help! computer virus...

called Total Security has locked down computer! I can't get to control panel, windows update, no spyware will run. Dozens of windows pop up trying to make me subscribe but I never click on them. Symantec, f secure, none of those can be downloaded to scan or remove it. It lets them download 99% then locks up. Can't get to system restore or system tools. This thing is really the devil!

All you can do now, is dump everything and start over ... it's a tough world,,,

Someone over on yahoo-answers had this experience. Your milage may vary. Buyer beware.

I too had a major problem with this virus on Sat., Aug. 15, 2009. I thought this crap was a thing of the past. I'm positive I didn't hit a "yes" or go to any bad website, so it must have someone put itself on in stealth mode.

I too, could do nothing. Opening "Windows Task Manager" didn't work. opening "add/remove programs" function didn't work. Tried to go DOS screen (cmd function); didn't work. It even made my "safe mode," when I activiated it upon reboot; crash the computer - never had that happen before. I was trying to get into safe mode so I could run Norton, but I was precluded from doing even that. It also always tried to run a "scan" which it would then make it look your computer is really infected, etc., in an effort to get you to buy it.

Every time I rebooted my computer, it would look normal for about 1 minute. Then, it would change my background to some graffiti BS that says something like "you, everyone you know, etc. can see what you've done..." Real amateurish. It would also keep popping up balloons literally every 5 seconds trying to get you download this evil program.

I finally found out how to defeat it. I don't know if it is still on my computer or not, but at least I got it to stop loading. In the first 30-60 seconds after you get your main screen (your regular background) and all of your icons up (which is the "BEFORE" time before this program takes over), your Windows Task Manager WILL open. Open it and click on the "processes" tab and watch it like a hawk. This program will, suddenly, appear as file "13401774.exe." Delete it immediately once you see it. (Right click your mouse, and hit "end process.") It loads very fast so you have to be quick.

I also had the luxury of downloading Norton's new Beta Norton Antivirus 10, so I ran that as well. I was a past subscriber but I'm broke right now (recession) so I was glad to get this program, even if for a limited time, and I scanned my entire computer and deleted everything it found.

Can't tell if it's gone but my computer is running mostly normal now and no problems

Hope this helps.

Edward

Start the computer in safe mode and then run
your virus protection program.

Press F8 as soon as you turn it on and wait for
the option screen

Hi 2x4,

Reformatt your hard drive but your going too loose every thing on it.

If you try too save anything, you'll most likely will transfer the virus with that saved info.

What version of Windows?

T_Bone

The hard drive needs to be slaved to another computer, which can then clean the drive up. Just finished doing that yesterday.

try posting your questions on newbies.ws forum. they have experience with problems and are very helpful. no cost also. you need to come up in safe mode to run your anti-spyware programs and will probably need to run more than one. spybot search and detroy is good, malwarebytes is good, superantispyware is good also, all have free versions that work.

frank

Since you are able to get onto the Internet, your system is still somwhat functional. Before going the reformat route, try this.

First, copy any files you can't afford to lose to a flash drive in case you kill your operating system in a cleanup attempt.

Get on someone else's computer (neighbor, library, etc) and download the install file for malwarebytes and save it to a flash drive or burn it to a CD. Also download a program called ComboFix and get a copy of it on the removable media.

Assuming you can boot into Windows and run a program, you can copy malwarebytes from the flashdrive or cd to the hard drive, preferably after booting in safe mode (F8 during boot). If you can install from the flash drive, then so much the better. Then run it once installed.

If some bugginess remains after a cleaning and reboot, copy Combofix to the Windows desktop and run it from there, not from the flashdrive. It's not very user friendly, but has helped me in the past. Don't worry if it says there is a restore function missing in your windows setup and therefore it may miss a serious threat - it'll still find a lot anyway. Use combofix at your own risk as it is up to you to decide if what it finds needs corrected or not.

There are also the possibilities of booting using a Windows boot disk created on another computer or a linux boot from a flash drive. All depend on your expertise, computer comfort level, and willingness to manually search for and delete registry entries, programs starting at boot, etc.

Worst case is you don't fix the problem or screw up your Windows install trying to fix things and you end up doing a reformat after all.
ComboFix

Like someone said previously, Yahoo Answers has a lot of traffic on how to get rid of it.

I removed Total Security from a computer yesterday with Malwarebytes Anti Malware. I downloaded it to a thumb drive and installed it and ran it in the safe mode. When you start the program in the safe mode be sure to uncheck the update feature. You may have to run it several times to remove it completely. If you are successful turn system restore off and the back on so it won't come back. You may have run msconfig and uncheck Total Security in the startup menu to get rid of the toolbar icon.

if you have any anti virus software running try running it in safe mode. you can access Windows in safe mode. when computer start hold the F8 key down, when the boot menu shows choose safe mode.

it will not allow me to start in safe mode or any mode other than "start normally"

Windows XP

tried to download all those anti-spies you mention & several more, blocks them all by allowing 99% download, then locking it up. Will not allow me to open in safe mode. Blocks all modes except "open normally"

never heard of a thumb drive. Computer will NOT start in safe mode or any other mode except "start normally". Also never saw an update feature anywhere or any boxes to uncheck.

2x4, I hope you get it straightened out. You will always have problems as long as you run windows (in any form), it is very susceptible to viruses and problems. There are much safer alternatives like Mac and Linux out there, Mac is expensive and Linux is free. If you end up reformatting, the HD, at least consider linux. Good luck

You need to get a copy of the malwarebytes installer onto your windows desktop, assuming you can run anything at all on the system.

Like mentioned previously, get a copy of malwarebytes onto some media, downloaded from another computer. If you can download files (doing a save - not run) from the internet directly from your computer, then that will work even better. One change though, rename the mbam-setup download to another name when doing the save in case the malware is looking for it and stopping execution. Maybe call it "killer" so you know what it is when you see it.

Copy or save this file to your windows desktop and see if the malware will let it install with the new name.

Assuming your system is not too screwed up to navigate folders, then change the name of the installed mbam program by going to My Computer, open the C: drive, open the Programs folder, then the malwarebytes" anti-malware folder. Find the file called mbam, right click on it, rename it killer. Then try to run it. (changing the name will not prevent it from running - the malware or system issues might)

Also - the problem you are having is malware, not a virus. So any office documents, picture or music files should not be a problem for another computer if you are able to save them to another media.

A "thumb drive" is just another name for a flash drive, a USB drive, etc.

Clarification.

When I say run the newly renamed mbam file (you renamed it killer), you will have to double click the killer file icon. If you try to use the desktop shortcut for mbam that was put there as part of the install, it will not run as what it is looking for has been renamed by you.

I have to clean up someone's screwed up laptop at least once a month and each one is different, even when it may be the same bug. Seems like this is becoming more of an art that a science.

have someone else download malwarebytes and save it on a CD for you (since you do not have a flash drive/thumb drive/usb drive). After you install it you may have to rename the .EXE file to something other than mbam.exe I like bob.exe this may allow malwarebytes to run. you may have to browse to the malwarebytes folder and double click on bob.exe as the shortcut on your desktop will not work after you rename mbam.exe. There are a lot of details I've left out in order to keep this post smaller that a novel. I have assumed you have some knowledege of the windows file system and how desktop shortcuts work.

Some of these viri can be difficult to remove.

do you have antispyware already installed? if you do and it won't run try renaming the .exe file for your antispyware to something like bob.exe you can determine the .exe location by right clicking on the icon and select properties. The target line should tell you the location and name of the .exe the shortcut points to. many of these infections keep known antispyware programs from running based on the filename so if you rename it to something other than the original name many times the program will run.

Hi 2x4,

While using my on-line banking, I was redirected too another similar sounding website that was not my bank. Windows firewall caught the redirect.

From my Banks senior security adviser, trojans are fairly easy to remove but most virus can be never removed unless you reformat.

XP & Vista I reformat, period. It takes less time and is the only 100% way of removing all unwanted material.

$400 will buy a new Toshiba laptop. They provide a boot/recover disc that takes me 4hrs (with all my additional software) to reload to square one and a perfectly clean OEM system. Very little user input is required.

Best thing since sliced bread.

I have three Toshiba laptops. 28" LCD, wireless keyboard & mouse, off-line external hard drive back-up, thumb drive for critical file back-up. Critical files are never loaded on to my main puter.

One older XP that has thousands of trouble free hours and 7yrs old. It's now shot.
One Vista that is 3yrs old that's my back-up laptop and is just like my main laptop configuration. Works just fine.
One Vista that is 1yr old and is my main laptop.

Once every 7mths or so, I get a trojan or just a bad configuration and reformat with the recover disc.

Mean while I use my back-up puter.

I'll never ever go back too desk top units.

T_Bone

maybe I whipped it temporarily, at least. When the blue screen first comes on to start Windows, Press F8 button & select with arrow buttons "Safe Mode with networking". Nothing else will open without the malware. Then do "system restore". I set it back to Sept. 1st since the problem only showed itself yesterday. And that worked. Still can't download Malabytes or Spybot tho so something is still in there blocking. They both download 99% with 1 sec left, then lock up.

tried to re-name it but that didn't work. Still downloaded 99% then locked up.

the rename will not work during the download it is used after the install is run and then only if the infection prevents the program from running.

I got it Wed. the 16th the company sent my computer to our computer duds and the repaired it and saved all my data which was the most important thing.
I was cleaning out my spam and seen an email I thought was from one of our vendors and opened the attachment things started going down hill pretty fast I noticed that the script in my MSN turned red too I was totaly locked out also.

I found this while researching total security:http://www.pctools.com/spyware-doctor/
I have not tried it but it looks like it might work. I think it is a trail version, after you have it so long you have to pay for it, so use it right after you install it. I hope this works for you and you and you get rid of it.

frank

that was the only program that I could get to download; all the rest locked up at 99%. Ran the program & found the problem but didn't tackle it right then. Was tired & went to bed. Next morning the malware had locked me out of all spyware doctor programs I had downloaded the night before! That stuff is evil!

Download Linux live CD and run a virus scan of your hard drive. You should backup important files at that time to.

Try booting from a Windows CD, Windows 98 or newer. I find that 98 works the best because can get to Repair from it the fastest. The trick though is to know what files this thing has glommed onto first. I'm guessing Windows and System32 at least. If you know the name of it, do a search of/for it against My Computer. You won't be able to delete it through Windows or the Command Prompt because the Command Prompt has long since been included as part of Windows. Once you've identified it, you can boot from a Windows CD before starting up Windows and select Repair. When it asks you what Volume to Repair, select the C Drive, and will no doubt switch you over to the C Drive in DOS, before Windows fires. You're going to have to know something about DOS prompts and changing between directories, like: C>CD/Windows or C>CD Windows, and then do a list of directories once there like: Dir, or Dir/w, or Dir p, etc to list the files within specific directories...and search for the specific files that need to be deleted, using for instance: Delete*.* (file being deleted). You string might look like: C:/Windows>Delete*.* xxxx.exe where xxxx=the file being deleted. Next step might look like: C:Windows/System32>Delete*.* xxxxx.exe again where xxxx = file being deleted. The bottom line is that you need to delete these files in ALL directories where they exist, and you need to do it from DOS before Windows loads. You won't be able to get to DOS except by booting from a Windows CD, and Microsoft made it a whole lot harder to get there from Windows XP, and I've never tried it from a Windows Vista CD. Again, using Windows 98 works great. Using the Command Prompt once Windows actually boots is worthless. You need to get to DOS before Windows boots up, or you're done.

Good luck.

Mark

...if you do actually decide to Reload Windows on you PC instead of repairing it, make sure to record what all of your drivers are under computer hardware are before you do, because those drivers are provided by the various hardware manufacturers...not Microsoft, and after you Reload Windows, you'll have to go get those drivers from the manufacturers specific to the version of Windows you're running or stuff aint going to work correctly. Maybe you got a package deal from ??? like Best Buy, Comp USA, etc that came with a System Restore CD where your version of Windows is incorporated within that System Restore CD to re-image your computer? Compaq used to be good for that, as is HP. Some, IBM were not. And if you do have to go to the manufacturer to pull the individual drivers, sometimes they have to be loaded onto you machine in specific order or drivers don't always load correctly. HP was good for that with Chipsets and stuff. Load them out of order and stuff may not operate correctly as well. For those reasons, instead of reloading Windows from scratch, I prefer to boot from Windows and Repair from DOS after I've identified the bad files to blow away. Is a hassle, but less of a hassle.

Good luck again.

Mark