I need help,asap re:malware takeover

[PawkHawk1]

My daughters laptop was just hijacked by "antivirus" crap and will not let me run anything. She uses Mozilla Firefox, not IE. Also had SUPERAntiSpyware thing downloaded (free addition) as her protector. Using Windows Vista operating system.

Is there anyway I can get rid of this thing tonight? She really need her Word docs to finish a project.

I'm sorry to ask on the football board, but I know there are some smart dudes hanging out here. I appreciate any help. Please and thank you.

 

[tm3308]

Is your daughter in college or in high school? I had the same problem a couple months ago, but I just took it to the tech guys on campus, and they had it fixed in like 20 minutes. Obviously if she's in high school she doesn't have that option.

 

[PawkHawk1]

Is your daughter in college or in high school? I had the same problem a couple months ago, but I just took it to the tech guys on campus, and they had it fixed in like 20 minutes. Obviously if she's in high school she doesn't have that option.

High school.

But she will be a Hawk in the fall!

 

[tm3308]

High school.

But she will be a Hawk in the fall!

Smart girl!

If she has all of her software backed up on a disk, you could maybe try to reboot the whole system (which will erase everything, so don't do it if you don't have stuff backed up).

 

[PawkHawk1]

Nope. Nothing backed up. In fact her disc player thing quit working a couple weeks ago, too. So I can't reload anything.

 

[Casey388]

Do you know the name of the program she is infected with? I know there is a program going around by the name of Internet Protection. It a pain in the @$$. But fairly easy to get rid of if that is the one she has.

 

[atxhawk]

how hijacked is it? if you can at least get control of it enough to shut it down, you should be able to restart it and do a system restore. be careful doing this as you don't want to restire it to factory setttings but the most recent restore point. don't have my laptop with me so i can't give you the step by step but it shouldn't affect any docs. superantispyware is not an active program unless you pay for the top version. it only works to remove annoying minor stuff and must be run often to be effective. also, get a cheap flash drive to act as a backup in case something happens. that way you can always take your files with you in case of a crash.

 

[MeanDrunkR2D2]

I run into this 10 times a week. Do a system restore to a day before this happened and it will remove it and not lose any files. If that doesn't work download combofix from bleepingcomputer.com. either of those will remove it. U would recommend going into safemode as well to do either of them. Many time this spyware will block those programs unless its in safemode.

 

[PawkHawk1]

The program just says I need to buy " Anti Virus" program.

And I can shut down.

Should I restart in safe mode?

 

[MelroseHawkins]

Let her know she needs to stop looking at porn.

 

[Casey388]

Let it come up and see what the name of the program is. Then restart the computer in "Safe mode with Networking". Then when it restarts, use either IE or Firefox and go to google and look up "How to remove (whatever program it is)" and see if you can find an automated program that will remove the infected program. This is the website I found for the program I had to remove for a customer late last week.


Remove Internet Protection, removal instructions

 

[Casey388]

The program just says I need to buy " Anti Virus" program.

And I can shut down.

Should I restart in safe mode?

It sounds just like the program I dealt with. It would say that there were viruses on your computer, and you needed to buy "Internet Protection for 89.95"

 

[Hawkeyefan]

Let her know she needs to stop looking at porn.

 

[PawkHawk1]

Let her know she needs to stop looking at porn.

Lol.

I will try the "safe mode w/ networking" suggestion.

tahnks a ton guys

 

[ArizonaHawkeye88]

I had this same problem 3 months ago. I have a lap top with vista. I had to restart in safe mode and do a backup restore to a time before this happen. Vista automatically backs up the computer every 2 weeks or you can tell it a different time frame.

 

[bunks9er]

Stinks my first post won't be Hawkeye related, but this happened to me last week....You need to download a file called rkill which will stop the popups redirection etc. It won't get rid of the file but then you can run a malware program like Malwarebytes. As another poster mentioned this can be downloaded from bleeping computer. I had to use my other computer and copy the files to a flash drive. Rkill also comes in several fake names on bleeping computer and I only got one of the files to work. Just remember Rkill only ends the programs, then you need to use some Malware program to delete the bad files. If you restart after just running Rkill the same thing will happen again. Good luck, this one took me a night to get figured out because it wont let you open files etc. if you pm me I'll try to help if I can.

 

[ripvdub]

The safemode thing should work, did for me last year or so when my desktop got effed up hardcore. Just lucky that I was able to download malewarebytes even though i kept having god knows what happen to my cpu.

 

[Casey388]

Stinks my first post won't be Hawkeye related, but this happened to me last week....You need to download a file called rkill which will stop the popups redirection etc. It won't get rid of the file but then you can run a malware program like Malwarebytes. As another poster mentioned this can be downloaded from bleeping computer. I had to use my other computer and copy the files to a flash drive. Rkill also comes in several fake names on bleeping computer and I only got one of the files to work. Just remember Rkill only ends the programs, then you need to use some Malware program to delete the bad files. If you restart after just running Rkill the same thing will happen again. Good luck, this one took me a night to get figured out because it wont let you open files etc. if you pm me I'll try to help if I can.

I was having the issue when I was working on that computer, that it wouldn't let me install another antivirus, so I was lucky that it would let me open the automated remover. It is a royal p.i.t.a. I read about Rkill and saw that some people were having success using that program also.

I already have two other people bringing in their computers in the next week with this same exact program invading their computers. So at least it will keep me busy.

 

[eyekwah]

1. Turn the computer off.
2. Turn the computer on and hold the F8 key this will get you into safe mode. You might have to try this more than once.
3. Select the safe mode that does not include networking or command prompt.
4. Wait for the windows interface to appear, you will see some black and white statements before windows appears.
5. You can access it through the Start button All Programs > Accessories > System Tools, or by typing rstrui.exe from the Run option:
6. Choose a restore point from a date where the computer was uninfected. Hopefully you have a restore point set up automatically.
7. This will take a few minutes too accomplish.
8. Shutdown and restart.

 

[HawkPrdatr40]

The program just says I need to buy " Anti Virus" program.

And I can shut down.

Should I restart in safe mode?

Yes and then do system restore