Jump to content

Virus problem?

Genzel

By Genzel
in Off-Topic

 Share

Recommended Posts

Genzel Experienced

Genzel

Posted
  • Author
Posted (edited)

It is stored with the files that seem to copy the icons for the windows help center and things. Its is with an icon storage file and if I open it in word pad, it is a bunch of gibberish. Editing the file does nothing, when vz.exe restarts it is remade and changed back.

 

Trying Malware bytes now, and I am able to use the program unlike Ad-aware, but maybe that just means its not going to work.

Edited by Genzel
Link to comment
Share on other sites
paganwannbe Grand Master

paganwannbe

Posted
Posted

how do you try to use ad-aware and how do you use malware bytes? do you need to right click the press start?I know it attempts to stop the anti virus/malware/spyware stuff

theres not much else I can think of right now I see what I can find to help you hope you can fix it

Link to comment
Share on other sites
DarkWarrior45 Enthusiast

DarkWarrior45

Posted
Posted

Reading through the thread, it sounds like you've landed with a variant of smitfraud. Where I work at we use the name smitfraud to refer to any virus or trojan horse that poses as a legitimate anti-virus/spyware program, such as the one in your case. Smitfraud WILL take down and disable your antivirus, and it WILL keep some programs, such as malwarebytes and ad-aware from running. It's purpose is to sucker you into providing some kind of sensitive information, such as a credit card number, to ID thieves. Long story short, you're dealing with some funky stuff.

 

The first you need to do is boot Windows 7 in safe mode (and btw, I sure hope you're running 32 bit). You start win 7 in safe mode by mashing down the f8 key while the machine is booting up. Download and run this: http://www.bleepingcomputer.com/forums/topic308364.html. This is rkill, it will kill an malicious programs running and knock them off the windows process list.

 

Now, if you're running 32 bit win7, then download and run this: http://www.bleepingcomputer.com/download/anti-virus/combofix

This is combofix, I call it a virus killer. Some anti viruses will mark combofix as the artemis trojan, this can be safely ignored; it's not a virus.

 

If you're running 64 bit, run rkill and then run whatever else you got at it while booted in safe mode.

 

Either way, the key is getting into safe mode and killing the malicious processes. And you're probably looking at reinstalling windows, just to warn you.

Link to comment
Share on other sites
Genzel Experienced

Genzel

Posted
  • Author
Posted

Reading through the thread, it sounds like you've landed with a variant of smitfraud. Where I work at we use the name smitfraud to refer to any virus or trojan horse that poses as a legitimate anti-virus/spyware program, such as the one in your case. Smitfraud WILL take down and disable your antivirus, and it WILL keep some programs, such as malwarebytes and ad-aware from running. It's purpose is to sucker you into providing some kind of sensitive information, such as a credit card number, to ID thieves. Long story short, you're dealing with some funky stuff.

 

The first you need to do is boot Windows 7 in safe mode (and btw, I sure hope you're running 32 bit). You start win 7 in safe mode by mashing down the f8 key while the machine is booting up. Download and run this: http://www.bleepingcomputer.com/forums/topic308364.html. This is rkill, it will kill an malicious programs running and knock them off the windows process list.

 

Now, if you're running 32 bit win7, then download and run this: http://www.bleepingcomputer.com/download/anti-virus/combofix

This is combofix, I call it a virus killer. Some anti viruses will mark combofix as the artemis trojan, this can be safely ignored; it's not a virus.

 

If you're running 64 bit, run rkill and then run whatever else you got at it while booted in safe mode.

 

Either way, the key is getting into safe mode and killing the malicious processes. And you're probably looking at reinstalling windows, just to warn you.

 

What is safe mode supposed to do exactly? When I was in safe mode the virus was still running. I am using 64 bit. If it comes to reinstalling windows, what will happen to my computer and files? Thank you for the info!

Link to comment
Share on other sites
DarkWarrior45 Enthusiast

DarkWarrior45

Posted
Posted

What is safe mode supposed to do exactly? When I was in safe mode the virus was still running. I am using 64 bit. If it comes to reinstalling windows, what will happen to my computer and files? Thank you for the info!

 

 

Safe mode boots only system required files and programs. Think of it as windows without any clothes. Run rkill while in safe mode and then run malwarebytes, ad-aware, and/or spybot (preferably all three).

 

If you do choose to reinstall windows, then you will need to back up your files to something else, such as an external hard drive or another computer. And if you do choose to reinstall windows, and you've never done it before, then it's probably best to have someone help you. This is a pain in the rear initially, but it's really better in the long run.

Link to comment
Share on other sites
Genzel Experienced

Genzel

Posted
  • Author
Posted
I ran rKill last night and successfully closed the vz.exe process. I assumed the virus would come back after startup today, but it has not returned. I am still going to run rkill in safemode and run multiple anti-virus scans, but for now the problem seems to be gone. Thank you for the help.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...