Do I have a virus forcing me to buy a "AntiVirus"?
21 replies, posted
.
Scan with Malwarebytes.
Boot into safe mode and run a MalwareBytes virus scan.
Boot into safe mode and do a scan with MalwareBytes.
Alright, I'll try it downloading it now
[editline]17th October 2010[/editline]
I did a quick scan, found something and I think I got rid of it, yet my problems are still here.
It's why you have to do a full scan.
Also there was a thread earlier with a similar thing, about java loading and suddenly getting a 'virus'.
What might help is go to C:/Windows/system32/drivers/etc/ and right click the 'host' file and select 'edit'. If you know what the host file does, you can be careful and remove the suspicious ones, if you have no idea what it is and you never used it before, it is probably no problem to just erase it all and save it.
But maybe it's best if you post the content of the host file here.
It's a virus all right, went to in in a sandboxed browser session and I got about 13 different files in my sandbox. Then the alert popped up.
Empty sandbox, problem solved.
What's a sandbox and i'll do what you said in a second BrQ
[editline]17th October 2010[/editline]
My C:/Windows/system32/drivers/etc/ has hosts, imhosts.sam, networks, protocol and services
right click the file 'hosts' and click on 'edit'
post content here
I'd do it if there were an edit button
[QUOTE=TehSpah;25464080]I'd do it if there were an edit button[/QUOTE]
Double-click, open with notepad.
Also the virus is now making porno.com and Viagra adds come up even when my internet isn't up.
Well then boot into safe mode and MBAM that shit.
Virus closes it, I guess I'll have to get on safe mode and try
[editline]17th October 2010[/editline]
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
Is this what you wanted
You can run your browser in sandbox mode with some software like sandboxie. What it basically does is it 'cages' the application you run in sandbox mode, meaning that if you'd run your browser in sandboxed mode and go to that one site, it will not allow any files to be downloaded and put outside sandbox. Any files that will be downloaded will remain in the sandbox and is basically trapped there until you delete it.
It is also used to check whether a file is a virus or not, you run it in sandboxed mode and it will not be able to deal any damage to your system.
[editline]17th October 2010[/editline]
yes, it's what I needed
unfortunately it's of no use because nothing bad is in it.
You should go to safe mode again and run a full scan this time in malware bytes.
Alright, thanks i'll be back when the full scan is done.
[editline]17th October 2010[/editline]
Show's 3 objects are infected so far, still going, 26 minutes in. I'm scared
alright it finished, i removed them. looks like that didnt do anything 2 of them were Maplestory hacking dll's so my guess is they were false positive, but the 1 that wasnt I also removed and i'm still not allowed to do shit
I thought WebKit in SteamUI didn't load Java, you know because of it being a giant security hole when ran on untrusted websites. I tried it with Minecraft alpha on the site, doesn't load one bit.
If MalwareBytes fails, then download a program called Spyware Doctor, and a batch file called rkill.exe
Alright, I think I have it under control I needed to update MBAM.
When this happened to me, I rebooted(not safe mode) and opened Task Manager the SECOND I was into windows before the 'antivirus' could initialize. Then I looked for a weirdly named .exe and killed it. Searched for it and viola! All was right with the world.
[QUOTE=TehSpah;25464141]Virus closes it, I guess I'll have to get on safe mode and try
[editline]17th October 2010[/editline]
# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
Is this what you wanted[/QUOTE]
get on another sign on with admin privelages.
2. Download malware bytes or delete the old sign on.
3. Scan or proceed if you took the 2nd option.
4. have fun
Sorry, you need to Log In to post a reply to this thread.
