I am an IT Professional and I picked up a nasty virus today on my home PC. I would like to post how I removed it to help others who are not professionals.
I picked up the virus browsing the web with Internet Explorer. I knew I had a virus because a FAKE antivirus program started popping up on my screen. I am using Windows XP service pack 3.
Here is my fix:
(you will need a second computer and a USB memory key)
1. Reboot your computer and start it in SAFE MODE by hitting the F8 key during reboot. (If you need more explanation do a google on Safe Mode on the second computer).
2. In safe mode do a system restore to the nearest point prior to getting the virus. Start / All Program / Accessories / System Tools / System Restore (If you need more explanation do a google on System Restore on the second computer).
3. The system restore will reboot your system, press F8 during the reboot and this time start in Safe Mode with Networking.
4. On a second computer download Malwarebytes (free at ) to your USB key. Install malwarebytes on your restored computer now running in safe mode for the second time, and run the updates on malwarebytes and then scan your computer. Malwarebytes will probably need to reboot, so go ahead and reboot into standard Windows XP.
In my case the Fake Antivirus was now gone. But I still had a problem. My Google searches were being hijacked and redirected to strange pages. This was caused by a rootkit virus.
To identify the rootkit I used a free tool: Kaspersky Virus Removal Tool 2010 from this link:
I started with just scanning the Disk Boot Sectors and made this change to the options:
On the main program page, click on Security Level - Custom, then Settings, Additional tab, and make sure Rootkit Scan and Deep Scan are checked.
The program found Rootkit.Win32.TDSS.d but could not delete it. On a second computer I googled that rootkit name and found a removal tool also from Kaspersky:
It ran a small command prompt window (window with a black background and white words) and rebooted my computer and that was it.
Fake Antivirus software cleaned and Google redirect removed.
Ironically I have never use a Kaspersky product before, but I am grateful and impressed with the results I received from the tools sourced by them, mentioned above.
I will definitely check into their basic PC antivirus program as this problem slipped right past my Norton Endpoint Security antivirus I am running.
Hope this helps lot's of people.
I picked up the virus browsing the web with Internet Explorer. I knew I had a virus because a FAKE antivirus program started popping up on my screen. I am using Windows XP service pack 3.
Here is my fix:
(you will need a second computer and a USB memory key)
1. Reboot your computer and start it in SAFE MODE by hitting the F8 key during reboot. (If you need more explanation do a google on Safe Mode on the second computer).
2. In safe mode do a system restore to the nearest point prior to getting the virus. Start / All Program / Accessories / System Tools / System Restore (If you need more explanation do a google on System Restore on the second computer).
3. The system restore will reboot your system, press F8 during the reboot and this time start in Safe Mode with Networking.
4. On a second computer download Malwarebytes (free at ) to your USB key. Install malwarebytes on your restored computer now running in safe mode for the second time, and run the updates on malwarebytes and then scan your computer. Malwarebytes will probably need to reboot, so go ahead and reboot into standard Windows XP.
In my case the Fake Antivirus was now gone. But I still had a problem. My Google searches were being hijacked and redirected to strange pages. This was caused by a rootkit virus.
To identify the rootkit I used a free tool: Kaspersky Virus Removal Tool 2010 from this link:
I started with just scanning the Disk Boot Sectors and made this change to the options:
On the main program page, click on Security Level - Custom, then Settings, Additional tab, and make sure Rootkit Scan and Deep Scan are checked.
The program found Rootkit.Win32.TDSS.d but could not delete it. On a second computer I googled that rootkit name and found a removal tool also from Kaspersky:
It ran a small command prompt window (window with a black background and white words) and rebooted my computer and that was it.
Fake Antivirus software cleaned and Google redirect removed.
Ironically I have never use a Kaspersky product before, but I am grateful and impressed with the results I received from the tools sourced by them, mentioned above.
I will definitely check into their basic PC antivirus program as this problem slipped right past my Norton Endpoint Security antivirus I am running.
Hope this helps lot's of people.