut virus.

Please do an online scan with Kaspersky WebScanner

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  • Spyware, Adware, Dialers, and other potentially dangerous programs
  • Archives
  • Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

[jewelcraft]

I cant download this eather. the update part keeps saying failed, please restart. I dont know what to do, looks like I may as well give up

[Kenny94]

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, in the menu, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.

[jewelcraft]

Again it started and when i try to run it, it says can not be exicuted file drwebcurint.exe is infected. The only thing it will run is a shield looking thing with stripes and when i click it, I get a larger box that saysSystem Security protect your pc at top left. Its trying to sell me a product and it will not go away or allow me to download and run things.

[Kenny94]

Hi jewelcraft, I'm cheking with someone. I'll be back soon....

[sjpritch25]

did you save Combofix to your desktop as Combo-Fix.exe or did you rename it as Combo-Fix.exe? we need to know

otherwise run this an see if this helps

Download UnHookExec.inf to your Desktop.
Right-Click on UnHookExec.inf and click on Install.
It doen't display any notice or boxes, don't worry it worked.

[jewelcraft]

Yes I saved Combo-Fix to my desktop and renamed it but it will not let me open it at all and I also downloaded the other and saved it to my desktop but it also wont open. This "System Security" thing wont let me run anything. It says everything is infected and stops it. I truly dont know what to do.

[jewelcraft]

Do you think it would help if I go buy some kind of virus remover? Im not sure this thing would let me run it but I just dont know what to do. I need my computer back.