Have virus, need help removing it

I apologize if this is in the wrong section. If it is, please move it over, thank you.


So, to make a long story short, my sister came home from university and her laptop is infected with a program called Internet Security 2010. It's acting like a legit antivirus program (i.e. it says her system is infected with a virus, when actually IT is the virus ><) and it has disabled the task manager option. I've tried looking for it so I can uninstall the program, but I can't find it. Right now I'm running Avira AntiVir but I'm doubtful that it will take it away.

I've done some research on this Internet Security 2010 malware thing, but I'm scared to download (or try to) any of the programs that say they can take it away, many of them also require a purchase. So with the task manager option disabled, any way I can delete this thing without having to fully wipe the hard drive?

 

Are you running 32 bit?

If you are, my first suggestion would be try Hitman Pro. You are infected with a rogue anti-virus. Hitman Pro has a new feature called "Force Breach", which is very effective at removing rogues. Check out this link abt what "Force Breach" does (watch the you-tube video).

OR

Secondly i would suggest running a full system scan using MalwareByte's Antimalware in safe mode.
Cheers & Good Luck. [This option would be simpler. Internet Security 2010 is detected by both MBAM & Hitman Pro]

 

This is to enable the task manager for starters.

Other than that run avira, MalwareByte's Antimalware and spybot search&destroy in safe mode. If the system still acts weird also run sfc /scanall in case something got replaced in the system files, then report back to see where we are

 

Ahh, I should have been in safe mode. Will get back to you tomorrow. Also, she's using XP 32bit btw.

I also tried to enable the task manager like you said, but as soon as I hit OK, it says the same message I get when I try CTRL+ALT+DELETE. "Application cannot be executed. This file is infected. Please activate your antivirus software." Thanks for the fast reponses! +rep

 

Yeap sounds like the malwares doing, scan with the antivirus first in safe mode, run the command to check the system files then try to re-enable the task manager.

Can you run msconfig btw ?

 

I didn't try msconfig before, but now I'm in safe mode and both msconfig and regedit work now. Should I just ignore them for now and try the antivirus programs again?

Oh, and I ended my superspyware program prematurely so I could start over again in Safe Mode, but when I did, it already deleted some malware from the laptop, including the icon for the Internet Security program from my desktop. I'm guessing this is good news right?

 

Depends on how clever the malware is Usually they just replace the files when you reboot (IF you manage to delete them).

No need to test msconfig now, do the AV tests and the system files check, then after you reboot in normal mode test both msconfig and task manager so see if they got fixed

Also if you dont mind paste the location of the infected files, might be useful for later if the problem is not fixed.

 

Ahh I see. Well, I'm gonna get some sleep. Looks like doing the antivirus thing in Safe Mode is a lot slower than normal. Will update tomorrow.

 

http://www.bleepingcomputer.com/virus-removal/remove-internet-security-2010

 

So after running my AV programs, I restarted the machine, logged in, but now it hangs on the welcome screen and everything is painfully slow. I can see the taskbar at the bottom, along with the clock, the start button yadda yadda yadda.

And 5 minutes later I get a blue screen of death :/
Should I go back to Safe Mode and fool around with msconfig? I enabled the Task Manager again also

 

Yeap, go into safe mode, open msconfig and disable any "strange" applications in the startup tab and under services (tick the "hide all microsoft services" under services tab to help you focus on the others).

 

I'm having a little trouble finding anything suspicious under the startup and services tabs. This may be the result from my inexperience with with sort of thing

Another factor that I guess I should bring up is that when I try to reboot xp the normal way, the fan kicks in on full blast and the area directly under the heat sink panel becomes very very hot. Now, I'm not sure if this laptop had heat issues before (unable to download a monitor since it eventually crashes or takes a year to respond), but I'm guessing it can't be good? Or is this just some weird side affect?

 

Hitman Pro is one of the best at malware removal and detection (5-engines). I think you still try scanning with Hitman Pro.

 

I would try, but the system runs so slowly now that it's impossible to do anything as it'll eventually show a blue screen of death. The fan is working hard when I'm just trying to access the desktop. Is it overheating now? If I wait 10 minutes, it will load up some programs (like Avira, AIM, connect to the internet), but then it'll go BSOD.

Edit: Maybe the laptop is just dying? It's about 6 years old now, and she didn't take care of it or respect it at all

 

I'm kinda in the same boat as you ton247, I got a virus on my desktop that started out as the same symptoms as yours, but I managed to get it "stableish". (It BSODS HARD when I try to run Office).

I'm wondering, would it be possible to boot into a linux live CD and run an anti-malware software off of that?

 

This happened to me a couple times. Had to restore the OS each time eventually. I have made clones of the drive since. Installing a clone should be faster than doing a restore.

 

Gonna try reinstalling XP.

 

Make sure you format because reinstalling wont delete the virus from your hard drive.

 

Gotcha, thanks

 

Before you do anything (if you havent already started), check task manager in case something is eating our cpu usage.

 

I did, and nothing was out of the ordinary. I think the thing that was eating up the most cpu was explorer.exe

 

By what percent ? If it feels slower it means its either hdd activity or cpu usage (most probably) which both could be fixed since something must be using them.

 

Arg, I dunno. I'm already on the last stage of installing XP Hopefully I didn't goof up ><

All I remember is that it was running around 20,000k (whatever this means @.@) and the CPU usage was at %100 the whole time until BSOD

 

Yeap means that something was eating all the usage hence why it was slow, too bad you reinstalled your OS, but its always for the best. IMO its better reinstalling after you get infected and making sure you wont get anything "weird" again

 

Its defiantly infected with something since you also got a BSOD which is pretty strange.

 

Meh, then what's done is done.

Now, for prevention. I installed Avira Antivir Personal and SUPERAntiSpyware on there, and I tell her to make sure they're doing updating every day (along with Windows updates) and do a scan once in a while. Should I also install the MalwareAnti-thing you guys suggested earlier? Or will that conflict with Avira?

 

Its an on demand scanner so it shouldnt conflict since it only scans for infections when you run the program and press scan

 

Ahh okay. Well, looks like things are pretty stable on my end, so I'm going to take my leave for now. Thanks for all the awesome man, wish I had some internet cookies to send to you!

 

Hehe Depending on what hdd(s) you own there are some backup software out there (free for some hdd brands) and Acronis true image as paid (along with some others but thats the one i use) which can backup your computers current state and restore it in less than 10 mins in situations like this one. Worth checking them out.

Also theres the windows 7 feature i never tried which you might want to check that one first since its free

 

Now that you've eliminated the malware with a fresh reinstall, make sure to also clean the laptop from dust.
If it's six years old and your sister isn't too subtle in handling it, maybe there are some dust bunnies that need to be removed.
A can of compressed air can do wonders in keeping the CPU temps acceptable.

 

Agreed with Baserk.

Clean out the laptop.
Although, in addition to the can of compressed air, I recommend opening up the laptop, removing the cpu fan and cleaning out the remainder manually.

You'd be surprised just what little maintenance can do for a laptop or a desktop in general.