Win_32

[thelampshade2000]

I'll start at the beginning!

I had CA Office Suite anti-virus loaded on my PC and it was coming up for automatic renewal. As I didn't use some of the things on the suite I emailed CA to ask how to go about my renewal. I was advised that I needed to cancel the auto renewal and then order on-line the parts that I wanted, so four days before the renewal date, I filled in their auto-renewal cancellation form. Guess what? CA immediately cancelled my protection!! As soon as I realised what had happened I bought an alternative av package. In the interim period my PC was infected by Win_32 on a pretty massive scale! To cut a long story short, I wasn't that impressed with the new anti-virus package I bought and replaced it with Kaspersky. The problem is that I can't activate the Kaspersky package on-line. I keep getting "Activation server is unavailable". I also find that my PC won't let me connect to any of Kaspersky's sites that I find through search engines, ie "page not available".

Would appreciate any help!

 

Tony

[Guest Wolfeymole]

Hello Lampshade

 

Welcome to Extreme Tech Support - Free PC Help

 

Did you uninstall the CA software before you installed the "alternative" AV and did you uninstall that when you procured Kaspersky?

[thelampshade2000]

Affirmative to both questions! I also checked to see if there were any remnants on my PC from other AVs I'd had in the past.

[Guest Wolfeymole]

Your computer appears to be still infected with Malware. Malware is software designed to infiltrate or damage a computer system without the owner's informed consent. It is a combination of the words malicious and software. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

 

It is in your best interest to note the following:

1. Please disable your resident security applications (such as AVG, Spybot, WinPatrol, etc.) before performing the below procedure so that they do not interfere with the process.
   
2. Perform all the steps in the order listed to avoid any conflicts.
   
3. If unsure, please stop and voice your doubts.
   
4. You might be required to go offline during the disinfection process. Therefore, it is recommended to print off the instructions below for ease of reference.
   

If you stick to the above guidelines, all should go smoothly.

 

 

================================================

STEP 1

1. Download ATF-Cleaner by Atribune.
   
2. Save the file to your Desktop.
   
3. Double-click on the file to run the program.
   
4. On the Main tab, check the Select All button.
   
5. Next, click on the Firefox tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Firefox, then click No at the corresponding prompt.
   
6. Now, click on the Opera tab (if applicable) and check the Select All button.
    
   Note: If you would like to preserve your saved passwords in Opera, then click No at the corresponding prompt.
   
7. Press the Empty Selected button and click OK to acknowledge the corresponding prompt.
   
8. Click on the Exit button to quit the program.
   

================================================

STEP 2

1. Please click here to download Malwarebytes' Anti-Malware.
   
2. Save the file to your Desktop.
   
3. Double-click mbam-setup.exe and follow the prompts to install the program.
   
4. At the end, make sure a check mark is placed next to:
   
   1. 
      
   2. Update Malwarebytes' Anti-Malware
      
   3. Launch Malwarebytes' Anti-Malware
      

[*]Click Finish.

[*]The program will download and update itself if it finds the necessity to do so. Please allow this.

[*]Once the program has loaded, select Perform full scan, then click Scan.

 

 

Note: Depending on your computer specifications, the scan may take some time to complete. Please wait patiently and do not interrupt the process.

[*]When the scan is complete, click OK, and then Show Results to view the results.

[*]Make sure that every entry is selected, and click Remove Selected.

[*]Restart your computer.

================================================

STEP 3

1. Please click here to download SUPERAntiSpyware (Free Version).
   
2. Save the file to your Desktop.
   
3. Double-click SUPERAntiSpyware.exe and follow the prompts to install the program.
   
4. Open SUPERAntiSpyware.
   
5. Under Configuration and Preferences, click the Preferences button.
   
6. Click the Scanning Control tab.
   
7. Under Scanner Options make sure the following fields checked:
   

    

   [*]Click the Close button to leave the control center screen.

   [*]On the main screen, under Scan for Harmful Software click Scan your computer.

   [*]On the left, make sure you check mark All the Fixed Drives.

   [*]On the right, under Complete Scan, choose Perform Complete Scan.

   [*]Click Next to start the scan. Please be patient while it scans your computer.

   [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.

   [*]Make sure every entry has a check mark next to it and click Next.

   [*]A notification will appear that Quarantine and Removal is Complete. Click OK and then Finish to return to the main menu.

   [*]Restart your computer.

   ================================================

   STEP 4
   1. Please visit the ESET Online Scanner, using Internet Explorer to initiate the scan.
       
      Note: If you are running Windows Vista, then you will need Administrative privileges to complete the latter part of the procedure. To do so, right-click on the Internet Explorer icon in the Start Menu and select the Run As Administrator option in the shell context menu.
      
   2. Check mark the YES, I accept the Terms of Use box.
      
   3. Click the Start button.
      
   4. Click the Install button on the following screen.
      
   5. Click Start. This will will initialize and update the scanner engine.
      
   6. Check mark the box beside Remove found threats.
      
   7. Click the Scan button. This will start the scan. Please be patient while it is in progress.
      
   8. Restart your computer.
      

   ================================================

   STEP 5
   1. Click on Start > Programs > Accessories > System Tools and select System Restore.
      
   2. Choose the radio button marked Create a Restore Point on the first screen and click Next. Give the restore point a name then click Create. The new point will be stamped with the current date and time. Keep a note of this so you can find it easily should you need to use System Restore.
      
   3. Next, click on Start > Run, type Cleanmgr and click on OK.
      
   4. Click on the More Options tab.
      
   5. Click the Clean Up button in the System Restore section to remove all previous restore points except the most recent one.
      

   This will remove any infected files that have been backed up by Windows. The files in "System Restore" are protected to prevent any programs changing those files. This is the only foolproof way to ensure the deletion of those files.

    

   Note: Do not clear restore points on a regular basis as doing so will clear all previous restore points even those that you may need. System Restore is a useful tool to revert your computer back to a working condition if something goes wrong.

    

   Re-enable all your security applications and please return here and tell us how the computer seems to be operating.

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining

[thelampshade2000]

Thanks!

I'll give it a shot and see what happens! I've got Kaspersky running at the moment, but not activated, and it's contained any further contamination. Do I need to disable that as well?

[Guest Wolfeymole]

Yes for the moment as all the sites that you need to go to are obviously clean.

[thelampshade2000]

OK Now we have a problem! The PC won't allow downloads from ATF-Cleaner or let me on to Malwarebytes' Anti-Malware! I click on save to desktop on ATF and it brings up the download screen and then nothing! When I go to Malwarebytes it tells me that the page isn't available! It seems to be intelligent enough to know that I'm trying to get rid of it! Or am I being paranoid!!

[RandyL]

It's very likely that the infection is preventing you from doing exactly that.

 

Download and burn to disk ATF and MB from another computer.

You will need the updates for MB so burn those to disk too.

MalwareBytes updates.

 

Can you download SuperAntispyware?

[Guest Wolfeymole]

Have you tried doing a system restore to the point before you put this alternative AV on?

 

What AV was it by the way?

[thelampshade2000]

Between trying to install Kaspersky and deleting CA I temporarily loaded bitdefender but wasn't too impressed as things started to play up on the PC. Looking back, that was probably the virus starting to take hold. I'll have to get a friend to download the stuff from ATF and MB so it could be after the weekend when I finally get down to it.

 

The virus also prevented me doing a system restore! Cute!!

I haven't tried downloading the SuperAntispyware yet but I'll give it a go.

[thelampshade2000]

Just tried downloading the SuperAntispyware and that failed too!!

[Plastic Nev]

Hi Tony, for your safety on that machine, until you have got all the needed stuff on disk from your mates computer, please go off line.

 

While the spyware, trojans or worse are on it, there is a great risk they will be talking back home so to speak, and downloading worse stuff onto your machine.

 

If you have any personal details on it, that also may be being sent to someone ready to empty your bank account if those sort of details are there.

 

 

Once you have the disks burned with Malwarebytes, Superantispyware, and the ATF cleaner, you may be able to get them installed directly from the disk, then run them.

If there is a problem, by all means come back and tell us so we can help you to install and run them, but in the mean time keep it off line please for your safety, and maybe help prevent the rubbish from being spread on to someone else.

Thanks,

Nev.

[maynardvdm]

You have the symtoms of the Downadup / Conficker worm.

Look here:

Downadup/Conficker Worm Removal - Research - SecureWorks

Remove Downadup - Removal tool for Downadup (known also as Conficker or Kido)

[RandyL]

Take maynards advice. He knows these things. I would do his first.

 

Afterwards run the other scans to see if you have anything else.

 

Make sure you update MB and SuperAntispyware before you scan with them.

 

SuperAntispware definitions updates in case an infection is stopping you from updating with the program.

[thelampshade2000]

I tried the suggested fixes and,although at first had partial success, my computer or the virus finally locked me out!! After a brief valiantly fought battle I graciously admitted defeat!! I have now trashed the hard drive and installed a new, clean 400 Gb replacement. I have also purchased Windows XP Pro and installed Kaspersky. I did manage to save some stuff from the old drive which I will run through Kaspersky before installing! I now have the tedious task of trying to locate all my "favourites" and reinstalling loads of other software!

 

As CA are ignoring my emails - this all started when they pulled my protection 4 days earlier than they should - does anyone have a mailing address for them? I intend to forward copies of the invoices to them and hope that they'll do the decent thing - although I'm not holding my breath!

 

Thanks for the help in trying to resolve this problem, I really am glad that there are guys like you out there, but I think the worm was so deeply entrenched nothing was going to shift it!

[maynardvdm]

Sorry to hear that.

 

If you have any other questions feel free to ask ;)

[RandyL]

Once infected it takes time, patience and research sometimes. A daunting task.

 

CA won't reimburse you as you can't prove damages attributed to them or put a damage figure on it.

 

If you still have the old drive do you need any help recovering anything from it?

[thelampshade2000]

Thanks for the offer but there was nothing of any great importance on the drive. Most of my stuff was backed up to disc or in various places on the net.

 

As you say, CA will deny responsibility even though I have their emails telling me to cancel my auto-renewal, and they know when they pulled the plug, but it'll make me feel better if I let them know what I think of them!! (Nicely, of course! I don't want them suing me !!)