4 Replies Latest reply on Jun 16, 2011 10:04 AM by Arrlington

    Vista Total Security 2011 for Vista question?

      I got this nasty little bugger on Saturday night before I went to bed it tricked me into making me think my computer was full of trojans and viruses.

       

       

      Ive tried Malware Bytes with no luck as well as HitmanPro they both crash before they get done scanning.Hitman actually continuously keeps saying not responding within a few minutes of scanning it does this every single time.

       

       

      Malware picks up 2 objects that it has detected when I do a full scan then it crashes not long after I mean the computer as well.

       

       

      I tried a system restore though this afternoon and I dont see any trace of Vista Total Security 2011 anymore. But I am suspicious and worried that it is not completely gone I am running Malware Bytes right now just in case to see if it picks up anything.

       

       

      Please let me know if any of you have tried system restore to get rid of this I need to make sure it is COMPLETELY out of my computer permanently.

       

       

      My Mcafee did act up after I clicked restore so that made me suspicious automatically.Especially how it kept saying the computer was not secure and for me to turn on real time scanning.Everytime I turned on real scanning it turned itself off within minutes every single time.  Now it seems to be fine though it says the computer is secure and the green check is lit up beside it.

        • 1. Re: Vista Total Security 2011 for Vista question?
          Peter M

          If you already have Malwarebytes installed try rebooting into 'Safe Mode with Networking' which is choice number 2 on the menu you should get by tapping F8 repeatedly while booting up.

           

          That should allow you to update it and run a full scan.

           

          MBAM will operate and update in that mode just as in regular mode.

           

          The bets removal guide on the web is here: http://www.bleepingcomputer.com/virus-removal/remove-win-7-internet-security-201 1

           

          Scroll down the page as the first links you see are advertising.

          • 2. Re: Vista Total Security 2011 for Vista question?

            Thank you for the speedy response Ex-Brit I have actually tried that page that was one I was trying yesterday actually it didnt work or help.

             

            I also discovered as I tried to download that RKill http://www.bleepingcomputer.com/download/anti-virus/rkill that Mcaffee warned me about it automatically and said it contained all kinds of vicious things inside of it. So I blocked the download automatically.

             

            I also tried the FixNCR.reg yesterday as well that also did not help at all.

             

             

            The restore seems to have helped but thats why I said im still suspicious not sure if its completely gone or not.

            • 3. Re: Vista Total Security 2011 for Vista question?
              Peter M

              I think in that instance you should have ignored McAfee's warning considering how insidious this malware is.

               

              Your best bet now to get peace of mind would be to run Hijackthis and post its log on one of the following forums for expert advice, perhaps the BleepingComputer one considering it's their instructions that are giving problems.

               

              Don't try to do act on HJT's findings your self.

               

               

              DOWNLOAD HIJACKTHIS

               

              Do not post Hijackthis logs here, we can't help with  those!

               

              Post the logs at a specialist Forum:

               

              AUMHA

               

              BLEEPINGCOMPUTER

               

              MAJOR GEEKS

               

              MALWAREBYTES

               

              MALWARE REMOVAL

               

              SPYWAREHAMMER

               

              SPYWARE INFO

               

              WHATTHETECH

               

              Be sure to read all the sticky announcements/instructions at the top of each malware forum!

              • 4. Re: Vista Total Security 2011 for Vista question?

                There seems to be a "cluster attack" with "ransomware" in progress. I visited two well-known general circulation newspaper websites. I attempted to download a photograph of a person featured in a news story and the "Windows Internet Security" or some variant immediately made its presence visible. I have also observed that sometimes just visiting a website is all that is needed to initiate an attack.

                 

                Here is my approach, which may change as the nature of the attacks change.

                 

                1. I insure that all security updates are installed on my computer as soon as they become available. (I note that when the attack started once, the download of any file was blocked by the malicious software.)

                 

                2. I keep Malwarebytes Anti Malware updated and available from a right click context menu. I also keep Spybot Search and Destroy available and update it frequently.

                 

                3. I flip the switch to deactivate my internet connection as soon as I observe the symptoms of an attack. A trojan is introduced that imports additional malware and viruses to my machine, so turning off the internet prevents the situation from degrading. I try to avoid rebooting my machine before I have cleared the infection because rebooting seems to embed the cluster of programs deeper into my computer.

                 

                4. I keep a second computer available that is not networked with my main computer. That way, I have been able to learn about the nature of the attack. Recently, during one attack, a malware attack from malware that was introduced over a year ago started. I obtained the name of the malware from Malwarebytes Anti Malware. This malicious software spawns multiple instances of ATTRIB.exe and sets almost all file attributes to "hidden" and "system" on the computer and any attached drives. As a result, it appears as if all files and most applications have vanished.  They will not reappear even after the infection is cleared. The unlucky computer owner will have to learn how to use the old DOS application ATTRIB to restore all files to their original condition. Please open up a DOS window and type "Help ATTRIB" to learn about the various switches. (You will need to use many of the switches). Make sure that you understand how the software works before you begin to use it.

                 

                I think things are going to get worse before they get better. I noted one thread regarding this new cluster of attacks that a well-informed author estimated that criminal gangs were clearing over $1 million per week to offshore accounts with this "Ransomware" attack.

                .

                 

                Message was edited by: Arrlington on 6/16/11 10:04:07 AM CDT