This happened to me...

I was on a website and then it says "Windows vista instaling updates" just like the real windows vista. Next thing i knew it blocked internet and was telling me i had all these viruses and i would have to buy full version. It was abviously a virus and i couldent get on anything such as internet unless i restored my computer to factory settings...

Lost alot of installed proggrammes. So be careful and make sure this dosent happen to you.

I never allow vista to auto update as i like to choose what it installs.

This happened to me as well! Can you restore your PC without having the Windows discs?

If you have this infection a removal guide can be found here:

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

I keep reading all the things about virus software - I have AVG and Ad-aware do I need anything else

scareware?
a pic looking like its installing, or youve got so many viruses click here to protect yourself?

I keep reading all the things about virus software - I have AVG and Ad-aware do I need anything else

yeah ditch avg personally it boobood with me after so many years, i moved to avast and anti malwarebytes, they saved my ass

melthebell - scareware is that the answer to my question about what else do I need and if so which scareware?

smary,

No, you've got the wrong end of the stick.

"Scareware" is a term given to rogue or fake security programs.

They try to scare you into buying them by falsely claiming you're infected with all kinds of viruses when they themselves are the real infection.

http://news.bbc.co.uk/1/hi/technology/8313678.stm

This happened to me...

I was on a website and then it says "Windows vista instaling updates" just like the real windows vista. Next thing i knew it blocked internet and was telling me i had all these viruses and i would have to buy full version. It was abviously a virus and i couldent get on anything such as internet unless i restored my computer to factory settings...

Lost alot of installed proggrammes. So be careful and make sure this dosent happen to you.

My brother had something like this, it was a real pain to remove. It tricked him to click a prompt which looked alot like a genuine Windows one.

melthebell - scareware is that the answer to my question about what else do I need and if so which scareware?

smary, your best free protection is Sandboxie, it's actually better than any antivirus or antispyware as it doesn't depend on any definition updates.

What it does is isolates your browing area so that anything that is malicious doesn't get transferred to your hardrive, sort of like a invisible barrier., You can also use it whilst opening e-mails /attachments, videos.photos or even when using MSN messenger.
It's free and easy to use.
Let me know if you want any help with it.

http://download.cnet.com/Sandboxie/3000-2144_4-10371434.html

Or here http://www.sandboxie.com/

Here's a demonstration on:
http://www.youtube.com/watch?v=GueXMq-Vyi8

Kingmaker2 I have installed sandboxie - do I have to do anything like open it every day for it to scan etc?

Kingmaker2 I have installed sandboxie - do I have to do anything like open it every day for it to scan etc?

Okay firstly there should be new Icon on your desktop Yellow icon with red dots called "web browser".

You should double click this and your default browser should open.

You can also just right click your usual browser icon and select "run sandboxed"

Please do either or both, just so that you understand what running in a sand box will look like.
You should see 2 ## symbols at the top.
Let me know when you have done that, then I will explain how to get a coloured border around your browser to help you know more visually that you are surfing within the safe sandbox.

Note :this program doesn't scan your computer it just makes browsing or opening any files much much safer.

I have done that and have opened my browser which is Opera using Sandboxie - at the top I have # either side of the heading both in []. Await your instructions.

I have done that and have opened my browser which is Opera using Sandboxie - at the top I have # either side of the heading both in []. Await your instructions.

Let me know when you have done that, then I will explain how to get a coloured border around your browser to help you know more visually that you are surfing within the safe sandbox.

I'm Using firefox and have the same [#]...[#] in the title.

Awaiting instructions for the coloured border...

Hi Kingmaker2 - when I try and download something even as small as a piece of clipart I get the message this file is too big for Sandboxie. It seems an excellent piece of software and have recommended it to friends. Like Duey still awaiting instructions of the colour border.

Hi Kingmaker2 - when I try and download something even as small as a piece of clipart I get the message this file is too big for Sandboxie. It seems an excellent piece of software and have recommended it to friends. Like Duey still awaiting instructions of the colour border.

I'm Using firefox and have the same [#]...[#] in the title.

Awaiting instructions for the coloured border...

Okay I'll look into the clip Art thing.

But here is how to get a coloured border

1) Go to the System tray (bottom right of your PC next to the clock) and right click on the yellow sandboxie icon.
Then select "Show Window"

That will bring up the Sandboxie control box.

2)Click the "Sandbox" menu (next to view menu)

3)Select "Default Box" (this will expand into another menu)

4)Here select "Sandbox settings"
Now select "appearance" from the left hand menu.

5)In the appearance box you will now see an option "Sand box can display a thick border......."
If you put a tick in this box you will be be presented with a palette of various colours, just select the colour you want then click "apply"

The next time you open up your sandboxed web browser you will see the coloured border.

Don't forget you can open nearly any program in Sandboxie ie. e-mail,Messenger photos, video etc the sand box too. just right click the program Icon and select "Run sandboxed"

Let me know if you get problems with setting up your coloured border.

thanks to Kingmaker2 for the clear, concise instructions...
Worked A charm!

Just a quick question about Sandboxie, My touchpad has an area for vertical and horizontal scrolling, when using sandboxie, the icon appears to indicate that it is scrolling but the page stays where it is. when using the scroll bar on the page, it does scroll.

is there an option that will fix this?

Cheers

If this comes up with a fake window's security centre telling you about all the viruses it has found then switch the computer off, reboot in safemode and using system restore go back a couple of days or to the last restore point. I downloaded some malware remover that was supposed to be able to get rid of it but it did not work, it made it so the computer was completely screwed!

System restore from safe mode is the best option, then download and install the latest version of Spybot and run it.

thanks to Kingmaker2 for the clear, concise instructions...
Worked A charm!

Just a quick question about Sandboxie, My touchpad has an area for vertical and horizontal scrolling, when using sandboxie, the icon appears to indicate that it is scrolling but the page stays where it is. when using the scroll bar on the page, it does scroll.

is there an option that will fix this?

Cheers

No problem Duey,

As to the touch pad scroll, I don't know if there is a fix but I'll let you know if I come across anything.

If this comes up with a fake window's security centre telling you about all the viruses it has found then switch the computer off, reboot in safemode and using system restore go back a couple of days or to the last restore point. I downloaded some malware remover that was supposed to be able to get rid of it but it did not work, it made it so the computer was completely screwed!

System restore from safe mode is the best option, then download and install the latest version of Spybot and run it.

System Restore solves a good number of problems, however if using to recover from an infection, once you are sure your system is up and running as good as it was before the infection, then its important to delete the virus which is still stored in System Restore, otherwise you could quite easily reinstate the virus you have just recovered from.

To do this is quite simple though, all you need to so is turn off system restore, momentarily.

Start menu> Control panel> Performance and maintenance> System> System Restore Tab......then put tick in "turn off system restore"

Doing this will wipe out all restore points which in turn wipes out any viruses/spyware lurking in any saved System restore points.
That is why it is important to check your system is functioning okay BEFORE you turn off system restore, as you won't be able to undo this.

Now simply turn System Restore back on again.

Regarding Spybot, it's an okay free antispyware application but it is not the best available out there.

Better choices would be:

Super Antispyware

http://www.superantispyware.com/download.html (Note :Download Free Edition)

and Malewarebytes

http://www.malwarebytes.org/mbam.php (Again, download Free version)

System Restore solves a good number of problems, however if using to recover from an infection, once you are sure your system is up and running as good as it was before the infection, then its important to delete the virus which is still stored in System Restore, otherwise you could quite easily reinstate the virus you have just recovered from.

To do this is quite simple though, all you need to so is turn off system restore, momentarily.

Start menu> Control panel> Performance and maintenance> System> System Restore Tab......then put tick in "turn off system restore"

Doing this will wipe out all restore points which in turn wipes out any viruses/spyware lurking in any saved System restore points.
That is why it is important to check your system is functioning okay BEFORE you turn off system restore, as you won't be able to undo this.

Now simply turn System Restore back on again.

Regarding Spybot, it's an okay free antispyware application but it is not the best available out there.

Better choices would be:

Super Antispyware

http://www.superantispyware.com/download.html (Note :Download Free Edition)

and Malewarebytes

http://www.malwarebytes.org/mbam.php (Again, download Free version)

It was malwarebytes that claimed to get rid of it, after running it I could not do anything, IE no longer loaded and I could not even access help and support from the start menu, even running the recovery option from the CD could not fix the damage that malwarebyes did. I throught it was going to be a full format but system restore from safemode fixed it. I had the same thing a few days later, so installed and ran spybot after running system restore from safemode and it's not happened since. A friend rang a few days later with similar problems and system restore seems to have sorted it for him aswell as he has not rang back.

A lot of modern malware either disables system restore or is otherwise able to survive a system restore. They also disable the ability to go into safe mode too, or, in the case of some rootkits - will still run in safe mode.

I agree with kingmaker that Spybot - whilst is has been a good program - has been surpassed by others.

even running the recovery option from the CD could not fix the damage that malwarebyes did.

The malware caused the damage in the first place - not malwarebytes.

The malware caused the damage in the first place - not malwarebytes.

The malware did not stop IE or other windows programs loading, marwarebytes did.

Either way, if people are getting a program claiming to to be antivirus 2010 or emulating the windows security centre then try system restore if you can't get rid of it! After wasting a fair bit of time on other methods system restore worked for me!

The malware did not stop IE or other windows programs loading, marwarebytes did.

So the PC ran fine whilst the malware had infected you?

Just to let those who are interested know that Sandboxie 3.44 is now Windows 7 32bit AND 64bit compatible.

http://www.sandboxie.com/

The malware did not stop IE or other windows programs loading, marwarebytes did.

Either way, if people are getting a program claiming to to be antivirus 2010 or emulating the windows security centre then try system restore if you can't get rid of it! After wasting a fair bit of time on other methods system restore worked for me!

Okay neeek, diagnosing what caused something to happen on a computer is often confusing even for the so called experts.

It also depends on what type of infection you had, now what may well have happened was that Malware bytes detected a malware in a file that IE also used to open, causing the problem that you experienced.

Now I am also a keen advocate of implementing System Restore on a number of occasions when the computer begins to act up (Although E Runt is a program that I also have now that does a similar job)

System Restore is useful in restoring your settings to a previous time, but waddler says, the virus or malware may prevent this from running.

Also neeek, You will STILL need to momentarily turn off System restore to be sure that the malware has been completely removed from your system but don't just take my word for it read this:

"Why disable System Restore?"

"System Restore backs up the bad with the good, hence as a part of malware cleaning it is advised to turn off and on System Restore to eliminate the presence of malware infected files in the System Restore points."

http://www.malwarehelp.org/how-to-disable-enable-system-restore-turn-system-restore-on-or-off.html

So the PC ran fine whilst the malware had infected you?

Yes it worked. It just came up with a fake version of windows secirity centre saying the computer was not protected, then did a fake virus scan bringing up loads of fake infected files, then tells you to download some program to fix it. Opening IE works but it directs you to a page saying your computer is at risk etc..

Yes it worked.

The moment the malware landed on your system it installed files and made changes to the registry that are detrimental to the normal running of your PC. How you can then blame another program for the "damage" it has caused is beyond me.

Now I am also a keen advocate of implementing System Restore on a number of occasions when the computer begins to act up (Although E Runt is a program that I also have now that does a similar job)

I use erunt myself, but it only backs up the registry - not system and other files as does System Restore.

Okay neeek, diagnosing what caused something to happen on a computer is often confusing even for the so called experts.

It also depends on what type of infection you had, now what may well have happened was that Malware bytes detected a malware in a file that IE also used to open, causing the problem that you experienced.

Now I am also a keen advocate of implementing System Restore on a number of occasions when the computer begins to act up (Although E Runt is a program that I also have now that does a similar job)

System Restore is useful in restoring your settings to a previous time, but waddler says, the virus or malware may prevent this from running.

Also neeek, You will STILL need to momentarily turn off System restore to be sure that the malware has been completely removed from your system but don't just take my word for it read this:
Why disable System Restore?

"System Restore backs up the bad with the good, hence as a part of malware cleaning it is advised to turn off and on System Restore to eliminate the presence of malware infected files in the System Restore points."

http://www.malwarehelp.org/how-to-disable-enable-system-restore-turn-system-restore-on-or-off.html

I have never had virus or malware issues that have not been cleared relatively easily and have never had an infection that basically made the computer unusable before. IE redirects so you are not able to download anything and no matter how many thimes you end the task the malware comes back up within a minute. Ending the task does not work, none of the virus or malware s/w already installed could do anything about it and system restore would not complete unless in the computer was booted in safemode. If you don't have access to another computer then you're going to struggle downloading a program to get rid of it! I did have access and the program make matters worse! I am not claiming to be an expert, I just know that I tried all the usual methods to get rid of this malware and until I restored the computer to a few days before, nothing worked. Turning system restore off is probably good advise when trying to clear an infection, I was just posting my experiences of this malware or a similar one in the hope it might save people some time!

My last experience of this Scareware Program (Antivirus 2010) was that it blocked all internet activity except to it's own site, it prevented many AntiVirus/AntiSpyware programs from running, or even installing, including Avast, Malwarebytes, Spybot, Ccleaner etc...

The solution i used was.

Unplug/switch off the Internet connection.
Have a USB stick/CD etc with recent copies of AntiVirus/AntiSpyware programs on it.
Start the PC in Safe Mode.
Install Malwarebytes
Run it... (Full Scan)
Restart in Safe Mode.
Run Malwarebytes again. (Quick Scan)
Install and Run Spybot. Use the Immunise function.
Restart your PC in Normal Mode
Run Malwarebytes again. (Quick Scan)
Run CCleaner, Spybot, Superantispyware, your AntiVirus etc..
Restart your PC in Normal Mode
If everyting is clean Reconnect the Internet.
Run Malwarebytes etc again but update them before running.

Hopefully you'll be clean by the end of all that.

The moment the malware landed on your system it installed files and made changes to the registry that are detrimental to the normal running of your PC. How you can then blame another program for the "damage" it has caused is beyond me.

I did not post so I could have a poinless argument, the malware was a problem, the malware remover made it much worse.
There are people with limited computer skills such as my friend who called me with similar problems as the OP which is why I posted. System restore in safe mode then running spybot cleared it. System restore in safe mode will get the computer into a state where you can download spybot. You want to do something else then that's fine.

I use erunt myself, but it only backs up the registry - not system and other files as does System Restore.

Yep, I know, I just shortened my sentence for expediency sake, my post was long enough!;)

I did not post so I could have a poinless argument


I'm not arguing with you! It worked for you and for that I'm glad. I'm just pointing out that it won't work for everyone, and also making some points in the discussion that I think are valid.

(I should probably use smilies more! :D)

I recently had to fix a friends computer which had the antivir2010 (he didn't know it was virus) and i posted on the "What The Tech" forum (http://forums.whatthetech.com) in the "Infections Removal" section. These guys are all vouleteers and are "Experts" in Malware&Similar Removal. they got the computer disinfected very quickly and i would recommend them if anyone ever gets infected. (btw, this isn't a plug for them, just telling you who i use) They are very helpful and if you get stuck using any of the FREE programs that they recommend they are more than happy to clarify and help.

Hi Kingmaker2 - empty your pm box can't get through to you!!

Hi Kingmaker2 - empty your pm box can't get through to you!!

Done:thumbsup:

Yes it worked. It just came up with a fake version of windows secirity centre saying the computer was not protected, then did a fake virus scan bringing up loads of fake infected files, then tells you to download some program to fix it. Opening IE works but it directs you to a page saying your computer is at risk etc..

What had probably happened was that it had infected certain files, then when they were cleaned those files were quarantined/deleted, so removing your access

You can't blame malwarebytes though - you could if they had left the files infected ;)

I have never had virus or malware issues that have not been cleared relatively easily and have never had an infection that basically made the computer unusable before. IE redirects so you are not able to download anything and no matter how many thimes you end the task the malware comes back up within a minute. Ending the task does not work, none of the virus or malware s/w already installed could do anything about it and system restore would not complete unless in the computer was booted in safemode. If you don't have access to another computer then you're going to struggle downloading a program to get rid of it! I did have access and the program make matters worse! I am not claiming to be an expert, I just know that I tried all the usual methods to get rid of this malware and until I restored the computer to a few days before, nothing worked. Turning system restore off is probably good advise when trying to clear an infection, I was just posting my experiences of this malware or a similar one in the hope it might save people some time!

This makes it extremely likely that my previous post was correct - the infection was inside a process that is supposed to run, it has just been altered.

This makes it extremely likely that my previous post was correct - the infection was inside a process that is supposed to run, it has just been altered.

Man lands on moon, Elvis is dead! ;)

I posted so other people don't do what I did which is run Malwarebyes and end up with a completed screwed computer!

:)

Do you still have the logfile that malwarebytes produced when you ran it?

It details the processes and files/folders that were removed, the detections made and any registry entries (keys, values and data) that were removed or edited.

Post it here and lets see if it offers any clues as to what might have happened.

For arguments sake let's say it did remove files it shouldn't have. Any files removed are automatically quarantined - and are able to be restored via the Quarantine tab should the need arise.

I uninstalled it once I got the computer working again!

I am sure it only deleted stuff that was infected, it just seems that those files were quite important!!
:)

I am sure it only deleted stuff that was infected, it just seems that those files were quite important!!
:)

Malwarebytes doesn't go after "true" viruses of the file infecting variety like Virut (http://www.f-secure.com/v-descs/virus_w32_virut.shtml) or sality (http://www.ca.com/us/securityadvisor/virusinfo/virus.aspx?id=52797). It doesn't have the ability to cleanse legitimate files of any added viral code and doesn't proclaim to. That's the job of an anti-virus and malwarebytes is promoted as an addition to an antivirus - not a replacement for one. It's realtime protection (available in the paid - not free - version) will target the droppers/downloaders that aim to bring these infections on board in the first place though - prevention is better than cure!


With that in mind I seriously doubt whether it will have deleted any legitimate system files at all.


A more likely explanation is (if you go back to the Bleeping Computer link (http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010) I posted in post #4), that the rogue infection edited the registry to ensure that when certain actions are executed the rogue's files are run.

For an example look at the link I posted in post #4, under "Associated XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010 Windows Registry Information:" you'll notice:

HKEY_CURRENT_USER\Software\Classes\.exe\shell\open \command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "%1" %* So that whenever an executable file is run, av.exe - the rogue's file - is also executed.
When installed, this rogue pretends to be an update for Windows installed via Automatic Updates. It will then install itself as a single executable called AV.exe that uses very aggressive techniques to make it so that you cannot remove it. First, it makes it so that if you launch any executable it instead launches Antivirus Vista 2010, Win 7 Antispyware 2010, or XP Internet Security 2010. If the original program that you wanted to launch is deemed safe by the rogue, it will then launch it as well. This allows the rogue to determine what executables it wants to allow you to run in order to protect itself.

Also:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInter net\IEXPLORE.EXE\shell\open\command "(Default)" = "%UserProfile%\Local Settings\Application Data\av.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe"
Meaning when you ran Internet Explorer, the rogue file av.exe was run too.
It will also modify certain keys so that when you launch FireFox or Internet Explorer it will launch the rogue instead and display a fake firewall warning. Last, but not least, when try to browse to a web site, it will hijack your browser and state that the site is a security risk and not allow you to visit it.


When Malwarebytes ran it will have removed the rogues executable file - av.exe - but some of the registry entries remained, thus when you ran Internet Explorer, the information contained in the registry looked first to the file av.exe - which is no longer present - and therefore couldn't perform the action.... IE wouldn't work.


In performing a System Restore you will have restored the registry to a point where those registry keys were correct - containing no information pointing to av.exe - and Interent Explorer works again!

I hope this explains it for you. ;)