• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1286
  • Last Modified:

How do I get rid of this virus scserver.exe

I recently got a virus on my computer. It's 3 months old. When the computer starts up it goes into a windows live scan mode and says there are several things wrong with my computer. Now it has a window I can close Warning Security alert to enable protection. When I go to my browser to download malware protection, it closes the browser.  

I want to clear this and add AVG free anti virus. How do I do this?
Windows 7 Toshiba Satellite L 675
Thank you
Art
0
artismobile
Asked:
artismobile
  • 23
  • 19
  • 2
  • +5
1 Solution
 
younghvCommented:
Hi Art,
Can you give us some more details on the symptoms you are seeing (a screen shot would be great).

If we can identify the exact version of malware you have, we can give you more targeted advice.

You might want to review my Articles here for more details:
http://www.experts-exchange.com/A_1958.html 
http://www.experts-exchange.com/A_1940.html 
0
 
artismobileAuthor Commented:
I can use this computer to communicate with you but the infected computer can't reach the internet because of the virus.  It starts in a protected mode and opens Windows Optimal Tool. It asks to do a full scan.  You can't click out of it so you have to scan. hit ok. it scans and says licensing error update error, etc. Makes you open the windows optimal tool license manager.  Wants purchase license but you can click away from that. Then gives another warning screen with hkcmd.exe error to deny or enable detection.
0
 
mattclarifiedCommented:
Hi,

Reboot your pc and keep tapping f8 at startup unitl you get the menu for 'Safe mode'
You will need to go to another PC and download malwarebytes from www.malwarebytes.com and copy via a USB memory stick to the infected computer.
Run this while in safe mode and it should clean everything for you.

M@
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
younghvCommented:
If you re-boot the infected computer into "Safe Mode with Networking", you should be able to access Malwarebytes (MBAM) (http://www.malwarebytes.org/mbam.php)

When downloading, save to your "Desktop" and use the "Save As" function (Internet Explorer) to rename the file.
The instructions are included right in that link.

Downloading and transferring via a USB stick will not give you the latest definition files, but MAY still work (SCServer.exe is pretty old malware).
0
 
artismobileAuthor Commented:
When I open in safe mode, the Windows Optimal tool still shows up to scan
0
 
younghvCommented:
Also, if you do the scan in "Safe Mode" (not recommended for SCServer.exe), be sure to re-boot to "Normal Mode" and do another complete scan.
0
 
younghvCommented:
You may need to run "TDSSKiller" to stop some of the processes it is running:
http://support.kaspersky.com/viruses/solutions?qid=208280684

http://support.kaspersky.com/downloads/utils/tdsskiller.zip
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

(Download to your working computer, then copy to the infected one.)


0
 
artismobileAuthor Commented:
The only option I have after starting in safe mode is to run this Optimal tool. Are you saying to run this?
0
 
younghvCommented:
Please DO NOT try ComboFix yet.
I may be necessary later on in the process, but should never be your first choice for repair tools.
0
 
younghvCommented:
Hold the phones!

Malwarebytes have some detailed instructions from "Optimal Tool":

http://www.bleepingcomputer.com/virus-removal/remove-windows-optimal-tool
0
 
younghvCommented:
This is a really interesting situation.
The posts from Malwarebytes/Bleepingcomputer are dated today and yesterday - really current stuff.
0
 
artismobileAuthor Commented:
I Just noticed the date. Maybe I'm making history! <wink!>

O.k. I'll reboot to safe mode, let Optimal run, use the usb to transfer from the safe computer and follow these instructions.  I'll report back after
0
 
younghvCommented:
NO!
Do not let "Optimal" run.
It is fake.

On your good computer, go here and read about it:
http://www.bleepingcomputer.com/virus-removal/remove-windows-optimal-tool 

(You're right about the history part, first time I've seen this one EE.)
0
 
mmarketingCommented:
Often these viruses are installed in users folder. Start up in safe mode as suggested earlier. (Holding down F8 during start up) and log in with administrator (often no password is set). See if the tool runs. If it still does, try to create a new user account on the system and log in on the new user account.

When you've managed to gain Internet Access download Hitman Pro. This anti-malware software scans your files in "the cloud" so proces is less likely to be interrupted by the malware.

http://www.surfright.nl/en/hitmanpro
0
 
younghvCommented:
@mmarketing,

I agree that HitMan Pro is a great generic tool, but I don't see it being recommended anywhere as a fix for the "Windows Optimal Tool" infection.

If you have a specific link for that, please post it so we can all learn something.
0
 
artismobileAuthor Commented:
I know Optimal is fake but it won't let me move from the screen until I do.  This is a good one.  When I try to install the Rkill from the thumb drive, it won't let me open the program.  I recognizes it as a "Threat" Of course when I place the thumb drive in the computer, auto play doesn't work. I don't see how I can load the first step, Rkill
0
 
upalakshithaCommented:
can you open task manager?
0
 
younghvCommented:
It is a 'good one' indeed.

I'm reading through the details of the instructions as we go along and just saw this:

"Therefore, when it tells you that it must perform a scan press the OK button to allow it to do so. Windows Optimal Tool will now perform a fake scan and then state you need to open the License Manager. Press the OK, Open the license manager button"
0
 
artismobileAuthor Commented:
Where is task manager?
0
 
artismobileAuthor Commented:
Yes,
I have made it to the desktop screen but I can't open the first step.
0
 
upalakshithaCommented:
press ctrl + Altr + del  >> task manager
0
 
artismobileAuthor Commented:
No task manager. brings me back to the Warning!
0
 
arnoldCommented:
Go through the repair option and go to a point before this issue came up.
If you do not have anything customized i.e. documents, etc.
The quickest thing is to restore the system to the state when you bought it with the only issue if you created the restore disks.

Are you able to launch taskmgr (ctrl-shift-escape) with which you can kill the extraneous process/es.
0
 
edbedbCommented:
Is there an icon for it on the desktop or an entry in the programs list?
0
 
mmarketingCommented:
@ younghv: hitman pro usually gets the job done in these cases.

@artismobile have you tried logging in as an administrator user in safe mode or to create a new user?
0
 
artismobileAuthor Commented:
Can't launch task mgr
0
 
younghvCommented:
Art,
I will be glad to continue working with you, but all of this extraneous advice is confusing me.

If you will respond by name, it will help eliminate some of the confusion.

The guy writing the instructions for this removal (Grinler) is just about without peer in the anti-malware business and no one posting in this question has anywhere near his experience and expertise.

I suggest that we walk through his instructions and if they don't work, I will bow out.

Thanks,
Vic
0
 
artismobileAuthor Commented:
Once I log in as safe mode, Windows starts then this Optimal thing. It doesn't give me a chance to do anything else. In the advanced boot I can log in:
Safe mode
safe mode with networking
same mode with command prompt
enable boot logging
last known good configuration
directory services restore mode
debugging mode
disable auto restart on system failure
disable driver signature enforcement
start normally
0
 
artismobileAuthor Commented:
Ok Vic,
Let's get it done!
Art
0
 
younghvCommented:
OK - got it.

I'm afraid that I posted that "Safe Mode" advice before finding the information at bleepingcomputer.

I just read through the instructions again and they do not say that.

Let your computer boot to Normal, let the Optimal Tool run its course, then see if you can 'click the X' to close it.

Standing by.
0
 
younghvCommented:
Just to clarify - I am following the instructions about 1/3 of the way down this link
http://www.bleepingcomputer.com/virus-removal/remove-windows-optimal-tool

The section title is:
"Automated Removal Instructions for Windows Optimal Tool using Malwarebytes' Anti-Malware:"
0
 
artismobileAuthor Commented:
Yes, and it still won't allow me to open Rkill and won't let me access Explore 8. .it closes after a few seconds.
0
 
younghvCommented:
If you have Rkill on a USB stick, try copying it over to the infected computer as "xyz.exe", then try to run it.

(Sophisticated malware 'knows' the names of several anti-malware tools and can block them from starting.)
0
 
artismobileAuthor Commented:
O.k.
I just changed the name, it went to a c prompt, said it was terminating malware to be patient
Gave me a log in notepad says it was completed. That warning is done. Now do I do the shell.req as a download on the infected computer or usb?
0
 
younghvCommented:
Great news!

Let's try it the easy way first - from the infected computer.

If that doesn't work, we can do the old IT-2 step and use the USB stick.
0
 
younghvCommented:
Also - just as a precaution...
From now on use the "Save As" function (in Internet Explorer) and use phony names for your downloads.

0
 
artismobileAuthor Commented:
Yes! On to download Malwarbytes I'll let you know.

(You don't want to know the new save as name I used...something like...take this you..you get the idea)  <grin>
0
 
younghvCommented:
LOL!

I always admit that my language in the workshop is not fit for tender ears. On occasion, I make up new swear words to fit the situation.
0
 
artismobileAuthor Commented:
To say the least!
Doing a quick scan now.
0
 
younghvCommented:
OK - note "Step 11"
If MalwareBytes' prompts you to reboot, please do not do so.

0
 
younghvCommented:
(Never mind, you're past that.)

You should Abort the "Quick Scan" and do a "Full Scan".

(Step 13)
0
 
artismobileAuthor Commented:
All done! Looks cleared.  A lot of work for this one wasn't it? I'll load AVG on that computer.
Thanks for the hard work!
0
 
younghvCommented:
A thought for you - before you do AVG (which I used to recommend).
Take a look at this Article and just give it some consideration - before deciding.

http://www.experts-exchange.com/A_1958.html 
....

Really glad this (seems to have) worked - but re-boot and run some basic functions as a check.
0
 
artismobileAuthor Commented:
Thanks for that tip too. I've been a fan of EE for years now and I always follow the advice.
Yes, all functions are operational.
Thank you!
0
 
younghvCommented:
Great to hear!
(Phew!)

See you around the Zones (but not this one too soon).
<Grin>
0
 
younghvCommented:
Art,
If we're good to go here, close it out and I'll move on to help someone else.

Thanks,
Vic
0
 
artismobileAuthor Commented:
Yes! Hopefully not this one! You worked hard for the points!
0
 
artismobileAuthor Commented:
Great instruction! The solution was perfect!
0
 
younghvCommented:
Art,
Fair to say that we both learned a whole bunch on this one - thank you.
Vic
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 23
  • 19
  • 2
  • +5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now