Musician Forum - Band Discussion Board - BandMix

I don't know what the hell happened, but I got hit pretty hard with this one. I was looking up song lyrics and clicked on the WRONG site!! All of the sudden there was this Microsoft looking scan in progress and the only thing I can do on my account is purchase "ANTIVIR" antivirus. I can't do anything else. All "exe" functions are infected. I can't even run an antivirus CD. I can't run any cd.

If I try to get on the internet with my main account, it just starts immediately opening up pages until it maxes out, and asking me if I want to purchase ANTIVIR now.

I may not be a genius at these kinds of things (in fact I know I'm not), but something tells me the ANTIVIR is the virus.

Luckily I have a guest account, otherwise I wouldn't even be able to post here. My guest account hasn't been infected.. Well. Unless I try to install an antivirus or anti-spyware. They won't even run on the guest account. I'm going to try a few more times, but so far no success.

Any suggestions?

Boot to safe mode:
http://www.computerhope.com/issues/chsafe.htm

Trying running anti-virus then.
If using XP you can roll back to the last known working date. These are set I believe? Then run your virus thingy.

Oddly I'm switching from Linux to Windows for a month or so. What I'm hearing makes me understand how safe I feel where I am.
Hope this helps?

Dude, so far, no luck. I will try that though. So far, the only program I've been able to install is my Webroot Spysweeper. The only reason I was able to install it is because it allows me to install from the guest account. All others make me log in to the main account, and the virus corrupts the installation. Basically anything 'exe" gets corrupted.

So I guess I'm gonna go and buy a Webroot cd from the store. I tried downloading a trial version, and once again, it gets corrupted from the main account, won't let me use it as a guest. It has control of my Main Account web browsers. Does a lot of crazy things including corrupting anything that get's downloaded. Well.. Except for the "ANTIVIR" I could easily buy to get rid of all of my problems.

The Spy Sweeper was able to run from the main account though. So I guess I'll try my luck with a Webroot Anti-virus.

The virus is listed as:
Win32/Nuqel.E
BankerFox.A

Anyone heard of this?

Same SOB that got me all F/U. Still not completely recovered even after doing a complete destructive recovery process. My daughters BF said it attaches itself to some drive or another thereby protecting itself.
I need professional help.
You may too.

People who create these things should die a slow horrible death and be given a one way ticket to Hell where they belong.

Take your hard drive out of the infected machine and put it as a secondary drive in another machine. Then run your virus scan from the other machines master hard drive. Do not run anything from the infected drive while it is in the other machine.

Shredd6 wrote:People who create these things should die a slow horrible death and be given a one way ticket to Hell where they belong.

I don't understand why people would do something just to be destructive to another's property..

People suck.

HA!!! Success!!

So after trying McAfee, Spy Doctor, Norton, Avast.. Webroot took it right out.

In a geeky way, it was pretty cool to watch the Virus battle it out with the Webroot.

#1- Webroot was the only program that allowed me to install through the the guest account by being able to login to the main through it's program (probably doing the same thing Slacker was talking about, only using the guest account instead of another machine.. I guess)

#2- Once I logged in to the main, the virus tried to block the Webroot from accessing their website (automatically) for installation, and the Webroot bypassed Internet Explorer and automatically connected through Firefox. I was getting alerts from the virus that Webroot couldn't operate properly and needed to be reinstalled, then Webroot immediately blocked about 5 things. After that it was ready to scan.

As it was scanning, the virus was freaking out and accessing IE over and over again, prompting me to buy "ANTIVIR", automatically accessing websites for different products etc.. Alerts were popping up all over the place from both the Virus and Webroot.

But in the end.. Virus GONE!!

So there you go. All of the other Anti-virus programs SUCK!! Webroot is BOMB!

Antivir manual removal

Kill processes: antivir.exe
(ctrl alt delete - choose Task manager - click on Processes tab - click on Image Name to sort alphabetically - click End Process after hilighting antivir.exe)

Click windows Start Button - click Run - type regedit.
If it won't open under Guest account, Click into My Computer - System drive - Windows folder - find regedit.exe, then Right click 'run as', then enter your normal account name and password.


Delete registry values:
HKEY_CURRENT_USER\Software\EVAACD
HKEY_CLASSES_ROOT\CLSID\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AV"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\post platform "WinNT-EVI 25.11.2009"
HELP:
how to remove registry entries

Unregister DLLs:
UpdateCheck.dll
HELP:
how to unregister malicious DLLs

Delete files:
antivir.exe UpdateCheck.dll Antivir.lnk Uninstall.lnk
HELP:
how to remove harmful files

Delete directories:
C:\Program Files\AV
C:\Program Files\Common Files\Uninstall
C:\Program Files\Common Files\Uninstall\AV
C:\Documents and Settings\All Users\Start Menu\AV
Other programs to remove Antivir:
• Malwarebytes

Found that on the net, and inserted my own notes/instructions.

gtZip wrote:Antivir manual removal

Kill processes: antivir.exe
(ctrl alt delete - choose Task manager - click on Processes tab - click on Image Name to sort alphabetically - click End Process after hilighting antivir.exe)

Ctrl Alt Delete wasn't even possible. It was immediately shut down every time I tried it.

Thanks for looking that up though. The Virus is done as far as I can tell, but I'll look into that now that I can access the task manager.

Sweet.
I'm gonna have to get me some of that.

GT, I checked the stuff you posted, and I don't see any of it. The product I bought today was Webroot Essentials. Saved my ass. Good product.

Every time somebody has computer problems he/she explains the symptons but never the OS. Shredd glad you've resolved the problem because without knowing what operating system you are using the only advice I could offer for your virus is Chicken soup.

You know, now that I think about it, you're right. My bad man. It's a Dell PC with windows XP.