Got some new virus.
Sometimes redirects me to / pops up random pages about random stuff.
I get a popup trying to look like legit windows saying
"Your browser is under the threat of infection. Windows requires your permission to install online protection tool."

And asks me to either allow or not allow an 'antivirus' to install.

I've tried installing multiple virus scanners, but its blocking most of them from updating or running. (On Safe mode)

So any suggestions to any online scanners, or just good scanners that you think will be able to run/update? Or just how to get rid of this?

Running a 'MalwayreBytes' scan right now, I don't think it was able to update, but I got it to run at least.

AVAST antivirus, if you can install it you have won, it will do a check on startup (asks on the installation, so check that box). Let it do the checks and then it should ask like "Press x to delete virus" and you press it :) Pretty simple.

Boot onto a linux live CD.

Install "clamscan" I think its called.

Then run it on your windows machine, it might get some of it..

[/endSubtleLinux>Windows]

malwarebytes.org

Download this and send the log to me or upload it.


http://go.trendmicro.com/free-tools/hijackthis/HijackThis.exe

Inb4 Uninstall windows, install linux.

Try CTRL+ALT+DELETE and end all processes that your computer doesn't need to run and install an antivirus.

Or you could virus scan your comp on another OS.

Don't bother with linux.

Just download Spybot Search and Destroy - It's free, and is pretty good.

If it's doing things like blocking scanner installs, even when you rename, or disabling Task Manager, run a live CD http://www.raymond.cc/blog/archives/2008/12/11/13-antivirus-rescue-cds-software-compared-in-search-for-the-best-rescue-disk/

Otherwise, run whatever scans you can, MalwareBytes (in normal mode if possible), SuperAntiSpyrware (http://superantispyware.com/onlinescan.html), ComboFix, SmitFraudFix etc.

Also if you are getting redirects, check the hosts file (c:\windows\system32\drivers\etc). Once it is clean, you can lock with tools/tweaks section of SpyBot S+D in Advanced Mode.

Hit me up on TeamViewer, and I can help you.

http://technet.microsoft.com/en-us/library/cc512587.aspx

You can't clean a compromised system by patching it.

You can't clean a compromised system by removing the back doors.

You can't clean a compromised system by using some "vulnerability remover."

You can't clean a compromised system by using a virus scanner.

You can't clean a compromised system by reinstalling the operating system over the existing installation.

You can't trust any data copied from a compromised system.

You can't trust the event logs on a compromised system.

You may not be able to trust your latest backup.

The only way to clean a compromised system is to flatten and rebuild.

Jesper M. Johansson, Ph.D. [YES, HE'S A DOCTOR], CISSP, MCSE, MCP+I

Security Program Manager
Microsoft Corporation

That list applies more to situations where an attacker has gone after a specific target. These fake antivirus programs are no where near as devious. The majority of common malware does not require a nuke and pave (although sometimes it is faster).

Avast is the best anti virus I have EVER had. Works like a charm and is user friendly. PM if you wanna know how to get it for free. (no torrents)

Download Spybot search and destroy and Try to install Norton Internet Security trial. I think their installer won't be blocked (since they don't use windows installer).

Edit: Or download the Kaspersky Rescue Disk.

http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/

Burn it and boot with it. It should download the latest updates and remove the viruses.

Edit: On second though ignore the Rescue disk part. I think it is for booting in case virus prevents windows from booting normally. I never used it so I am not sure.

If you can download and install Spybot Search and Destroy, you will most like be saved if not. I think it would be a good time to reinstall windows :p

Good Luck

Edit: Ok another way. Try and download SMARTCLOSE (google). It closes all non windows processes. Try to install a anti virus program after its done. I recommend Norton or Kaspersky Internet Security trial (or torrent :p)

^

http://img185.imageshack.us/img185/5159/221po0.jpg

Anyway.

Any luck, YoHoJo?

hijack this logs and look over them to see what you are dealing with?