False Positive?

[JetpackAngel]

I'm not sure if this qualifies as a false positive but I don't know what else to do, since my only other option is to pay GeekSquad $150 USD to help. I'm under attack by what has to be the most aggressive anti-virus advertisement known to mankind, and in addition to constant "Your computer is under attack / Windows security says you're infected / You need better virus protection! / Would you like to run this anti-virus?" dialogue boxes (and ads for Viagra and porn in Internet Explorer), it locks out my programs so that trying to open anything does nothing but bring up a "Cannot open program.exe, it is infected. Would you like to run your anti-virus software now?" and it insta-kills the program. I can't even open freaking NOTEPAD (and thus, I can't post a log file like this forum wants me to, sorry). I do have the option for a 'free thirty-day trial' of this so-called 'essential' antivirus, but I figure that giving them my credit card number just to try to get it and then kill it that way would just be shooting myself in the foot.

I'm only online because of my always-connected cable, and because I figured out that this virus is a program all its own, in that it takes time to get itself running whenever I turn on my computer, so that leaves me a small window of time to open Firefox and try to run various, TRUSTED antivirus and anti-malware programs. Last time I restarted, I managed to re-download MalBytes and a few other free virus scanners that I saw recommended on popular online forums, but at this point the virus has locked down the launchers so I'll have to try those on my next reboot.

I did manage to run Malbytes; I couldn't download any updates but I re-downloaded the whole program from the site. After scanning my computer for an hour and a half, it didn't detect anything infected, and I've lost count of how many virus-prompted dialogue boxes I've killed in the meantime. One would think that would qualify as a false positive, since Malbytes falsely reported my computer to be virus- and/or malware-free.

I figured, if there's anybody who could help me kill this thing WITHOUT a system restore or reformatting my computer (I would lose everything, including the latest version of my manuscript as well as numerous other projects I've been working on), it would be the people who hang out on an anti-malware forum. So... can you help me?

[b18c5]

I had that nasty virus on a friends laptop, What i used to take it out is a program call ComboFix. Afterwards i used Malwarebyes to take out the remaining malwares n used avast to take out the viurses

[miekiemoes]

Hi,

This is no false positive..

It looks like you're dealing with this variant:

http://forums.malwarebytes.org/index.php?s...st&p=193288

(see instructions how to run malwarebytes in this case)

It hijacks the exe file association. Malwarebytes does remove this one, but you need to update before you run the scan.

[JetpackAngel]

Hi,

This is no false positive..

It looks like you're dealing with this variant:

http://forums.malwarebytes.org/index.php?s...st&p=193288

(see instructions how to run malwarebytes in this case)

It hijacks the exe file association. Malwarebytes does remove this one, but you need to update before you run the scan.

Okay, I'll have to try this on my next reboot. Apparently I got a little too creative on this go-around trying to put the anti-virus program launchers in my Startup menu to save time (Windows XP), and I've lost my Windows Explorer so when I do reboot, it'll have to be a hard one. Hopefully I'll have enough time for Malbytes to download the updates before the frakking [insert expletive here] kicks in. I bookmarked the thread you linked me to, as well as this one. Fingers crossed!

[JetpackAngel]

I had that nasty virus on a friends laptop, What i used to take it out is a program call ComboFix. Afterwards i used Malwarebyes to take out the remaining malwares n used avast to take out the viurses

ComboFix and Avast, I'll add that to my list of stuff to download. I'm going to have so many anti-virus programs when this is over... which I suppose isn't a bad thing.

[miekiemoes]

If you need help with malware removal..

Scan and post logs - read note at bottom

If you're having Malware related issues with your computer that you're unable to resolve.

1. Please read and follow the instructions provided here: I'm infected - What do I do now?
   
2. If needed please post your logs in a NEW topic here: Malware Removal - HijackThis Logs
   
3. When posting logs please do not use any Quote, Code, or other tags. Please copy/paste directly into your post and do not attach files unless requested.
   

• Please do not post any logs in the General forum. We do not work on any logs posted in the General forum.
  
• Please do not install any software or use any removal/scanning tool except for those you're requested to run by the Helper that will assist you.
  
• Using these other tools often makes the cleanup task more difficult and time consuming.
  
• If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  
• Do not assume you're clean because you don't see something in the logs. Please wait until the person assisting you provides feedback.
  
• There are often many others that require asistance as well, so please be patient. If no one has responded within 48 hours then please go ahead and post a request for review
  

In case HijackThis won't run, rename it to HijackThis.com or firefox.com or svchost.com

(this method can be used for most infections where malware is blocking tools from running..)

[JetpackAngel]

Okay, problem. I got my MalwareBytes to download the updates. Decided that if the .exe was hijacked then I should run it with the .com, so I made a copy of mbam-setup.exe and copied it to the desktop and renamed it mbam-setup.com like the thread said, but when it was installing I got a "DeleteFile failed; code 5. Access denied." It had a problem with mbam.dll and is asking Abort, Retry, Ignore. Your educated guess before I proceed?

[miekiemoes]

Was this when installing or uninstalling malwarebytes?

Looks like malwarebytes was already installed here. What happens if you launch the mbam.exe present in the C:\Program files\malwarebytes' anti-malware folder?

Anyway, it may be better that you read my previous post and start a new thread with a HijackThis log, this so we can have a better view of what malware is present there.

[JetpackAngel]

Was this when installing or uninstalling malwarebytes?

Looks like malwarebytes was already installed here. What happens if you launch the mbam.exe present in the C:\Program files\malwarebytes' anti-malware folder?

Anyway, it may be better that you read my previous post and start a new thread with a HijackThis log, this so we can have a better view of what malware is present there.

Never uninstalled the .exe, which was probably the reason it freaked out. *facepalm* But that may be irrelevant now!

New thread as requested: http://forums.malwarebytes.org/index.php?showtopic=41300