Fake PC Performance & Stability Analysis Report

I had some fake malware pop up while looking around on 4chan (not downloading anything). It pops up with a fake scanning thing then I couldn't access IE or Firefox.

I've run through the cleaning procedure but I had problems.
MGtools wouldn't run. I got a command prompt window that said "'find' is not recognized as an internal or external command, operable program or batch file."

I've been running everything in safe mode because otherwise whatever it is takes over. I get a lot of web page redirects and when I tried starting the computer normally the fake scanner popped back up. Also, a lot of the programs in the start menu can't be accessed and appear as if they're missing (I can't find them in windows explorer either, so maybe they got deleted).

 

You have a really bad executable file patching virus called Expiro as well as a Max++/Sirefef/ZeroAccess rootkit. The Expiro virus has already patched many essential Windows executable files.

Expiro is a Windows executable file infecting virus. It is also capable of stealing credit card information gathered from the affected machine.

Your best bet would be to reformat your computer without backing up any data in my opinion, as it looks like it has already patched thousands of executable files.

You just downloaded this... well it has already been patched/infected

You have to be extremely careful on what files you try to backup (if you do have files that need to be backed up) because even if you only backed up one file that is infected and placed it on the clean install of Windows, the infection will start all over until every executable on the hard drive is patched again.

You should also check on the status of your credit cards FROM A CLEAN COMPUTER or by phone.

AVG has a removal tool for it although I am unsure of its effectiveness. You may want to give it a try though: http://free.avg.com/us-en/win32-expiro

More information on the virus can be found here:

• http://www.f-secure.com/v-descs/virus_w32_expiro_a.shtml
• http://www.microsoft.com/security/portal/threat/Encyclopedia/Entry.aspx?Name=Virus:Win32/Expiro.V
• http://www.pandasecurity.com/homeusers/security-info/152625/Expiro.A/
• http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=671084

 

Thanks.
If I had an external hard drive plugged into this computer before i realized there was a problem could it also be infected?
If so, can it be saved?

 

It could be as the infection is capable of spreading to other hard drives.

Taken from the links I sent you.

I would recommend at least scanning the external drive with Malwarebytes and then attach that log if you'd like for analysis.

If it does not find anything, you may be safe to back up those files back to Windows after installation. Or if you decide to try the special AVG tool instead of reinstalling Windows. Microsoft Security Essentials (MSE) also claims it is able to successfully remove it, but then you still have the ZeroAccess rootkit to deal with and that one can be very stubborn.

You can get MSE at www.microsoft.com, but the ZeroAccess rootkit will typically prevent you from running any AV while it is still present.