Jump to content

fake antivirus can't get off

Recommended Posts

we have acquired the fake antivirus on our home PC and I am having difficulty getting it off.

We run McAfee and it didn't find anything. I know Malwarebytes is good, so I downloaded it but it won't run because it says all *.exe files are infected.

I booted into safe mode and ran malwarebytes. It found the infection and removed it. I rebooted the PC and the virus is still there.

I read your forum and it said to download process explorer to try and kill the process. Task manager won't start because of the virus. When I attempt to start the process explorer I get the same problem .. I can get a quick pop up and see the Process Explorer screen, but then it is killed and the anti-virus message is there.

I have exhausted my knowledge, so I am here for help. I have downloaded hijackthis and have it ready to run if you recommend it.


Link to post
Share on other sites

thank you for the help. I rebooted the PC again (10+) so I could run the hijackthis .... and the virus appears to be gone. I ran it and have the log, but now it won't connect to the internet through IE. I know the internet connection is working because I can start up Outlook and it receives and sends emails.

I have the hijackthis log on a thumb drive ... but my other PC won't recognize it as a removalable drive .... not having a good night.

IE had the message it couldn't connect to the internet ... then I noticed a PCTOOLS tool bar.... don't remember that from before. I changed the option so it doesn't show that toolbar and now IE just says it is trying to connect to

I will find a PC in the morning to copy/paste the hijackthis log to this forum.

if you have any clues on the IE ... would love them. I have rebooted several times ... no luck.

Link to post
Share on other sites

the scan came back clean. I have not seen the virus again ... but still can't get IE to get to the internet... any ideas what could be blocking it? I was thinking one of the virus scan products has it firewall blocked. I turned off McAfee firewall, but it still couldn't get out.

Malwarebytes' Anti-Malware 1.46


Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

10/20/2010 12:46:28 PM

mbam-log-2010-10-20 (12-46-28).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 217428

Time elapsed: 3 hour(s), 18 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

OK. Try this instead.

This file will fit on your thumb drive.


Get a copy of winsockxpfix.exe, save it to the thumb drive and copy it to the infected computer.

You just run it by double clicking on the downloaded file after you copy it to the non-working computer.

Things should work OK after it reboots your system.

Link to post
Share on other sites

I have fixed it. somewhere during all the scans and reboots ... something changed all of the IE connection settings and it was pointing to a very strange IP address and a port I had never heard of.

I corrected the poxey settings and everything is working again.

Thank you for all your help!!

Link to post
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.