fake antivirus can't get off

[lmarzik]

we have acquired the fake antivirus on our home PC and I am having difficulty getting it off.

We run McAfee and it didn't find anything. I know Malwarebytes is good, so I downloaded it but it won't run because it says all *.exe files are infected.

I booted into safe mode and ran malwarebytes. It found the infection and removed it. I rebooted the PC and the virus is still there.

I read your forum and it said to download process explorer to try and kill the process. Task manager won't start because of the virus. When I attempt to start the process explorer I get the same problem .. I can get a quick pop up and see the Process Explorer screen, but then it is killed and the anti-virus message is there.

I have exhausted my knowledge, so I am here for help. I have downloaded hijackthis and have it ready to run if you recommend it.

Thanks

[LDTate]

Please don't attach the scans / logs, use "copy/paste".

Post the HijackThis log.

[lmarzik]

thank you for the help. I rebooted the PC again (10+) so I could run the hijackthis .... and the virus appears to be gone. I ran it and have the log, but now it won't connect to the internet through IE. I know the internet connection is working because I can start up Outlook and it receives and sends emails.

I have the hijackthis log on a thumb drive ... but my other PC won't recognize it as a removalable drive .... not having a good night.

IE had the message it couldn't connect to the internet ... then I noticed a PCTOOLS tool bar.... don't remember that from before. I changed the option so it doesn't show that toolbar and now IE just says it is trying to connect to 127.0.0.1

I will find a PC in the morning to copy/paste the hijackthis log to this forum.

if you have any clues on the IE ... would love them. I have rebooted several times ... no luck.

[LDTate]

Can you run MBAM in Normal Mode and post the results?

[lmarzik]

the scan came back clean. I have not seen the virus again ... but still can't get IE to get to the internet... any ideas what could be blocking it? I was thinking one of the virus scan products has it firewall blocked. I turned off McAfee firewall, but it still couldn't get out.

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

10/20/2010 12:46:28 PM

mbam-log-2010-10-20 (12-46-28).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 217428

Time elapsed: 3 hour(s), 18 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[LDTate]

OK. Try this instead.

This file will fit on your thumb drive.

http://www.snapfiles.com/get/winsockxpfix.html

Get a copy of winsockxpfix.exe, save it to the thumb drive and copy it to the infected computer.

You just run it by double clicking on the downloaded file after you copy it to the non-working computer.

Things should work OK after it reboots your system.

[lmarzik]

I have fixed it. somewhere during all the scans and reboots ... something changed all of the IE connection settings and it was pointing to a very strange IP address and a port I had never heard of.

I corrected the poxey settings and everything is working again.

Thank you for all your help!!

[LDTate]

You're more than welcome.

Glad we were able to help

Peace be with you

[LDTate]

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.