Yeah a trojan. Specifically asjx.win32. A fake pop up and a downloader for anti virus appeared on the other pc aswell as disabling my task bar. removed the cable from it. Any help on removing it? Dont want to access the interet on it. Its being taken to the shop tomorrow unless I can eliminate it.

 

Assuming you mean asx.win32, I'd download malwarebytes on a different PC, copy it to a FRESHLY FORMATTED flash drive, bring up the infected PC in safe mode, load the tool and run to clean.

Sophos indicated that this one propagates through removable media, so you might stare an evil eye at any recently-touched flash media.
http://www.sophos.com/security/analyses/viruses-and-spyware/w32autorunasx.html

 

Ouch, hope it worked out for you in the end dude, I just finished removing the ave.exe myself. Not even sure how I got it.

 

I've tried running Malware but not in safe mode. Spastic move by me. I'll boot it into safe mode now and see what results I get.

---------- Post automerged at 10:17 PM ---------- Previous post was at 10:27 AM ----------

Ran Malwarebytes in safe mode, found them, tried to delete them, couldn't delete one of them and had to say it would delete at boot up again.

Restarted it but then it wanted to restrict Malwarebytes and something else so I didn't allow the change but when it comes up again I'll write it down and see if any of you can make sense of it? I just dont wanna fuck it up so I'm extra cautious.

---------- Post automerged at 11:14 PM ---------- Previous post was at 10:17 PM ----------

SysteGuards: Internet Explorer restrictions
Location: C\Documents and SettingsSystem
User\Local Settings\Temp\system.exe

Thats the first one. I haven't clicked it yet but should I block or allow? I know sweet F' all about this kinda stuff so apologies if I appear to be a cock.

 

Yes, block it. There aren't any safe executables stored in the Temp folder (or really anywhere under c:\Docs and Settings, as it's all... docs and settings). Not being snarky- it was just funny to me at that moment.

I take that back- some Anti-virus engines run a single [random name].exe from the Temp folder, but it would be recreated by the A-V app, so go forth and block!

I would actually recommend blocking anything Malwarebytes suspects is a problem, but write down the name (or print the log) so you can go back and enable it if you were mistaken. You're better off losing some small extra function if it means the system runs clean.

 

Ran Malware several times, once in normal, once in Safe and once in Safe and Networking. Says its removed all of the infections but pop ups keep appearing that were there when I was infected.

 

I'd think it's worth a few extra runs through; sometimes these things infect in layers.

Delete contents of C\Documents and Settings\[each username]\Local Settings\Temp

Delete contents of C:\Windows\Temp

Search for files updated in the last few days- anything .exe or .dll, rename to .exe.BAD or .dll.BAD (write down the names and locations in case they're actually supposed to be there)

If you're comfortable playing in the registry... nahh, that's going to get dicey. I usually will Export and then remove the listings under HKCU\software\Microsoft\Windows\CurrentVersion\Run and HKLM\software\Microsoft\Windows\CurrentVersion\Run, but that's a tricky thing and might not do much good. Only for the desperate move.

If that doesn't make progress:
Save important files off to Flash media, then format hard drive. Reinstall Operating System.

If you're dedicated to defeating the thing, take it to a Pro (you'll have to pay) or someone you know that gets paid more than $45K a year to do this sort of thing (Corporate types are more likely to be careful with the work and can be plied to help with the promise of beer and grilled foods). Do this before trying any registry tricks if it's an option, as a mis-step on your part will make their job ten times harder.

 

Someone suggested a System Restore, would that do anything to help? And I've logged onto the Administrator account and my personal account but I don't think that would make a difference?

 

System restore will restore you to the point of the last Saved Restore Point. If you haven't made one, the last one will probably be when the OS was updated by a patch. It could be a few days if you're on Automatic Updates, or it could be a few months. Even so, you'd want to rerun the Malwarebytes to see if infection still lingers.

Access rights change depending on the user, but the infection is in the system files if it keeps coming back. If you logged in as a different user and ended up operating clean, then there's a reason to cheer. More likely it isn't a factor.

Basically this is what goes on: the evil software drops some ninja code as files on your system in various places, then alters the Registry or application settings to make sure the code gets launched whenever certain normal system functions are accessed. The virus cleaner keeps a list of known files that get added or targeted in this way, along with typical registry keys that get modified- this is why downloading a new copy of Malwarebytes is always the better option. Each run through, the virus cleaner tries to kill or mad back that which it detects as bad juju, but the stuff is usually running in memory and often confounds the cleaner's attempts to root it out by re-copying the code file. This is why running the app multiple times in Safe mode (rebooting after each 'successful' run) before trying Normal mode is the best practice. Don't go back to Normal Mode until the app runs clean.

If Malwarebytes says it has quarantined a file but it keeps coming back, try this:

Create a text file using Notepad. save and close it. Rename the file to match the file that keeps getting re-created, including the extension (the system will mention that it probably won't act right if you do that- it's okay). Right-click on the file, go to Properties and mark the file as Read-Only. Copy the file into the place where the bad file keeps getting recreated. Restart into Safe mode and run that cleaner again!

 

I'll keep running it in Admin mode till its away then in my name, then if it goes away I'll system restore and try again.

 

Try windows essentials, free, and worked like a charm when I had win32.

 

Absolutely not. Windows anti-virus programs are worth exactly shit. If Malwarebytes couldn't get rid of it completely, Windows Essentials won't even get close.

I would suggest doing a system restore. Your computer will probably have a selection of points to choose from - restore to about a week before you got the virus to be safe. Scan your computer again before you even connect to the internet. If system restore doesn't get rid of it completely, it may knock the virus loose enough to be picked up by Malwarebytes. Like wordhammer said, run it in safe mode until you're clean.

Edit: Put a copy of the Malwarebytes installer on your flash drive, so you don't have to go online to reinstall it when the system restore uninstalls it.

 

Registers as no infections but the pops up still appear and system restore has been restricted.

 

I had the exact same virus on my laptop just a few weeks ago. What I did was, as Raven said, reboot the computer and log-in as administrator (mine has an two users: administrator and my personal, I don't know if it's different for others) in safe-mode.

From there, I ran AVG which cleaned the pc for the virus. I haven't had any problems since. To be safe, I created a new user for myself instead of using my old one.

This is what the virus did before I erased it:

1. Started popping up these virus warnings and wanted me to buy an obviously fake anti-virus product (just like it happened to you).

2. Then it stopped and instead started to deny me access to all programs (including AVG) and files except for Internet Explorer.

3. And then it started using up all of my computer's power, making it slow as hell. It also started erasing random files and games.

I hope this helps!

 

The thing about a fake anti-virus pop up sounds to me a lot like a SmitFraud virus. Try http://siri.geekstogo.com/ and see how it goes for you.

 

I had this problem too. I just put Malwarbytes on a Flash drive (from another computer), then ran it from the flashdrive, and it took away that stupid fake anti-virus bullshit program off of my computer on the first run through. It saved my ass from another formatting job. AVG didn't do jack shit, and neither did Ad-Aware SE. Both are bullshit programs to start with. Malwarebytes is the way to go. Keep it on your computer after the virus is gone.

 

Just because Malwarebytes did the trick in your situation, don't be dismissive of other solutions. No IT professional worth their salt puts all their faith in one tool. AVG is an excellent consumer alternative to the preventative anti-virus apps from Trend, McAfee and others, while costing the home user nothing. It protects against infection in ways Malwarebytes only handles as a repair function.

Ad-Aware, Spybot S&D, AVG, Malwarebytes, are all part of my toolpack for PC troubleshooting. I've also heard good press on Microsoft's protection solution for Windows 7- in this arena more than any other, you cannot sit static in your choices.

Besides, in this case Malwarebytes clearly hadn't caught and killed the culprit.

 

Going to try Shezza's advice by reconnecting my interent cable to the main pc and downloading the SmitFraud fix. Will let you know what happens.

---------- Post automerged at 02:13 PM ---------- Previous post was at 01:43 PM ----------

Not sure if this is anything but register editing has been disabled.:|:L
Yeah I can't delte the files because Register Editing has been disabled by the admin, so I think the virus has done this.XD>.>