I seem to have been infected with the above virus/malware, started getting pop-up this evening. I've managed to get round it with some help from this forum (https://community.mcafee.com/message/218231#218231 ) but have a couple of extra questions, dunno if you guys can help out?
1 - I've removed the 0.64etc.exe file that the previous link refers to. The pop-up isn't happening anymore. I checked my start-up info but there isn't anything that jumps out at me in there. The only one I can see is stored on a file path I can't access HKCU/etc etc. Anyone know how I access that or could it be that this version of the ware doesn't require it?
2 - Just before this happened my wife was using our laptop and clicked 'enable' on a pop-up refering to doubling our battery life - could this be the cause of it?
I'm obviously running a McAfee scan etc now. Any answers or pointers would be great.
I'm sure everyone would jump at the chance of doubling battery life, an impossible dream unfortunately. With these fake anti-malware pests, if you realise it's happening don't click on anything, even the 'X" to close it, just power off.
Did you try jumping back in time to before it all happened by using System Restore?
If successful temporarily disable System Restore in order to delete the infected restore point.
If not possible try Stinger and Malwarebytes Free linked in the last clickable link in my signature below.Message was edited by: Ex_Brit on 27/07/12 9:05:53 EDT PM
It seems to have been resolved by deleting the file entitled 0.6etc.exe. After posting this I completed a full McAfee scan and it removed three files so I thought that should be OK?
Have given my wife a crash course in what to do and not to with dodgy pop ups!
It's just come back. I rebooted in safe mode and there was a file in the same place as before, which I deleted. I'm just downloading malwarebytes, thanks for the link.
You can't restore the computer to before all this happended using System Restore?
If not & all else fails then try the Hijackthis routine listed near the bottom of that link in my signtaure and post its log on one of the forums I listed there.