Thanks Vinoo, I thought about that, but in the heat of the moment.........
I'm wondering why the people behind this can't be caught. Obviously if they are charging
for a solution, there is a trail to them.
Agreed Vinoo but I'm only doing what several paid virus removal services would do....not mentioning any names.
It was just a suggestion in any case.
Message was edited by: Ex_Brit on 17/10/10 2:24:40 EDT PM
Antivirus Action blocks nearly everyting on the computer, but it allows you to use Internet Explorer. Here's a quick set of instructions on how to remove Antivirus Action (it may not work for everyone):
1. Start Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.
2. Click on the Connections tab and then click on the Lan Settings button.
3. Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the OK button to close the Internet Options screen.
4. Downlaod Process Explorer. Before saving Process Explorer onto your computer, rename the installer procexp.exe to iexplore.exe. With all of these tools, if running Windows 7 or Vista they MUST be run as administrator.
5. Run iexplore.exe (Process Explorer). Now, you should see a list of active processes on your computer. Look for process name with random characters., i.e. hdreladagnz.exe. Righ click the process name and to see where the .exe file is located. It should be located in:
C:\Documents and Settings\UserName\Local Settings\Temp\ for Windows XP
C:\Users\Username\AppData\Local\Temp\ for Windows Vista & Windows 7
6. End the process using Process Explorer and then delete the file.
Best of luck!
My computer got this ''Virus'' to. I could not open my internet, itunes or any disks. I found it and deleted it. However, my internet still wont work, everything else seems to be ok tho. Any suggestions please??
You probably just need to set your internet lan options to auto detect.
open iexplorer - goto tools - internet options - connections tab - lan settings - check automatically detect settings.
I was infected by the virus and downloaded Gsusp.zip. When I try to run it, it asks for a password. I read the other posts and it doesn't appear anyone else ran into this issue. Did I miss a step?
Thanks for your help in advance.
Further to techrumy's helpful post, in a scenario where a user is prevented from running any other application except iexplore.exe here's help!
1. On the affected system, execute the "net pause winmgmt" command from the run menu (not the command prompt). Once you get back control of the system, execute a "net continue winmgmt" (this is optional).
2.Alternately you could download and run McAfee GetSusp tool to regain control back of the system. GetSusp handles this class of FakeAlert Trojans and uses many other nifty techniques to detect malware.
More on this method used by Rogue Antivirus software is described here:
https://community.mcafee.com/community/security/malware_discussion/consumer/blog /2010/09/12/security-warning-application-cannot-be-executed-the-file-is-infected -do-you-want-to-activate-your-antivirus-software-now
@leenie: The password for the GetSusp.zip available for download is "clean'. The logs and samples it creates are stored in gsusp.zip with the password "infected".
Here is the culprit. Reboot into safe mode and delete this file.