Virus blocking Internet Options and everything else

Discussion in 'Malware Help (A Specialist Will Reply)' started by MPLMarketing, Jun 2, 2009.

  1. MPLMarketing

    MPLMarketing Private E-2

    I have a virus that downloaded some sort of fake anti-virus program to my toolbar. This program has pop-ups that continually come on claiming that my computer is infected and then runs some sort of fake scan, and attempts to prompt me to register (which is only available to do on-line btw). The program is preventing me from opening any applications to get rid of it (i.e.- Spybot, Malwarebytes, MGTools or SuperAntiSpyware) and also prevents me from getting on the internet, opening any applications in the control panel, etc. The message from the phony program popup states that whatever application I choose is infected and prompts me to run their anti-virus program. I can temporarily begin using SuperAntispyware when I reboot and run it quickly, until the fake-program catches up and kicks in (it will run until the Internet Options is being scanned where it will stop). Other programs will not work at all, spybot doesn't run on startup, and I cannot add/remove any programs, as as soon as I attempt to do so it will flicker open then closed. The fake program (which is a black and gold shield on my toolbar) won't allow any movement, instead attempting to direct me to use the program which will put me on the internet [I've unplugged the internet cord] I have previously worked with you guys and have had much success, but this one is beyond me and my scope! If you someone had some advice I would greatly appreciate it!
     
    MPLMarketing, Jun 2, 2009
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    Are you sure that you tried to download and run MGtools.exe? While malware or other Windows issues could prevent it from running, most of the time it will run especially if tried in safe boot mode. The main problem however would be that MGtools logs alone will typically not allow us to properly figure out what it wrong since it is primarily an information collector and is not designed to detect malware that has hidden itself with rootkit like methods.

    Please try downloading the current version of MGtools and rename it to MGtools.com (yes to MGtools.com). Then try double clicking on MGtools.com to see if it will run. Attach the log if it runs.

    Please also check for what the below procedure mentions:
    TDSSserv Non-Plug & Play Driver Disable

    Also disconnect your cable to the internet and reboot your PC in safe boot mode. Then see if Malwarebytes will run a scan.
     
    chaslang, Jun 3, 2009
    #2
  3. MPLMarketing

    MPLMarketing Private E-2

    Resident Shield Alert- hidec.exe

    Good morning,

    I have a fakealert "Resident Shield Alert" virus that keeps popping up. I have run SAS, Malwarebytes, Spybot in "standard mode". It would not allow me to run Combofix in anything but "safe mode" and would not allow me to run MGTools in either mode, with another popup stating that I didn't have the authority to run this. I still have this Res. Shield fakealert popping up and running SAS, MB and Spybot brings the same results. Please advise.

    Tim W.
     
    MPLMarketing, Sep 3, 2009
    #3
  4. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    I merged your thread back to the one you never finished with Chaslang. Please keep all your replies in this thread.
     
    TimW, Sep 7, 2009
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds