Welcome to Gaia! :: antivirus pro help D: | Forum

here, this may help.


Spyware and Adware need the computer mostly working, because if you're not using it, then spying on your habits and displaying advertisements is useless.

That said, there are a few, horribly, horribly nasty types of infection, that render your computer almost useless, can redirect your web browser to it's own pages, restore themselves from a half-removed state, and refuse to let you do anything useful until you pay them. They're holding your computer ransom with a nuculear bomb, so to speak, and require special tools (SWAT TEAM!) to take care of.

They can be called many names, but a main classification of them can be called Smitfraud, Virtumonde, and Vundo.

http://urlcut.com/fixer_of_rogues

That is an updated tool that will attempt to remove all known deep infections. Follow all the instructions exactly (remember safe mode when it says to!) and give it time to do it's job.

After downloading it, open a folder, any folder. Go to "Tools" at the top menu, and click "Folder options". When a new window comes up, go to the the "view" section. Find and UNcheck "hide file extensions for known types", save the changes. Then rename the text file you got from roguefix from .txt to .bat, that way you can run it. Feel free to recheck the box afterwards, it's only needed to be off so that you can run roguefix.

If you cannot run that one, try these backups.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
http://siri.geekstogo.com/SmitfraudFix.php



Fixing Redirections


DNS is "Domain Name Server". A DNS server keeps information which web address relates to which IP address on the internet (like how google.com is 74.125.45.100). It's sort of like how "Jack's house" means "123 Oak Tree Lane" in the real world.

A - Cleaning Your Hosts File

The HOSTS file is a file on windows that holds information about DNS entries on your own computer, it's usually used to bypass a normal DNS server for whatever reeason. Usually it's only used to block things (by making the browser try to go to a non-internet IP address when you try to visit a specific site), like to block bad sites, or your parents might use it to block myspace or something. Unfortunately infections will add entries that make real sites redirect to fake sites... so this might need to be undone.

If you're on XP...
In your start menu, go to "run".
Type in the below code, without spaces.

Press enter, a window show open. In there, find a "hosts" file. Right-click it, "open with", and open it in notepad.

If you're on Vista...
1) Browse to Start -> All Programs -> Accessories
2) Right click "Notepad" and select "Run as administrator"
3) Click "Continue" on the UAC prompt
4) Click File -> Open
5) Browse to "C:>Windows>System32>Drivers>etc"
6) Change the file filter drop down box from "Text Documents (*.txt)" to "All Files (*.*)"
7) Select "hosts" and click "Open"

If you see any mention of sites you KNOW are safe (if it mentions safer-networking.org or ebay.com other sites you know of, especially ones you'd download security software from or that the infections is blocking you from visiting), then you'll want to remove them.

Start by erasing all of those bad lines. Go to save it, and when you do, make sure you click the "save as type" box when saving, and select "all files", then save the file as "hosts" without the ".txt" ending. If that fails for some reason, and you know you don't need any of the redirects in the hosts file, just delete it. See if you can get to the websites again after you're done with that. If not, restart back into safe mode and try again.

i did all that...all i now need help with is the stupid antivirus pro...for some reason...maybe because its new....but that was the only thing not delted...everytihng i eman all the other trogens and malware....GONE D<....but antivirus pro...still here

safe mode...as i was told to do

Ok, just a sec. lemme upload a tool for ya.

again and again truly i am not trying to be rude but i said that all the stuff the sticky did worked but for some odd reason antivirus pro...the new antivirus thing is still there even thought the other stuff is gone

sir have you been reading any of my posts.. > _ >....not trying to be rude but for some reason you dont seem to see me thanking you and the sticky for it helping...maybe i didn't read everything but idk i did what i needed in the advanced parts like an hour ago....when i did that my computer was fixed...hmm...i just took a screen pic to show this little...you will see it....this is anti virus pro and it will not go away

So, you haven't actually done half the steps.

Follow EVERY step of the WHOLE sticky. you STILL haven't done some of the steps. Trust us. WE know ABSOLUTELY that you haven't done certain steops.

I see you repeatedly insisting you've done the things mentioned in the sticky, and you go on to elaborate on the problems you're still having.

Have you been reading our posts?

There are steps in the sticky that have you deliver information to us. You have obviously not done these steps. These steps, and the ones immediately before, and after them are very important to the troubleshooting process.

What I have been trying (and failing) to get you to do is go back and redo the guide so that you include these missed steps, and hopefully, get closer to resolving your issue. You have only done a small portion of the guide. It doesn't work effectively if you do that.