Skip to content


Reply
Stone Emissary
jellygator
Posts: 7
Registered: ‎06-07-2011
Accepted Solution

Fake AV & oddities

About a week ago, I got an e-mail from my daughter and in a Bambi moment, clicked on the link even though there wasn't a message from her to me personally, only to discover a website advertising Viagra. I immediately ran Housecall, which detected and cleaned a virus. So far, so good.

 

Yesterday, I was surfing the web and trying to find a photo using Google. I didn't find what I was looking for, or anything close enough to click on to enlarge it. I gave up, then clicked the start button of my toolbar to do something offline, when suddenly my computer was nuked. I got a fake AV screen reporting 32 viruses and a bunch of error messages. It blocked Internet access, denied task manager access, and made it appear that all of my files and programs were gone. When I rebooted, I went to run the recovery program. At first it allowed me only to go into DOS, but the only command that worked was C:\dir, which showed that everything, including my root directories, had been subverted. I rebooted again, and tried getting into the recovery, which seemed to run as normal, until it came time to actually boot up again. I got an error message saying it hadn't been completed and to rerun it (which kept looping, even after I did rerun it), and only a black screen and cursor after a brief glimpse at the orginal wallpaper that came on the computer.

 

So the files are still there, but access to them is not. Can someone tell me if there's a way to recover the computer's HDD?

Please use plain text.
Trend Micro Employee
arteec
Posts: 1,277
Registered: ‎07-08-2010

Re: Fake AV & oddities

Hi jellygator,

 

I would like to know what recovery program you were referring to? Can you please tell us how you reset your computer settings to its previous state.

 

Artee :smileyhappy:


I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.
Honored Esquire
stephen
Posts: 119
Registered: ‎12-27-2010

Re: Fake AV & oddities

[ Edited ]

It looks as if that is a common fake AV program that goes under many guises.  I'm not sure why Trend AV doesn't detect/kill it, but ....

 

Try rebooting in safe mode, and running the free MalwareBytes AntiMalware.

http://www.malwarebytes.org/products/malwarebytes_free

 

Also see other suggestions on the thread http://community.trendmicro.com/t5/Malware-Discussions/I-m-infected-with-Windows-Vista-Security-2011...

Please use plain text.
Stone Emissary
jellygator
Posts: 7
Registered: ‎06-07-2011

Re: Fake AV & oddities

[ Edited ]

(Duplicate post) See below

Please use plain text.
Stone Emissary
jellygator
Posts: 7
Registered: ‎06-07-2011

Re: Fake AV & oddities

I attempted to reset my computer's setting using the F10 command when rebooting, since nothing else was accessible. The first time I tried it, it asked which drive I wanted to log onto. I entered the number for the C: drive, and simply looked it over to see what was there ... since it had shown my computer as having NO files when I had looked while in Windows mode - Start > Programs > (Empty). I rebooted again, tried the F10 command again, and this time it worked as I'd expected it to, showing me an option to destructive reformat or to restore to an earlier time. I chose restore to an earlier time, and this was the point where it looped and re-running did not solve.

Please use plain text.
Honored Noble
galbicka
Posts: 162
Registered: ‎02-26-2010

Re: Fake AV & oddities

I just cleaned up something very similar for someone. In my case I was able to identify the rogue processes running in task manager and end them. Then system restore to a previous restore point worked fine and got rid of all the nasty processes. Then I had to manually unhide her files because they had been marked hidden. During my research I did find a tool to use to unhide the files but decided to do them manually myself. Now all is well.

Please use plain text.
Stone Emissary
jellygator
Posts: 7
Registered: ‎06-07-2011

Re: Fake AV & oddities

There was NO access to anything like Task Manager, regedit, msconfig.

Please use plain text.
Trend Micro
slabster
Posts: 426
Registered: ‎08-18-2009

Re: Fake AV & oddities

hi jellygator,

 

please see if you can still run the fakeav removal tool found here

 

http://esupport.trendmicro.com/Pages/Fake-Antiviru​s-FakeAV-Removal-Tool.aspx

 

cheers!


I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience. Now posting as erza.
Please use plain text.
Stone Emissary
jellygator
Posts: 7
Registered: ‎06-07-2011

Re: Fake AV & oddities

[ Edited ]

I can't do anything at all. It won't boot up at all. Black screen, arrow, and an error message is all that there is. (The error message is the one saying "Recovery did not complete. Re-run recovery."

 

That's why I was wondering if I can remove the HDD and put it into an external drive, then use a new computer to scan the drive perhaps? (And need to know if it can infect and destroy new computer when I do that...)

Please use plain text.
Trend Micro Employee
arteec
Posts: 1,277
Registered: ‎07-08-2010

Re: Fake AV & oddities

Hi jellygator,

 

Can you try running the computer in safemode with command prompt and try restoring the computer to an earlier state. You may refer to this Microsoft Support Link on how to do a System Restore in Command Prompt.

 

Regards,

 

Artee :smileyhappy:


I am a Trend Micro employee. My comments and advice come from my personal knowledge and experience. I’m happy to volunteer what I can to help others have a great Trend Micro experience.
Please use plain text.