Vista security 2011 virus

Yellowledbetter

Hi and help please!
So I was trying to watch a footy match on a streaming site yesterday and when I turned on my laptop this morning I get all sorts of pop ups saying my security has been breached and me machine is under attack from malware etc so I should upgrade to the paid version of Vista Security 2011.I Sussed something was up so a quick google on my iPod Touch tells me this is a not uncommon virus.I've read a a few guides on how to remove and delete but given that I'm not that tech savvy I was wondering has anybody on here had the experience of doing so and how did they get on?
I've the use of a second clean machine too cos I'm a bit paranoid about going online with my own one for obvious reasons and what really annoys me is that I have up to date Mcafee installed and running and it never caught it and when a ran a full scan it never picked it up either.
Thane in advance if anyone can help

Shane O' Malley

It is common but are you sure you are actually infected.

Have you rebooted.

I have cleaned off a couple of computers recently. Slow but left no lasting affects.

I would always recommend reinstalling the operating systems if possible. Often quicker but if not possible set aside about 4 hours to clean the system completely.

Let me know what you want to do and i will be glad to guide you.

Yellowledbetter

Shane O' Malley wrote: »

It is common but are you sure you are actually infected.

Have you rebooted.

I have cleaned off a couple of computers recently. Slow but left no lasting affects.

I would always recommend reinstalling the operating systems if possible. Often quicker but if not possible set aside about 4 hours to clean the system completely.

Let me know what you want to do and i will be glad to guide you.

Cheers but got some help with it in the 'Malware and Virus Removal' thread and got it sorted using Malwarebytes removal tool

Shane O' Malley

Good stuff. MalwareBytes is the ideal tool.

Best of luck.

Shane

tonymayo

Unable to remove Vista Security 2011 virus from my daughter's laptop. Tried all the processes recommended here but no luck.
This one has really got me cheesed off.
It's also stopping me from running Malwarebytes and Spybot. Unable to get into Task Manager or Control either to tackle it.
A really nasty virus.
Any help appreciated.

yoyo

tonymayo wrote: »

Unable to remove Vista Security 2011 virus from my daughter's laptop. Tried all the processes recommended here but no luck.
This one has really got me cheesed off.
It's also stopping me from running Malwarebytes and Spybot. Unable to get into Task Manager or Control either to tackle it.
A really nasty virus.
Any help appreciated.

Download Rkill and save the file onto your desktop (use the file named either explorer.exe or iexplore.exe).
Run the file from the desktop, if windows vista/windows 7 right click on the file and "run as administrator".
The virus may block you from opening the file, the trick is to open the rkill exe immediately when the fake anti virus "blocks" it. Rkill will attempt to repair registry association values and kill the malware processes. A console window should appear from Rkill alerting you that the malware has been closed. Once done you should then open malwarebytes, update it and run a quick scan. Do this scan after running Rkill and dont reboot until the scan is complete,

Nick
Edit: If you cannot get Rkill to work at all, even after multiple tries you may need to use an anti virus rescue disc, post back here if it works or not

Shane O' Malley

Really nasty piece of work.

The only instructions to trust is http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011

Make sure you have the programs you need downloaded already to a USB key (Use another computer)

Let me know any particular problems you are having and i can provide specific advice.

tonymayo

Thanks Shane.
Tried that already and no luck, but will give it another go.
Will let you know how I get on.

Shane O' Malley

Can you run http://portableapps.com/apps/security/spybot_portable from a portable USB key.

Should be able to run it in safe mode.

If you get it to run it should make the virus unusable and then you can work at cleaning it properly.

Shane

yoyo

tonymayo wrote: »

Thanks Shane.
Tried that already and no luck, but will give it another go.
Will let you know how I get on.

Have you tried using Rkill? If you cannot get Rkill to work then your best bet probably is to use a Rescue CD.
These are CDs you download and boot off as if you were to install windows, usually on a laptop you can press the F12 key to open the boot menu, in some you will need to enter the bios and choose boot priority to CD Rom first.
Download the Kaspersky Rescue CD, on that link there are instructions how to burn the disc to a blank CD/USB key. If its a netbook without a CD drive you would need to boot off a USB key.
When the Kaspersky disc boots run the scanner, do a definitions update first. It will hopefully clear the main virus, allowing you to run malwarebytes/spybot etc from within Windows after, let me know if you need any more help

Nick

tonymayo

Thanks lads - much appreciated.

To update: No luck at second attempt at RKill either.
Tried RKill and its different filenames, but virus won't allow application to run.
I cannot even open a browser at this stage.
Will now try Spybot Portable and failing that Kaspersky.
Fingers crossed!

yoyo

tonymayo wrote: »

Thanks lads - much appreciated.

To update: No luck at second attempt at RKill either.
Tried RKill and its different filenames, but virus won't allow application to run.
I cannot even open a browser at this stage.
Will now try Spybot Portable and failing that Kaspersky.
Fingers crossed!

I'd go straight to Kaspersky, spybot probably wont work if mbam doesnt, its not the best with these kind of infections anyways

Nick

Shane O' Malley

I have used Spybot before for this infection. Does not clean it but disrupts it enough to get control back.

I thought with Kaspersky you needed to have the disk produced before infection. KAS will not run while infected.

yoyo

Shane O' Malley wrote: »

I have used Spybot before for this infection. Does not clean it but disrupts it enough to get control back.

I thought with Kaspersky you needed to have the disk produced before infection. KAS will not run while infected.

I never said it wouldn't work, but Malwarebytes and Super tend to do a better job at removing them fake anti viruses overall . Theres certainly no harm running spybot as well. The kaspersky disc runs within a Linux environment so its designed to neutralize viruses without even being in Windows, my hope is it will nuke the main files so OP can run Mbam/Spybot etc after from within Windows after

Nick

Shane O' Malley

Do you have a link to the Kaspersky files.

Would be a useful tool for myself if it works.

yoyo

Shane O' Malley wrote: »

Do you have a link to the Kaspersky files.

Would be a useful tool for myself if it works.

http://support.kaspersky.com/viruses/rescuedisk
There is a link in my post above, its free and useful, there are other ones you can try too, AVG, Dr Web, etc to name a few...

Nick

tonymayo

Got Spybot to run in safe mode, but it was unable to neutralize the virus.
Will try Kaspersky now. Hope it isn't too technical.

yoyo

tonymayo wrote: »

Got Spybot to run in safe mode, but it was unable to neutralize the virus.
Will try Kaspersky now. Hope it isn't too technical.

If you are having difficulty trying to boot off the Kaspersky cd, check this guide: here, if its a Dell laptop hitting [F12] at the dell splash screen will open the boot menu, with the Kaspersky Cd in the drive choose CD ROM to boot from. Other laptops may use the F12 key aswell, look out for press [Fxx] key for boot menu under the manufacturer logo.
When you boot off the Cd, use graphical mode. This will boot into a linux OS with Kaspersky installed. Simply click the update tab to update Kaspersky (you may need to connect laptop to a network cable/not wireless for this to work

Hope this helps

Nick

tonymayo

Thanks Nick.
Got a little overwhelmed by instructions on Kaspersky website so I am trying a couple of other processes first.
BTW it's an Acer laptop.
I located the virus lxu.exe in Task Manager, but it refuses to switch off.
It looks like it's going to be late night.

yoyo

tonymayo wrote: »

Thanks Nick.
Got a little overwhelmed by instructions on Kaspersky website so I am trying a couple of other processes first.
BTW it's an Acer laptop.
I located the virus lxu.exe in Task Manager, but it refuses to switch off.
It looks like it's going to be late night.

No problem Tony, does the laptop have a CD ROM drive? Do you have another computer with a CD burner? Do you have a blank CD-R/CD-RW disc? Let me know and I can help further,

Nick

tonymayo

yoyo wrote: »

does the laptop have a CD ROM drive? Do you have another computer with a CD burner? Do you have a blank CD-R/CD-RW disc? Let me know and I can help further,

Nick

Have all of above.

yoyo

tonymayo wrote: »

Have all of above.

Download the Kaspersky Live CD first. Next download ImgBurn. These should be downloaded on an non-infected machine.
Install ImgBurn. Next put a blank CD into the burner. Open ImgBurn and locate the Kaspersky Live CD (Choose option write image to disc). Burn the Kaspersky live cd to disc.
Now boot up the Acer laptop and hit the [F12] key at startup, you may need to hit the [F2] key to go in and change boot order to CD first in the bios (I found this information on Google). If hitting the F12 key shows a boot menu all is good.
If possible connect the laptop to the internet via ethernet cable.
Put the burnt Kaspersky live cd in the cd drive of the Acer and select CD Rom drive in boot options and hit enter, the Kaspersky CD will ask you to press any key to confirm, do this. Pick english for language obviously and open the tool in Graphical mode.
The Linux on the disc will now boot. be patient. When in the Linux desktop Kaspersky scanner will open automatically. Click on the update tab and update the definitions. Then run a scan all all drives/objects located in the Kaspersky scan window

Nick

tonymayo

Finally got rid of Vista Security 2011 virus in the small hours.

I'm not altogher sure if there was any method in the procedure so, as a non-technical person, I will briefly outline the sequence of events in case you techies can make any sense of it.

I booted in safe mode and ran Spybot already installed on laptop which didn't remove virus, just found what appeared to be the usual intruders.

While re-booting in normal mode Mobile SpySpot on the the usb drive (at least that's what I think happened) ran and took over 3 hours to scan and reported that the hard drive was clean while the virus popups were working overtime!

However, it was only after this scan that I was able to open Task Manager, Control and most importantly as it turned out System Restore.

I did a System Restore and everything appears to be back to normal.
It would appear that Mobile Spybot did enough to allow me to get access to system restore.

Throughout yesterday I tried every method recommended to remove this very nasty virus, but nothing worked so caps off to the posters here.

I had the Kaspersky dvd burned and ready to go so it is good to know about that for any future event.

As someone who runs his business on the web and doesn't have any anti-virus software installed other than running Spybot and Malwarebytes whenever I think to do it, it is wake up call.

Again, Nick and Shane, thanks for all your advice. Much appreciated.

BTW any recommondations on anti-virus software to put on three computers.

yoyo

tonymayo wrote: »

Finally got rid of Vista Security 2011 virus in the small hours.

I'm not altogher sure if there was any method in the procedure so, as a non-technical person, I will briefly outline the sequence of events in case you techies can make any sense of it.

I booted in safe mode and ran Spybot already installed on laptop which didn't remove virus, just found what appeared to be the usual intruders.

While re-booting in normal mode Mobile SpySpot on the the usb drive (at least that's what I think happened) ran and took over 3 hours to scan and reported that the hard drive was clean while the virus popups were working overtime!

However, it was only after this scan that I was able to open Task Manager, Control and most importantly as it turned out System Restore.

I did a System Restore and everything appears to be back to normal.
It would appear that Mobile Spybot did enough to allow me to get access to system restore.

Throughout yesterday I tried every method recommended to remove this very nasty virus, but nothing worked so caps off to the posters here.

I had the Kaspersky dvd burned and ready to go so it is good to know about that for any future event.

As someone who runs his business on the web and doesn't have any anti-virus software installed other than running Spybot and Malwarebytes whenever I think to do it, it is wake up call.

Again, Nick and Shane, thanks for all your advice. Much appreciated.

BTW any recommondations on anti-virus software to put on three computers.

It sounds as though the virus crashed which meant you could access system restore, I wouldnt be sure the infection is totally removed, however. Download and update Malware Bytes, Also download and update Super AntiSpyware. Run a scan in each to clean up the system.
System restore should not be trusted for malware removal as most malware infects the restore points.
For an anti virus you can use Microsoft Security Essnetials. It is free and does the job.

Nick

Shane O' Malley

I agree with Nick.

Also make sure all system updates are done. Both for windows and applications.

I use http://secunia.com/vulnerability_scanning/online/ which has always worked very well for me.

Shane

tonymayo

Agree a virus that can take over your system so completely is unlikely to have gone away that easily.
Will do as recommended.

yoyo

tonymayo wrote: »

Agree a virus that can take over your system so completely is unlikely to have gone away that easily.
Will do as recommended.

Let us know the outcome

Nick