[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

infected with Fake av

Posted on 2011-04-18
16
Medium Priority
?
715 Views
Last Modified: 2012-05-11
I have a frined that was infected with fake av. In teh past I have done a system restore, but thisis not workinng. What can I do remotely to help him resolve the issue
0
Comment
Question by:zenworksb
  • 5
  • 3
  • 3
  • +2
14 Comments
 
LVL 3

Expert Comment

by:JChrison
ID: 35420567
First you have to tell us which is the name of the fake antivirus.

Try to find the fake antivirus on Control Panel ->  Add/Remove Programs and uninstall it from there. If you find the fake antivirus there, then you have nothing to scare of. it is just a way to make you insert credit card information.

If it is not listing on Add/Remove Programs then it is probably a kind of virus or just an adware. See and inform us here...
0
 
LVL 38

Accepted Solution

by:
younghv earned 2000 total points
ID: 35420585
As noted, we can't help you without some more details.
I have a couple of Articles here on EE that might help you get started.
http://www.experts-exchange.com/A_5124.html (Stop-the-Bleeding-First-Aid-for-Malware)
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)
0
 
LVL 8

Expert Comment

by:databoks
ID: 35420589
Use rkill and iexplorer and explorer.exe from bleepingcomputers.

Google the page. Run them one by one. Install malwarebytes and you are ready to go.


After malwarebytes has scanned reboot And reagan to make sure that the virus is removed.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 

Author Comment

by:zenworksb
ID: 35420612
it keeps saying wltuser is infected doyou want to update your antivirus. I am rebooting to try and get into add remove programs
0
 

Author Comment

by:zenworksb
ID: 35420676
I remotes revolted and avg wanted to quartile so now those messages are not coming up but I open ie and says diagnose issues ?
0
 
LVL 8

Expert Comment

by:stevepcguy
ID: 35420724
In the title bar, it should say the name of the fakeware, like "Antivirus 2011" or "Internet Security". It also appears in the right side of the task bar, especially if you point to it. That will give you/us the info to identify it.

Different viruses have different ways of infecting your computer. Rebooting to get to add/remove programs won't help, since it's disabled, along with a lot of other programs.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35420769
zenworksb,
The detailed steps of what you need to do are in the Articles I linked above.
Take the time to read them and you will know what to do.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35422948
@databoks,
You are repeating advice that has already been give and you apparently don't understand that "rkill and iexplorer and explorer.exe" are simply different names for the same program.

In the future please take care to read the prior comments before posting.

The specific site guidelines for this are here:
http://www.experts-exchange.com/help.jsp#hs=30&hi=416
Are there guidelines for answering questions?
Read previous posts before commenting: It is important to read the entire thread so that you know the current situation. That will keep you from posting a duplicate answer or one that has already been shown not to work. If you basically agree with another comment but have something more to add, remember to give credit for the original suggestion -- mention that Expert by name -- in your post.
0
 

Author Comment

by:zenworksb
ID: 35480451
sorry guys left home for a while I am back. I will disregard the comments that are not helping the issue, I am able to remote the computer, but not access the internet, so my question is how do you proposed I get malewarebytes etc I will try and transfer through my remote and I m working on this now. Thanks for the helpful comments up to this point.
0
 
LVL 8

Expert Comment

by:databoks
ID: 35481143
I can't see that i have my answer has been reported more than one time. And Rkill and Iexplorer is not the same.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35482266
@databoks,
Your suggestion was an exact duplicate of the advice I had already offered - but neither you nor the Asker seem to have realized that.

You also apparently do not realize that that the download links at Malwarebytes for "RKill" list 7 different file names for the that program (http://www.bleepingcomputer.com/download/anti-virus/rkill)

In the future, you might consider actually reading the advice you are offering as a 'Solution'.

**************

@zenworksb,
I gave you the step-by-step instructions for resolving this problem - and I gave you exact links to the tools you needed to effect the repairs.

Would you please explain why you ignored my comments when selecting a "Solution"?
0
 
LVL 8

Expert Comment

by:databoks
ID: 35485106
@younghv:

You are right and i am wrong. If it was possible i would have gived the points to you. I didn't see the links.
0
 
LVL 8

Expert Comment

by:stevepcguy
ID: 35486152
@zenworks: Dude, it's an old story here on EE- You post a question, people make suggestions. At least acknowledge it by tossing out a few points, even if you solved it yourself. Most likely that some of the suggestions helped. Not necessarily for myself, but I know people here give their time.

@younghv: You're obviously quite intelligent and have put in a lot of time here on EE. But look closely at your answers. Some of them come off as pretty arrogant. Just sayin', that's how they're looking on this side of the screen.  I know I'm the noob in these forums, but perhaps a fresh perspective might help.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35486558
@stevepcguy,
If you thought those comments were arrogant, you probably would have considered the first few versions (deleted before posting) downright hostile.
:)

I help out at a few IT forums and the basic guidelines in all of them are the same - "Don't repeat prior advice" - or at least acknowledge it if you have some improvements to offer.

It is extremely irritating to offer step-by-step instructions - with detailed links to the tools needed - and then be completely ignored by the Asker.

Especially when the "Solution" is nothing but a vague reference to the names of some malware tools.

In any event, I have asked the Moderators to step in and review the situation - just so we can get an unbiased view.

Thank you for your comments. I did let my irritation show and that doesn't really help anyone.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question