BMW Luxury Touring Community banner

1 - 13 of 13 Posts

·
Registered
Joined
·
211 Posts
Discussion Starter #1
I use my computer to keep pictures of my beloved K1200LT. (now its motorcycle related) I don't know which area to post this on, but here goes. Last week I got the dreaded FAKEAV virus. This is the one that a window pops up telling you your computer is infected and you need to click on the link to "clean" your computer. I did NOT click on the link. Instead, I forced a shut-down of my computer. I rebooted, then when my computer came up, a green window appeared and said something to the effect that "passwords are being stolen, click here to activate your virus software now". I knew this was not my software, so I shut down again. I disconnected from internet, rebooted in safe mode with networking, downloaded the latest version of malwarebytes and it found 15 infected files. (I constantly run Trend Micro Internet Suite, but it never detected anything.) Afterward, all seemed to run smoothly, but now I cannot access microsoft updates. The malware had initially disabled my own virus software, which I did get back working, so I am guessing that it did something to this as well. No matter what I do, I still cannot access microsoft updates to keep my computer updated. I run Windows XP, SP3. I am not a computer guro, so you must speak S L O W L Y. Is the malware still on my computer or did it damage some files that is preventing me from accessing microsoft updates? I await your wise guidence....
 

·
Registered
Joined
·
3,525 Posts
It screwed up your registry.. It's added lines to prevent anything that could help you from running... The fact that MalwareBytes is one of the few things that will run leaves one wondering if they're not involved in this virus.

Here's the fix...

Open regedit...

go to HkeyLocalMachine/software/Microsoft/windowsNT/image file execution options

Underneath that are a bunch of lines. You have to go thru them one at a time and delete all the ones that say servicehost.exe

Leave the ones that have another type of registry entry....When you get them all deleted then reboot and all should be back to normal...

There is a registry patch to fix this but I dont' have it handy...It's easy enough but time consuming to fix manually...

If you need more help. maybe google "registry patch for fakeAV" or something like that....

Good Luck... It's still fixable...

John
 

·
Registered
Joined
·
3,525 Posts
Another thought.. After you fix the registry. If you still can't get to update.

You might still have a hijack in your hosts file..
Browse to .. Local drive c:\windows\system32\drivers\etc

There you will find a file called Hosts. there other similarly named files but the one you want is just hosts..

Open the file using notepad. right click and select "open with"
Then select notepad. Be sure that the "Always open the file with this program" is UNCHECKED...

Delete any entries besides

127.0.0.1 localhost

then save the file. If it won't save then there are other ways to skin that cat but I don't want to start any big tutorial here..

If you don't understand these instructions, Then get one of the neighborhood kids to do it...

Good Luck

John
 

·
Registered
Joined
·
1,080 Posts
As an IT guy I hate these SOBs that do this.

I got one last week for the first time in over 5 years. And it was on my company laptop.

The virus I got was "Antivirus Suite" .

It kept telling me that every application was a virus, and would not start anything but IE. IE would start, but it was hijacked.

I did a restore point in Windows XP and ran a MalwareBytes’s Anti-Malware remover and I hope all is well.

I have run my AV every day this week to make sure that I am still clean.

I hate these F'ers
 

·
Registered
Joined
·
12,165 Posts
pauleknight said:
As an IT guy I hate these SOBs that do this.

----------------------------------
I am not an IT guy, and still hate them with a purple passion!

I wish our government would at some time figure that this is something that should be tackled. Of course they would just start a new division of government, with thousands of employees, and never fix it.

I did see an article once where several high up computer people stated that the Internet would be rather easy to fix so that there would be no way for anyone to hijack an account, or set up a network of unsuspecting computers. As it is now, it is way too easy for anyone to hide while they are doing harm, with little chance of getting caught, and even worse, not much in the way of punishment if they are caught as long as they have not caused massive economic damage to anyone.

I would love to see it where anyone caught knowingly causing harm to ANY computer over the internet would be sentenced to jail time, no way out.
 

·
Registered
Joined
·
3,330 Posts
My buddy had a virus that he could not get rid of so finally after a few weeks, called one of the "fix it" guys that will come to your house and get the computer back up and running. They came in, ran the disk cleanup, defraged and then downloaded Malwarebytes. Ran it and an hour later, all was good.
 

·
Registered
Joined
·
45 Posts
Another good malware removal tool is called SuperAntiSpyware. I run this after running MalwareMalbytes. Hopefully using these programs will solve your issue.

Quadrunner
 

·
Registered
Joined
·
1,080 Posts
I guess the OP's computer is dead. :confused:

No repsonse in a few days.
 

·
Premium Member
Joined
·
11 Posts
Since you run Win XP, have you tried System Restore. Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. System Restore starts. I hope this helps.
 

·
Registered
Joined
·
4,245 Posts
My bet is that the trojan malware AV left his computer in a state that disabled his current AV, and the internet is broken and it also won't let you do a windows system restore. When that happend to mine I had to use another computer to download the malwarebytes to a USB to install onto the infected computer. But It was fixable without starting all over again.
 

·
Registered
Joined
·
656 Posts
1 - 13 of 13 Posts
Top