Help!

[GregW]

I was sitting there doing my homework with firefox minimized on my laptop.
All of a sudden a bunch of stuff crashes and a program called:
Win 7 security
pops up saying I have malware.
I run kaspersky and had run a scan earlier this morning when I was at the gym. No problems.
I think the problem arose when I was updating adobe as that is the only thing I had done recently , but I am never sure.
I was smart enough to realize that it was not a windows program and did not put in my info.

It has taken over my computer , and I cant even use the web browser.

Whats my next move?
Go back to a previous time by restore point?
go through a removal? If so how?

[GregW]

Can i back up all my stuff and somehow do a reinstall of windows or would the drive and pictures, videos, etc get infected ?

[iamskippy]

Greg, i can assist you with this, but by using some easy to use tools out there you can clean this on your own.

First off do not restore to a prev date, use spybot, avg, malware bites and comnbo fix. if that doesnt work give me a Txt.

[vineyardblues]

do NOT reboot
end it in task manager , then use Matwarebytes, and combo fix

[GregW]

Quote:

Originally Posted by vineyardblues

do NOT reboot
end it in task manager , then use Matwarebytes, and combo fix

Wish I had known that before the anti virus customer service person told me to restart it.

When I try and run malware or any other programs including system restore I get a message asking me to choose the program to open the file with. I get the same message when i try to open the internet.
Anyone know the solution?

[iamskippy]

just got your message, give me a few and i will call you.

[GregW]

Back in action.
Laptop is running good as new.

Huge thanks to skippy. I will let skip explain all the technical stuff.


Future reference to anyone- DONT restart.

[iamskippy]

The issue is a flash exploit that is effecting firefox ans chrome, its showing 2 files installed when you look at the plugins. This is allowing intrusions to circumvent securtiy. In gregs case it was caught soon enought, however was making a home in the netlogon / lsass area, but combo fix ripped it out, we removed some older protection cleaned up some files did some updates and away he goes...

Glad i could help greg

Thanks
Posted from my iPhone/Mobile device

[striperman36]

Can it keep his political views under control?
Posted from my iPhone/Mobile device

[iamskippy]

Quote:

Originally Posted by striperman36

Can it keep his political views under control?
Posted from my iPhone/Mobile device

I did my best to increase his dilithium crystal filter
Posted from my iPhone/Mobile device

[GregW]

Quote:

Originally Posted by striperman36

Can it keep his political views under control?
Posted from my iPhone/Mobile device

When have I once said anything political on this or any other board?

[striperman36]

Nope, its a joke soldier. Stand down, sir.

[Saltheart]

I got the same thing. was viewing PM's when it launched. I use IE so its not just in firefox and Chrome. What a pain. I did restrat and I did restore to an earlier date. seems like machine is running OK now but I suppose its waiting to pounce on me again. I backed up my email so now ready to do battle. I ran an antivirus from a boot disc but it didn't find it. I will try the Malwarebytes , spybot,and combofix if needed (a little afraid of combofix though). Is it possible this came in a PM?

[iamskippy]

It can come from any flash / shockwave platform, alot of websites use scrolling advertisings, and these are the exact exploits they look for. Nothing against the hosts, its what the dirty scoundrels do on the back end. Few words of advice, nvr restore to a prev date, a lot of time its sitting in the restore. Immunize with spybot, re install flash/adobe
Posted from my iPhone/Mobile device

[Saltheart]

After the restore ......Dr Web Boot Disc Scann found nothing. Dr Web will find it if its in a restore file. I will run another full scan tonight. McAfee found nothing. Spybot found nothing. Malwarebytes found nothing on quick scan , running full scan now.

I see the immunize function in spybot. What does that mean/do?

Personally I hate the adobe updates. I very often have trouble after running an Adobe flash update.

BTW , system is running fine now , no more popups of the Win7 antipsyware 2012 window. I can also run IE9 and MSCONFIG and Dr Web and my McAfee Realtime protection is on again. Non of that would work before the restore. Now before I restored I use tak manager to stop application and I also stopped all unknown processes. Then I restored. Until I stopped all the processes , I could not run the restore.

Nasty little bugger whatever it is.

My biggest concern now is how to not get it again since I am not sure where it came from for sure.

[Saltheart]

OH , BTW , what happens if you turn off Flash/Shockwave?

[iamskippy]

Quote:

Originally Posted by Saltheart

OH , BTW , what happens if you turn off Flash/Shockwave?

Most websites are based you just get this forwn face in a puzzle square, this is a hard one to prevent and with the bosses permission i may make a little guide. However, if you find you pc calling for updates for flash more then once aweek check add/remove programs, also check plug ins add ons, ie with safe mode see if updates still occure, with vista/7 sidebar users are more effected, also install stright from the site,
. Instead of waiting for the website telling you need to install the add on.

One thing people struggle with is codecs and cant view file types so they go out and get qtime or vlc player. There are free codec pcks out there that can be intergreated into WMA, so you dont neeed all the crazy players. So if John gives me permission, i may do a little tutorial to a happy and safe pc.
Posted from my iPhone/Mobile device