help with a virus

Just got a call from a relitive about my grandma's pc. Internet was not working, had them reset it. I could log in via Hamachi/vnc. The AVG resident protection was turned off, I enabled it, then just kept getting virus warning about win32/pirate. tried to move them to the vault, It asked for a restart, did that, now they told me you click on the user to log in and it will but turn around and log right back out. I will have the pc on Friday, Is there any saving the pc / what the heck happened to it. Thanks, Bryan

 

Welcome to MajorGeeks.com, when you get the computer please follow our standard cleaning procedures:

http://www.majorgeeks.com/images/grenade.gif Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

• Make sure you check version numbers and get all updates.

http://www.majorgeeks.com/images/grenade.gif Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

http://www.majorgeeks.com/images/grenade.gifAfter doing ALL of the above and you still have a problem, make sure you have booted to normal mode and run the steps in the below thread to properly use HijackThis and attach the log:

http://www.majorgeeks.com/images/grenade.gif Downloading, Installing, and Running HijackThis

• Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around..

http://www.majorgeeks.com/images/grenade.gif In your next post, please make sure you attach the following logs and that you have run these scans in the following order:

• CounterSpy - ONLY IF you were not able to run Windows Defender
• Bitdefender - from step 6
• Panda Scan - from step 6
• runkeys.txt - the log from GetRunKey.bat
• newfiles.txt - the log from ShowNew.bat
• HijackThis

NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!

 

Thanks for the reply, however the pc is 150 miles away from me now! just looking for some advice before I tackle the job. Would prefer not to waste half a day when reloading windows is faster .

Bryan

 

Any virus removal will take some time and work. The best thing for you to do is read thru the READ ME, get an idea, download the tools to a CD and do the best you can.

I posted the READ ME and initial cleaning steps for you when you get to the computer. It's up to you what you do. If you need any help just let us know.

 

I appreciate the help, I do have all the tools in listed, I should have rephrased my question, it sounds like the pc won't stay logged in, How can I stay connected to do anything, that is what has me goofed!!!!! Thanks again for the quick responses.

Bryan

 

One more thing, the malware removal page is different that last time, same stuff, just diff.

 

The easiest way to do a cleaning is to do it all in Safe Mode. The reason is, in Safe Mode only the bare services/processes are running. In most cases the malware isn't running in Safe Mode unless it has locking handles in explorer or winlogon files in which case advanced removal is required.

The basic tools you will need I will list below just in case. This should do the job, if internet is availible I would run the Bit Defender scan and have it remove anything found. You can also run Spybot, Ad-Aware, CounterSpy and Windows Defender if you think it needs it but that's up to you. I just want you to know what there is available.

 

Thanks again, I love CCleaner, been using it for 3 years now, I works great

 

Your Welcome!

Let us know if you need help.