I guess our subscription to Norton expired without us knowing so our Mcafee was turned off so we got a virus. After we turned off the internet (because the computer would freeze) we ran a scan and 8 Trojans. Now when we try to go to the Norton or Mcafee website it won't let us on those website (when we look at the web address it'll first be a weird website, then the mcafee or norton will show up as a blank page). Also when we open up Explorer a pop-up will go up to a random dating site or a website that says some sort of error occurred or something for "Anti-Virus 2009" which we don't click on. Could we do anything to get rid of it? Does anyone know what this virus does or what it's called?
Related posts:
3 responses so far ↓
1 Julehh. // Jan 2, 2009
It's definitely a backdoor Trojan. The two that I have that I know the names of is called Prunnet and Gadcom, which are really bad Trojans. They're the ones that are controlling the pop ups. Don't be surprised if one day you log on, and they're porn icons on your desktop. My advice is to just reboot your computer completelyy, and start from scratch. That's what I'm doing. Good luck.
2 Jmn D // Jan 2, 2009
Its actually very easy.
It only blocks the executable name.
I have seen this virus before.
Just find the executable for your antivirus and search in the registry. It should find something that says block executable or something, thats the root of virus….just delete that, rescan and it should be fine..
If all fails, get mbam portable, rename the executable for mbam to something random…liek askjfsaj.exe and run it, it should cripple the virus if not clean it.
I suggest running mbam portable, windows defender, and super anti spyware all to clean it perfectly..
3 Bhaskar // Jan 2, 2009
Run a scan with HijackThis. u can get HijackThis from http://majorgeeks.com/download3155.html.Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
Show hiden files and folders
Reboot to safe mode
Delete this file:
C:\WINDOWS\system32\drivers\svchost.exe
Reboot normally
See if you can follow this ->
Please download Malwarebytes' Anti-Malware:
http://www.spywarefri.dk/downloads1/mbam-setup.exe
Or here:
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=mncol;pop&cdlPid=10878968
to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch
Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Copy and Paste that log into your next reply, along with fresh hijackthis log.
NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Leave a Comment