My computer is badly infected with a virus

[moonglow]

Its so bad, it was blocking my antivirus so I couldn't get rid of the threats it found..it is also blocking my Ad-ware program...though I finally got it to run...but neither one is finding this program..its causing mulitiple pop up windows to come up..making it difficult to get a post on. I keep getting a program called Anitivirus system pro alert..that keeps showing warnings..trying to get me to its website to buy it...its also forcing IE to come up on porn sites...(my son is here and I am keeping him away from the computer right now).

I desperatly need help! Its even blocking me from bringing up regular programs on my desktop..I cannot find this program to remove it.. constant pop up windows going on so I can't search the net for help..have had to turn the net off so it won't show the porn...

I have to get off the net now so I won't risk my son seeing this gross porn..I'll check later..please help..

[moonglow]

This is SO frustrating!! There are a million programs out there that will scan your computer for free...but then you have to pay to have the viruses and malware actually removed...gggggggggggggggggg. I downloaded spyware doctor which actually found all the junk with this virus...but won't remove it unless I pay for it... For whatever reason my regular antivirus and my ad-ware program just aren't finding this virus..or rather viruses..

Anyone know of a free site that will get rid of this for me!!!

For the moment its blocking this stuff...so I can't get on here without the constant fight of the pop up stuff...but it wants me to pay 40$ for a years protection...I really can't afford that. ...maybe it will buy me time to find something else..

[miepie]

So sorry Julie..... I wish I knew what to do....... but me and Charles will pray for your computer to be ok again......

Love you girlie,
Mieke

[Beckrl]

http://www.bleepingcomputer.com/comb...o-use-combofix

This link is for a program called combofix read instruction and download and run it will find and remove.

[Amos_with_goats]

+1 on the recommendation for combo fix. Follow the instructions, and you should be ok.

http://www.bleepingcomputer.com/comb...o-use-combofix

This link is for a program called combofix read instruction and download and run it will find and remove.

[moonglow]

So sorry Julie..... I wish I knew what to do....... but me and Charles will pray for your computer to be ok again......

Love you girlie,
Mieke

Thanks...I need it...its been so horrible having porn websites come up over and over again...and trying to keep Nate from seeing them..nasty sites too. I was taping paper over the monitor to block it, but peek around the corner to see the X to click to get it off...many times it would not go off without me using the windows task manager either...plus while trying to get it off all these fake warning pop up things constantly came up which I had to click off again. I finally did see a way to disabled this at least in the windows task manager program.

I tried another anti-virus program which ran for over three hours! Finally it deleted all the viruses...UNTIL I restarted the computer. I really thought they were gone and even the icon in the task bar of this bad program was gone...until like I said I rebooted the computer. Had to do that to get rid of the other anti-virus program that wanted 40$ to remove all those.

Anyway when I went to get Nate from church youth group it was just restarting up (the computer) so I turned the monitor off...just in case. I didn't want Nate walking in and seeing porn.. I told him to wait until I checked...sure enough it was all back...

So that is strike four on four different antivirus' in trying to get rid of this thing.

Then as if my stress level wasnt high enough...when we were about to leave to have me take him to youth group and me to small groups, the garage door broke. A spring on it broke and the door wasn't up high enough to even get my car out! So I called his grandpa who came and took Nate and I called my small groups and told them I couldn't come. Rich at least got the door open enough to get my car out ..its very heavy with only one spring working...then closed it so I have to park in the driveway until some repair men come to fix it... its been a bad day...could be worse..I know that...

Beckrl http://www.bleepingcomputer.com/comb...o-use-combofix

This link is for a program called combofix read instruction and download and run it will find and remove.

Ok I clicked on the link and was reading...what do they mean about this: You should not run ComboFix unless you are specifically asked to by a helper.

So I can't run it without a helper? who are the helpers?

I think I am going to wait until tomorrow to try this cause I am exhausted fighting this virus all afternoon...I can't think clearly enough at this point to get into this right now.

A BIG thanks for your help though...I was getting rather desperate...still am desperate actually. At least I can post now without it going super slow and fighting constant pop up stuff...ugh!!!!!

[tango]

If everything was fine it could be that the antivirus stopped the things from running, and then when you restarted it simply ran them all again.

What version of Windows are you running? This is a long shot, but it might be possible to disable them from automatically running when you restart the computer. I'd be surprised if it is this easy, but you never know.

[Amos_with_goats]

...Ok I clicked on the link and was reading...what do they mean about this: You should not run ComboFix unless you are specifically asked to by a helper.

So I can't run it without a helper? who are the helpers?...

The 'helpers' are the folks designated on the site to help you figure out what to do. There are some problems that could be caused if you try to remove a virus when you have another problem (like a faulty hard drive, which can sometimes mimic a virus).

First, when you get your computer fixed you need to install parental controls. Someone has likely been looking at (or looking for) porn on the computer. The most common malware that causes the problem you list comes from RIPE (EU) addresses, and are installed by scripts that are embedded in video files from these same folks... often related.

The problem is that when you 'clean' your hard drive, and re-start your computer there is an part of the program that is running and it writes code to the hard drive to re-install the malware when you re-start.

The best way to run a scan, is to re-start in 'safe mode'. You can hit the function key 'F8' when you re-start the computer and it will come up to a menu with various options. You want to run 'safe mode without command prompt'.

Run your normal AV scan, and see what it finds.

If it finds malware, and says it can quarantine or remove it then do so. If the problem comes back you will need to read the instructions and run the combofix program (I believe the instructions will tell you to run it in the 'safe mode' I mentioned above.

Good luck, I hope you get this taken care of.

[moonglow]

The 'helpers' are the folks designated on the site to help you figure out what to do. There are some problems that could be caused if you try to remove a virus when you have another problem (like a faulty hard drive, which can sometimes mimic a virus).

First, when you get your computer fixed you need to install parental controls. Someone has likely been looking at (or looking for) porn on the computer. The most common malware that causes the problem you list comes from RIPE (EU) addresses, and are installed by scripts that are embedded in video files from these same folks... often related.

The problem is that when you 'clean' your hard drive, and re-start your computer there is an part of the program that is running and it writes code to the hard drive to re-install the malware when you re-start.

The best way to run a scan, is to re-start in 'safe mode'. You can hit the function key 'F8' when you re-start the computer and it will come up to a menu with various options. You want to run 'safe mode without command prompt'.

Run your normal AV scan, and see what it finds.

If it finds malware, and says it can quarantine or remove it then do so. If the problem comes back you will need to read the instructions and run the combofix program (I believe the instructions will tell you to run it in the 'safe mode' I mentioned above.

Good luck, I hope you get this taken care of.

I have parental controls on here and no one has been looking at porn. I was just on my history the other day trying to find a site I lost and couldn't remember the name of and there was no porn sites...its a hijack virus or malware..whatever you call them ..I found several sites of people posting for helping having the same problem that never went to porn sites in the first place. Its no different then the viruses I had before that hijack your browser and take you to other website sites. This virus is actually opening Internet Explorer with is rarely used..I use firefox browser. It opens IE and takes it directly to a porn site or a virga site...and some others I don't remember...I got many closed before even the name of it came up in the address bar. This was on the news this morning: Framed for child porn - by a PC virus
Thank God..literally...we aren't getting that kind of porn!

I am pretty sure I know how I got this. My son wanted to put a background on his facebook page and found this site you had to download to do that..I was the one that checked it out and I thought it was ok..I downloaded it. I never ever allow him to download anything because he knows the dangers of that and most of the time when he wants to download something I say no..sure wish I had said no to this... I got the program itself removed, but apparently it attached all these virus files.

My adware program had a new version offered last night so I downloaded that then ran it..it found this: Entry in your hostsfile that redirects a particular IP address to a different host. Commonly used by Hijackers. If the entry in your hostsfile is intended (such as by use of hostsfile list), add this listing to your ingorelist. If not selecting this item will remove the entry from your hostsfile.

winsecure2009.micro/

Its waiting for me to either tell it to remove it or to ignore...but how do I know if this is my regular hostfile or not? It looks ok from the name of it, but it sure sounds like what has been happening to the computer..the browser being hijacked..

It also found this: Win32.Adware.BHO is a detection for various unclassified Internet Explorer Browser Helper Object. BHO are .dlls that IE loads while starting up. They can perform various tasks like displaying pop-advertisements.

Anyway I need help in knowing if that host file is ok or not...then I want to reboot the computer and see if the virus is still there or not. Thanks.

[moonglow]

Ok I got rid of that hostfile...apparently it was a hijack afterall....now I am running SuperAntispryware free edition. it saw right off the bat my IE homepage had been hijacked and locked it so it couldn't be again. Will see if this gets rid of the fake virus warning pop up windows or not...

Beckrl...I have been reading that site of the link you posted and frankly it sounds pretty scary...says what to do if your computer won't boot up after using it... says what to do if your internet connection won't work after using it... All sorts of pretty scary things could go wrong using this. Not sure why anyone would even want to use this program. I mean unless you are a computer geek...which I am not..I could end up really messing up my computer! I would rather find anything else much safer to use then this..please..

God bless

[moonglow]

Well it didn't work..had to reboot for it to completely clean the viruses...the fake anti-virus came up again and its back to hijacking Internet Explorer with the porn and other ads... Instead of disabling it out of the task manager I am letting it run in hopes the real anti spyware can find it..of course that means my computer is running slow and I am fighting all the fake pop up ads saying my computer is infected...well yea it is! With fake anti-virus junk!!!

Does anyone know of anything that will work that won't risk totally messing up my computer? The computer runs find and all this pop up stuff stops if I take out ugysysguard.exe off the windows task manager in the process area.

Seems like one of these programs could find that and remove it for good..is there anyway I can remove it for good? It comes back when I reboot the computer...then when I hit the keys to bring up windows task manager the fake anti virus has a pop up window say it won't work as its corrupted with a virus. If even says windows task manager. It does that with any program I try to open. It will actually close it so I have to try three or more times to open any program (unless I end the task in the windows task manager).

help!!

[tango]

It's probably set to run automatically when you start up.

Two things to try:


1. Go to your Start menu, then Programs and look for a group called Startup. Check to see if it's in there. If it is, right-click on it and delete it.


Option (1) probably won't find it. So try this:


Go to your Start menu and choose Run (depending on your settings you might have to go to Start-Programs-Run).

Type regedit and hit Enter

Click on My Computer

From the Edit menu choose Find

Enter the name of the troublesome program (ugysysguard) and hit Enter

It will probably come up with a hit in an area called something like HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

Once you've found it post what you can see and we can go from there. If it doesn't find it we'll have to find some other way.

[Beckrl]

Ok I got rid of that hostfile...apparently it was a hijack afterall....now I am running SuperAntispryware free edition. it saw right off the bat my IE homepage had been hijacked and locked it so it couldn't be again. Will see if this gets rid of the fake virus warning pop up windows or not...

Beckrl...I have been reading that site of the link you posted and frankly it sounds pretty scary...says what to do if your computer won't boot up after using it... says what to do if your internet connection won't work after using it... All sorts of pretty scary things could go wrong using this. Not sure why anyone would even want to use this program. I mean unless you are a computer geek...which I am not..I could end up really messing up my computer! I would rather find anything else much safer to use then this..please..

God bless

That is a for warning of any problems, I think it gives a rate of 1 out of 1000 it will tell you on the disclamer. That is why it determines if you have Windows Recovery console installed, It can install it if you don't have it.
That will help in any systems recovery.

I have to say I totally recommend combofix. I have used it on some of the worst infection and NONE Antivirus software could remove even Norton and doing a manual remove. The infection would return on the next restart. I found Combofix and ran it an it has removed every infection every time.

The problem it may accure is that the infection maybe attached to a windows file and if removed it will remove that windows file. But that not a readlly big problem in Recovery console.
I say all of this just to let you know, you 99% will not have any problem.

The forum of beepingcomputer and other's on that page in the list can and will help if needed. I also can help.

For you insurance I have used it 20+ times and all was great!
The thing is I have not found any other software that can remove some of the newer infection, Some like Norton as good or bad as it is may only find the infection, but can't remove it.

Then once you ran combofix your other Antivirus software may pick up and now be able to remove others.

[moonglow]

I answered in bold within the quote of your post..easiest way I could do it.

It's probably set to run automatically when you start up.

Two things to try:


1. Go to your Start menu, then Programs and look for a group called Startup. Check to see if it's in there. If it is, right-click on it and delete it.


Option (1) probably won't find it. So try this:


Go to your Start menu and choose Run (depending on your settings you might have to go to Start-Programs-Run).

Type regedit and hit Enter

Ok I did that..but in that window there is no edit button.

Click on My Computer

From the Edit menu choose Find

Ok I went directly to 'my computer' and clicked on that..then clicked on edit..there is no find button though.

Enter the name of the troublesome program (ugysysguard) and hit Enter

It will probably come up with a hit in an area called something like HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

Once you've found it post what you can see and we can go from there. If it doesn't find it we'll have to find some other way.

would it work to just click on search and tell it where to look and put in the ugysysguard file?

[moonglow]

That is a for warning of any problems, I think it gives a rate of 1 out of 1000 it will tell you on the disclamer. That is way it determines if you have Windows Recovery console installed, It can install it if you don't have it.
That will help in any systems recovery.

I have to say I totally recommend combofix. I have used it on some of the worst infection and NONE Antivirus software could remove even Norton and doing a manual remove. The infection would return on the next restart. I found Combofix and ran it an it has removed every infection every time.

The problem it may accure is that the infection maybe attached to a windows file and if removed it will remove that windows file. But that not a readlly big problem in Recovery console.
I say all of this just to let you know, you 99% will not have any problem.

The forum of beepingcomputer and other's on that page in the list can and will help if needed. I also can help.

For you insurance I have used it 20+ times and all was great!
The thing is I have not found any other software that can remove some of the newer infection, Some like Norton as good or bad as it is may only find the infection, but can't remove it.

Then once you ran combofix your other Antivirus software may pick up and now be able to remove others.

yea but it says I could lose internet connection..if that happens I can't get on here and ask for help...

I may have no choice though...I have tried five real antivirus programs and none of them are getting it off..