1 2 Previous Next 11 Replies Latest reply on Sep 8, 2010 11:29 AM by Claire

    What should I do first?

      I was having trouble with a game I was playing on my laptop and went to the game's website to request help via their support option when a program was downloaded to my desktop called Antimalware Doctor and I started getting all kinds of windows popping up saying my computer was infected, etc.  I immediately shut down the laptop and am writing this on my desktop.  I did see the posting on this community board stating that I should run Windows Update and also update my McAfee software.  I did see before I shut down the laptop that my Security Center was green.  I was getting messages saying that "they" were trying to get my passwords, etc. which is why I shut down immediately.  I did try to delete the Antimalware Doctor, but was not able to.  Do you recommend I update Windows and McAfee first and then contact McAfee support?  I did turn the computer back on for a minute to see if the downloaded program was still there and it was.  Appreciate any help you can give me.

        • 1. Re: What should I do first?
          Jubo

          First I would read this document: https://community.mcafee.com/docs/DOC-1294

          and when that doesn't help I would download, install and run the MalwareBytes program here: http://www.malwarebytes.org/

           

          Let us know how it goes...

           

           

          Message was edited by: Jubo on 8/25/10 3:04:58 PM PDT
          • 2. Re: What should I do first?

            Hi  Jubo

             

            I followed your instructions.  What the scan (in Safe Mode) said was:  Real Time Scanning is off (even though when I look when not in safe mode it says it's on); Virus and Spyware protection needs attention and also Parental Controls need attention.

             

            Whatever is going on is preventing me from getting on-line to download the Stinger Tool.

             

            Some of the messages I'm getting are:  Security Warning:  Application cannot be executed.  The file lulnchr.exe is infected.  Do you want to activate your antivirus software?

             

            Antivirus Software Alert:  Virus Attack, etc.

             

            Logitechupdate.exe is infected.

             

            Windows Security Alert:  File intuitupdate infected

                                                 File sprtsvc. exe infected

             

            I'm going to attempt to download the Stinger tool onto a cd on this computer and then save it to my desktop on the laptop...not sure if that will work, but I'll give it a try.   I'm also curious as to why McAfee didn't prevent this whole mess in the first place...why did it allow this "Antimalware Doctor" onto my computer?  Any ideas?  Would certainly like to avoid this ever happening again.  Thank you for your help.

            • 3. Re: What should I do first?
              Jubo

              Actually, which Windows version is installed on the computer? Did you check whether it's up to date with the latest patches & updates at the Microsoft Update website? There the first thing it does is to run a anti-virus/malware program.

              From which program do you get these warnings? Are they coming from the malware program?

              Did you run the "Malwarebytes" program? You can download the Anti-Malware program here, download and run the free verwion. This one usually get most of these malware programs off the computers.

               

              More things you can do is to try to run an online scan like her: Windows Safety Scanner, and/or download/install and run the Microsoft Malicious Software Removal Tool.

               

              Last but not least, check this Bleeping computer forum with removal instructions for this malware program.

               

              Let us know how it goes...

              • 4. Re: What should I do first?

                Hi again

                 

                I tried the free McAfee virus removal tool, the malwarebytes.org site and a free chat with a McAfee Tech, but wasn't getting anywhere fast so I decided to go to the McAfee pay site.  The tech walked me through a lot of it and then took over and removed what was left.  Turned out I had two infections.  I eventually realized that it was my fault and not McAfee's that the virus got in.  When I was trying to get help with my game, I wasn't paying attention and let the program in....I first thought that it was part of the site that would help me with the game.  I now know that I was careless....should have known better, but I've (hopefully) learned my lesson.  Thanks for your help.

                • 5. Re: What should I do first?
                  Jubo

                  Thank you for posting back your results. Stay safe!

                  • 6. Re: What should I do first?

                    Hi,

                     

                    I'm having the exact same problem as described by TS.  Sorry for my ignorance, but how do I follow any of the instructions mentioned above if I can't get to any website?  I have just downloaded stinger to my work-pc & will try to run it on my home laptop later today & do another scan.

                     

                    tnx...

                    • 7. Re: What should I do first?

                      Hi

                       

                      I downloaded the free virus removal tools from my desktop onto a usb stick and then just plugged it into my laptop and ran the programs off of that.  As I said in a previous post they weren't successful in removing the viruses.  I had gotten tired of trying to remove it myself  after trying for an afternoon and the next morning and opted for the paid service which worked well.  I would try the other suggestions such as the windows malicious tool before giving up and paying for removal.  I will tell you that if you opt to pay, they will help you for five days, which was very helpful because the day after the viruses were removed, I was getting messages that said some dll files were missing...the messages didn't seem to hurt anything, but they were annoying...so I called them back (they give you case and incident numbers) at no further charge and the tech was able to fix whatever stuff had been left over.  One other thing I will tell you about the paid service is the first tech could not help me to get on line, which is crucial to them being able to fix the problem remotely..he even had me call my service provider who advised that I did have online access....the mcafee tech that I called later that evening was able to get me online so I'm thinking some of the techs have more experience than others...all in all though they were very accommodating and I felt they did their best to help me.  Good luck in getting rid of your problem and I'd appreciate your letting the community know if you were able to resolve your issue.

                      • 8. Re: What should I do first?

                        Hi,

                         

                        tnx for your response.  I found this website (http://www.bleepingcomputer.com/virus-removal/remove-av-security-suite) and decided to give that a go since

                        a. it told me how to get back on any website (the virus makes IE point to a proxy)

                        b. I also had that "Security Suite" besides the Antimalware doctor

                         

                        I followed their instructions, and downloaded malwarebytes anti-malware.  I did a full scan (took about 2hrs), it found several infected files, I removed them & rebooted.  Didn't help.  I then took my computer off-line & ran the scan again.  Still didn't help...  Ran the scan a 3rd time, and then also noticed the "file assasin" feature.  I used that to remove the folder where I think the virus was actually in (there was a shortcut on my desktop for th Antimalware doctor, I noted down where this pointed to but was unable to delete it).  With the "file assasin" (how do they keep coming up with these names????), it did work.

                         

                        I gave it another go by getting back on-line & rebooting.  Had my pc running for another hour or so going onto various websites & no more annoying pop-ups & alerts!  I'm pretty chuffed with myself that I managed to get rid of it without spending 59.95€!

                        • 9. Re: What should I do first?

                          Hi

                          i had the same problem with the antivirus popups, comp was becoming unusable, and looked at the same site. Downloaded all the stuff etc but still could not get rid of the pesky popups and warnings. I then went to localsettings/applications/application data and looked for files that I did not recognise. I found one that had been downloaded the day the problems started so I cut and pasted the file on to my desktop (in case it was something important), re-booted and fingers crossed everything seems to be working again. I am also feeling chuffed at having sorted it out myself. The file that seems to have been causing all the problems was called hvbiflhuqiw.exe it was in a folder called ertilqxad and is suposedly a security suite for windows from security suites corporation.

                          1 2 Previous Next