Ugh.
December 2, 2011 3:24 PM Subscribe
My very new computer just got zonked with a virus that won't allow me to download anything, such as the $70 worth of Norton Anti-Virus I tried to download. Please help.
I am getting what appear to be fake Win 7 Internet Security alerts, telling me I have all manner of viruses and that I need to immediately pay for service.
All my browsers are blocked from opening. When I open one I get an alert that says the browser is compromised, but the 'Continue anyway' button does nothing at all, and anything else just leads to purchasing the 'security software.'
I was able to get Firefox to open by going through the 'check Windows firewall' function in Control Panel, but opening the program directly doesnt work.
I am a total noob, my computer knowledge is circa 1996. How do I get this shit off my computer if I can't install any anti-virus software?
I will watch the thread and answer questions as best I can.
I am getting what appear to be fake Win 7 Internet Security alerts, telling me I have all manner of viruses and that I need to immediately pay for service.
All my browsers are blocked from opening. When I open one I get an alert that says the browser is compromised, but the 'Continue anyway' button does nothing at all, and anything else just leads to purchasing the 'security software.'
I was able to get Firefox to open by going through the 'check Windows firewall' function in Control Panel, but opening the program directly doesnt work.
I am a total noob, my computer knowledge is circa 1996. How do I get this shit off my computer if I can't install any anti-virus software?
I will watch the thread and answer questions as best I can.
Best answer: I had that. This fix was a pain, but it worked. You will almost certainly need to use a second computer and flash drive in order to obtain the tools you need.
posted by treblemaker at 3:29 PM on December 2, 2011
posted by treblemaker at 3:29 PM on December 2, 2011
Best answer: If it is really new, wipe the disk and reinstall the operating system
from scratch. Or look at deezil's profile.
posted by procrastination at 3:30 PM on December 2, 2011 [3 favorites]
from scratch. Or look at deezil's profile.
posted by procrastination at 3:30 PM on December 2, 2011 [3 favorites]
i had something similar. i'll echo treblemaker in recommending bleeping computer's approach. basically you boot it in safe mode, you install a series of programs, you use one of them to turn the virus off and then you use some others to find and delete the virus.
posted by entropone at 3:32 PM on December 2, 2011
posted by entropone at 3:32 PM on December 2, 2011
Chiming in to second deezil's profile - I had nasty malware a few weeks ago and was able to get rid of it by following his advice!
posted by bahama mama at 3:33 PM on December 2, 2011
posted by bahama mama at 3:33 PM on December 2, 2011
If it's new, just reinstall windows.
posted by empath at 3:44 PM on December 2, 2011 [1 favorite]
posted by empath at 3:44 PM on December 2, 2011 [1 favorite]
Response by poster: I should have made this anonymous considering the question I'm about to ask, but it is too late, so oh well. If I bought a Dell desktop at Frys would a Windows recovery CD be something I was given?
I would like to just format and reinstall, but I am not confident that I have the disk with which to reinstall Windows. I have a Drivers and Utilities CD, but it doesn't say anything about Windows. I checked my Shoebox of Import, where vital items go, but there was no Windows recovery disk there either.
I have an active warranty as well.
posted by TheRedArmy at 3:49 PM on December 2, 2011 [1 favorite]
I would like to just format and reinstall, but I am not confident that I have the disk with which to reinstall Windows. I have a Drivers and Utilities CD, but it doesn't say anything about Windows. I checked my Shoebox of Import, where vital items go, but there was no Windows recovery disk there either.
I have an active warranty as well.
posted by TheRedArmy at 3:49 PM on December 2, 2011 [1 favorite]
TheRedArmy: "I should have made this anonymous considering the question I'm about to ask, but it is too late, so oh well. If I bought a Dell desktop at Frys would a Windows recovery CD be something I was given?"
Nope. If you have a legal copy of Windows, you can try contacting Microsoft for a CD, but you'll need the registration key for the software, which is unlikely to be written down anywhere.
The good news, if it's so new, you probably haven't lost anything vital. :)
Also agreeing with the advice to check deezil's profile. I've used his advice several times with success.
posted by SuperSquirrel at 3:57 PM on December 2, 2011
Nope. If you have a legal copy of Windows, you can try contacting Microsoft for a CD, but you'll need the registration key for the software, which is unlikely to be written down anywhere.
The good news, if it's so new, you probably haven't lost anything vital. :)
Also agreeing with the advice to check deezil's profile. I've used his advice several times with success.
posted by SuperSquirrel at 3:57 PM on December 2, 2011
I was able to kill this off mainly by crashing the program-- mashing buttons and hitting Alt-F4 (close program) managed to break it in such a way that it didn't reload.
One thing it had done, which gave me a scare, was that it had marked all (ALL!) my files as hidden, and changed my folder view so I couldn't see hidden files. Any program that you are able to download, change the name to iexplore.exe before you try to run it-- it knows the names of most of the spyware killers out there.
Ultimately I cleaned it out with an online guide like the one above, as well as MS Security Essentials (after an update) but after all that, there was still something in there that was using lots of resources to Ping other IP addresses-- and since I didn't want to be party to some bozos's Denial-of-service botnet, I reformatted (well, I had a spare Win7 license and I was running XP when this happened about 4 weeks ago, so it was long overdue).
In short, since it's a new PC, I'm going to recommend reformat. If your warranty will cover it, get someone to do it for you. If you were to pull out the drive and connect it to another machine to recover files, it probably won't infect the other machine-- it didn't in my experience.
posted by Sunburnt at 3:57 PM on December 2, 2011
One thing it had done, which gave me a scare, was that it had marked all (ALL!) my files as hidden, and changed my folder view so I couldn't see hidden files. Any program that you are able to download, change the name to iexplore.exe before you try to run it-- it knows the names of most of the spyware killers out there.
Ultimately I cleaned it out with an online guide like the one above, as well as MS Security Essentials (after an update) but after all that, there was still something in there that was using lots of resources to Ping other IP addresses-- and since I didn't want to be party to some bozos's Denial-of-service botnet, I reformatted (well, I had a spare Win7 license and I was running XP when this happened about 4 weeks ago, so it was long overdue).
In short, since it's a new PC, I'm going to recommend reformat. If your warranty will cover it, get someone to do it for you. If you were to pull out the drive and connect it to another machine to recover files, it probably won't infect the other machine-- it didn't in my experience.
posted by Sunburnt at 3:57 PM on December 2, 2011
Not sure what you actually got but the disk that came with my Dell says this.
Operating System already installed on your computer.
It calls itself a reinstallation DVD. I wouldn't format.
posted by Max Power at 4:00 PM on December 2, 2011
Operating System already installed on your computer.
It calls itself a reinstallation DVD. I wouldn't format.
posted by Max Power at 4:00 PM on December 2, 2011
Response by poster: Yeah, that's what the Fry's guy said too. Sooo I will try the fixes. Thanks for the help guys. If it works I will post here---if not, no one will ever hear from me again I guess.
posted by TheRedArmy at 4:08 PM on December 2, 2011
posted by TheRedArmy at 4:08 PM on December 2, 2011
Boot into safe mode by tapping f8 right after you start the computer. After it boots, hit START and type "system restore" where it says "search programs and files". Click on System Restore and when it opens, choose a restore point from before you started having problems. Let it do its thing and you should be good to go when it's done.
posted by PSB at 5:27 PM on December 2, 2011
posted by PSB at 5:27 PM on December 2, 2011
Best answer: You probably have a recovery partition instead of a system restore cd. This link explains how to use a Dell recovery partition to format and reinstall.
posted by amarynth at 5:35 PM on December 2, 2011 [2 favorites]
posted by amarynth at 5:35 PM on December 2, 2011 [2 favorites]
Whoops, sorry, i think you would want step 2 from my link above- the one that says "PC Restore".
posted by amarynth at 5:38 PM on December 2, 2011
posted by amarynth at 5:38 PM on December 2, 2011
I had something very similar to this a few years ago, and managed to kill it without having to reformat. Here's the AskMe thread I posted; detailed solutions are towards the bottom. Good luck!
posted by Rhaomi at 6:02 PM on December 2, 2011
posted by Rhaomi at 6:02 PM on December 2, 2011
Response by poster: Well, my computer seems to be clear of viruses now though I'm not clear on why!
I tried treblemaker's solution---my computer refused to recognize any of the rkill variants.
Then I went through deezil's stuff, and none of it really went as described. Rkill found only one thing and Smitfraud crashed my desktop. My McAfee (trial version i think?) then started popping up saying it encountered and removed a threat, but I think it was just encountering and removing the exe's from deezil I was trying to put on the desktop.
So I have no idea what happened, but now the symptoms are gone and after scanning with several of the applications I got from deezil's page no viruses seem to be on my computer.
Who knows. Thanks for all your help, apparently one of the things suggested worked. Crawling back in my noob hole now.
posted by TheRedArmy at 7:04 PM on December 2, 2011
I tried treblemaker's solution---my computer refused to recognize any of the rkill variants.
Then I went through deezil's stuff, and none of it really went as described. Rkill found only one thing and Smitfraud crashed my desktop. My McAfee (trial version i think?) then started popping up saying it encountered and removed a threat, but I think it was just encountering and removing the exe's from deezil I was trying to put on the desktop.
So I have no idea what happened, but now the symptoms are gone and after scanning with several of the applications I got from deezil's page no viruses seem to be on my computer.
Who knows. Thanks for all your help, apparently one of the things suggested worked. Crawling back in my noob hole now.
posted by TheRedArmy at 7:04 PM on December 2, 2011
This thread is closed to new comments.
posted by TheRedArmy at 3:27 PM on December 2, 2011