Computer Help forum

General discussion

Fake virus scan

by oldpuckbag / March 4, 2010 7:15 PM PST

Seems I have contracted either a virus or spyware that is not allowing me to do anything on my computer unless I agree to dowmload the virus scan. It infects all of my .exe files...Help? I can't seem to get it removed. I am running vista on a homemade system.

Post a reply
Discussion is locked
You are posting a reply to: Fake virus scan
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Fake virus scan
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Checkout
by Willy / March 4, 2010 8:09 PM PST
In reply to: Fake virus scan

You offer nothing is what the malware maybe, provide what you do know as best as possible.

I suggest you visit the "spyware,virus and security" forum and check the 1st sticky, etc. and follow the guide and/or get pgms. Post queries there as more knowledgeable users visit there on this topic, that could help you. Of course, you may need to use another PC, burn those pgms. in order to use later. I suggest also, visit the McAfee website and get the "stinger" pgm. to detect common malware. Next, you can load or boot-up into "safe mode" as a precaution to help run those AV pgms. etc.. if you're online with this PC posting your message, visit an online scanner website that could help as well. Allow them to detect and remove what they find.

Beware, even if you gain some success, you maybe better served by simply wiping out your HD and reloading the system to be as safe as possible from this attack. Of course, that's up to you and the results of any malware removal.

tada -----Willy Happy

Collapse -
Malware issue
by Phil Crase / March 4, 2010 10:33 PM PST
In reply to: Fake virus scan

Download updated version of MALWAREBYTES on a CLEAN system. From clean system, send to a flash drive. Infected system, in SAFE mode, run MALWAREBYTES from flash drive, see if that doesn't do the job. Good luck!

Collapse -
Re: Fake virus scan
by Tufenuf / March 4, 2010 11:49 PM PST
In reply to: Fake virus scan

oldpuckbag, Phil is right on the money and what you picked up is probably "Antivirus Vista 2010". Follow the instructions at the link below which should get rid of it.

Automated Removal Instructions for XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010 using Malwarebytes' Anti-Malware:

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

Tufenuf

Collapse -
Fake virus scan
by rfedele / March 5, 2010 10:18 AM PST
In reply to: Fake virus scan
Collapse -
Bad news viruses
by Doh_1 / March 5, 2010 11:30 AM PST
In reply to: Fake virus scan

Well, Mr. Puckbag (or should I just call you "Old"? *smile*), if I were you I would be very careful, and would be thinking re-install after carefully scanning anything I was keeping. The kind of virus that you've gotten gets into everything, and you may think that you can get rid of it, but most times it'll just come back. And will invite its friends into your system as well. Virus writers have been improving their products by leaps and bounds, and while some viruses are removable, the one(s) that you're talking about are not worth the work to remove. Re-installing on today's hardware just doesn't take that long, and you know you're going to end up with a clean system.

-Roger

Collapse -
A solution that worked for me
by techdiver / March 5, 2010 11:34 AM PST
In reply to: Fake virus scan

Try going to a system restore point a few days before the problem appeared. Oddly, that seems to have done it all for me. An update and run of MBAM, S&D, AVG, etc. showed nothing after the restore and all has been well since.

Collapse -
Thank you
by oldpuckbag / March 5, 2010 11:34 PM PST
In reply to: Fake virus scan

Thanks for all the suggestions. I have 2 profiles set in Vista and I can get into my wifes fine and have no issues. I'm trying the MALWARE so I'll see what happens.

Old

Collapse -
Re: two profiles
by Kees Bakker / March 5, 2010 11:40 PM PST
In reply to: Thank you

That's perfect. Now go into your wife's account, make a new account for yourself, transfer your data (be careful NOT to transfer the malware) and use that new profile. It might be a good idea to delete the old profile.

Kees

Collapse -
Data transfer
by oldpuckbag / March 6, 2010 1:34 AM PST
In reply to: Re: two profiles

Kees,
Ok, what's the best way to transfer the data?

Joe

Collapse -
Re: data transfer between accounts
by Kees Bakker / March 6, 2010 3:24 AM PST
In reply to: Data transfer
Collapse -
ok thanks
by oldpuckbag / March 7, 2010 12:16 AM PST

I also found this running regedit. Anyone ever see this and can I delete? ufqyxjcr It is in C:\Documents and Settings\Joe1\Local Settings\Application Data\qrfwfv\ofsosftav.exe

Collapse -
Re: registry entry
by Kees Bakker / March 7, 2010 4:35 AM PST
In reply to: ok thanks

I should delete that line (assuming it's in the part of the registry that tells Windows to run it at boot). Then reboot and see what happens. It surely is not a regular Windows program.

Kees

Collapse -
a few more things
by porsche10x / March 7, 2010 12:28 AM PST
In reply to: Fake virus scan

There are quite a few of these fake antivirus malware examples out there. Completely eradicating them is hard. You may have a trojan which will download bad payload later on. www.eset.com offers a free online scan, and their NOD32 antivirus is superior (but not free). Still, I'd go with the already mentioned advice and do a complete wipeout and reinstall.

Collapse -
spyware or virus download screen
by wally6151 / March 7, 2010 4:48 AM PST
In reply to: Fake virus scan

Of course, don't click it, and if you can, select shut down (or power off), and restart in safe mode (pushing the correct key for your system), either F8, F5, ctrl key, etc... during re-boot, and then select SAFE MODE with networking(or just safe mode). If this gives you a normal screen without a virus nag screen, I would suggest downloading either AVG anti-virus or AVIRA anti-virus program. I think both are available from Cnet download section. If you have to, download from a separate computer. If you already have working anti-virus on this computer, the best bet is to add Spybot search and destroy, a freeware program that adds scare-ware, spy-ware, and browser Hi-jack removal/protection to your computer. This also may be on Cnet download, or on www.safernetworking.org website. My suspicion this is scare-ware, to force a worthless or dangerous purchase. This seems to be happening more often. If needed, you can burn them to a cd on another computer. The recommended settings usually work fine. You can turn on heuristics and Immunize for better detection and protection. Good luck

Collapse -
Finally
by oldpuckbag / March 7, 2010 7:29 PM PST

Thanks to everyone. Here's what I did. I deleted that line from my registry, updated my Norton Antivirus and scanned EVRYTHING possible. The scan found the same file in several different locations all of which I deleted. Rebooted and it has not come back since. I re-scanned everything to make sure.

Collapse -
Fake virus scans on the net
by THECHIFLOWS / March 14, 2010 9:17 AM PDT
In reply to: Fake virus scan

WHENEVER I VISIT A QUESTIONABLE SITE ,IT SEEMS THAT THESE FAKE VIRUS SCANS ATTACK MY P.C. ALSO . So i quickly shut down my computer .
Then upon start up i run all my security software at once . Virus scan ,Malware scan ,CC-cleaner , Wise disc and registry cleanup & even widows defender for good measure. Doing all this, keeps my computer super clean and free from all and any security threats.
And best of all it's all free here on C-Net .
Good luck

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Smartphone tip

Hoarding photos on your phone?

Those picture are hogging memory and could be slowing down your phone.