We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

Remove Virusburst

waytron
waytron asked
on
Medium Priority
407 Views
Last Modified: 2013-12-04
I have this little icon on the task bar that links to Virusburst.com that keep popping up with critical errors found.  I have scanned with everything I have and still cannot  get rid of it.  I have used, Adaware, SpyBot, ewido, AVG, Microsoft Defender and Norton Antivirus.

Any ideas of how I can get rid of this thing?
Comment
Watch Question

CERTIFIED EXPERT
Author of the Year 2011
Top Expert 2006

Commented:
Hi waytron,
I would make sure all of you Security applications have updated definitions, then re-boot to Safe Mode and do a complete HD scan.

Vic
Naser GabajE&P Senior Software Specialist
CERTIFIED EXPERT

Commented:
Greetings waytron,

The best for such issues is Webroot spysweeper:

http://anti-spyware-review.toptenreviews.com/

Good Luck!
Naser

Author

Commented:
Hi YKoungy,

Yes I updated all definitions and then disconnected from the internet and scanned in both normal and safe mode.
CERTIFIED EXPERT
Author of the Year 2011
Top Expert 2006
Commented:
waytron,
Sounds as though you're making the right moves.

Try these two next and we'll get a deeper look at some stuff.

Vic

1. Systernals also has a 'rootkit revealer' program.
Give it a try: http://www.sysinternals.com/Utilities/RootkitRevealer.html


2. Author: rpggamergirl
http://www.experts-exchange.com/M_3598771.html

Get the newest version of HJT:

(an already renamed hijackthis)
http://danborg.org/spy/hjt/alternativ.exe

Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.

Then, if still nothing show up in the log, run other diagnostic tools.

Next, download and run this tool, this fixes most common malware and will also give us a log to look at.
Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you.
Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Well, I am stumped...  I gave up on this machine last night and pulled it off the bench.

I just plugged it back in to work on it again and the problem is now gone.  Go figure....

I will let it run for a while and see what happens.

If it comes back I will continue with the above.

Thanks
CERTIFIED EXPERT
Author of the Year 2011
Top Expert 2006

Commented:
While you're waiting, go ahead and review all of the Event Viewer logs for any Warning or Error messages - that may give you some clues to what was going on.

Look for 'Event ID' numbers that can be researched (they tend to be kind of cryptic).


Vic
CERTIFIED EXPERT
Top Expert 2007

Commented:
If it comes back, let us look at your hijackthis log first.
Hijackthis log tells us what malware infection is in your system, we can then give you the exact tool to remove it, rather than trying so many different ones to see which ones works.

VirusBurst popups belong to smitfraud infection,  hijackthis log confirms whether you have smitfraud or not.
I wouldn't like to just suggest Smitfraudfix just incase it's not smitfraud because you will lost your desktop then and I don't want you to panic.

But usually VirusBurst comes with smitfraud.
CERTIFIED EXPERT
Most Valuable Expert 2013
Commented:
rpggamergirl is spot on, this is smitfraud

The fix can be downloaded here: http://siri.geekstogo.com/SmitfraudFix.php
plus instructions - basically you unpack it to a folder on your desktop, boot into safe mode and run it to clean your system.  It will reset your desktop wallpaper, internet home page etc so there's a bit of housekeeping to do afterwards but the annoying icon and its bubble will be gone for good!
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.