There is a weasely program out there called Malware Defense. . However this program does not defend your computer from malware, it is in fact malware.

Avoid it like the plague.

You may be saying, "but Sir Chonas, I thought you were a tech savvy wizard too knowledgeable about viruses for this sort of mishap," well friends I'm here to say this Malware defense is one sick sumvaitch.

A. A prompt exactly like a standard window's security prompt comes up and says "___ has detected ____, keep blocking, allow, or cancel." I normally hit "keep blocking," but the option was greyed out so I hit cancel.

B. The statusbar icon for this malicious malware is the exact same as windows security station but a few shades darker ie it is blue green yellow and orangish and goes right next to the windows security icon.

C. It opens inet explorer and corrupts all your files and requires a reformat, and blocks all virus removal programs.

In summary, if you get any prompts from "windows" that don't allow you to keep blocking malicious programs, make sure you CLICK THE RED X IN THE CORNER OR SUFFER DIRE CONSEQUENCES.

Will now go back to my 5th day without shroud farming/crying.

OUCH!

Good luck cleansing your computer, and hope to see you back in game soon...

Barumar

This is a nasty little program. It rides in on one of several trojens. At least some instances seem to be tied back to infected javascript ads on legit websites.

It will effectively disable many major AV and Anti spyway programs, knows to fight back against many of the tools designed to remove it, and does a great job of looking like a MS Windows message. It can also take out your ability to use windows restore points to forceably uninstall it.

Java on websites is the new vulnerability. You can now receive trojens without doing anything wrong.

Here is one article on the virus that includes manual removal instructions: (you may have to enter safe mode to follow them and the last instruction the list is just a sales pitch, but he first parts should remove the virus)

http://www.pc1news.com/news/1126/malware-defense.html

Failing that working, yup, its reformat time...

The problem with this particular little bugger is that you don't realize how serious it is until you try and reboot your computer in safe mode and it locks it up. Try to reboot normally, locks up. Try to reboot from cd, locks up.

The good news is a computer technician can easily remedy it in 2-4 hours (not including reformat/reinstallation of every effing program) le sigh.

Sounds liek it's the next reincarnation of the winantivirus scareware/scumware.

Winantivirus went through several modifications and was a beyotch to remove. It functioned similarly in that it told you that you were infected and you could block/clean etc but never really did anything. I can't count the number of systems that were brought to me that were infected with this and many of them required a format due to the damage caused and sheer number of files infected.

This is a common tactic among hackers. Fortunately, it is easily defeated if you know about it.

A dialog box looking exactly like a Windows dialog box pop up, to tell you there are malwares on your computer. It proposes you to install a tool to remove them. It's bluff, there is no malware on your system. Not yet, because the tool IS malware.

Fortunately, those pop up are part of web sites. So even though they look like Windows dialog box, you can easily tell if they're fake by
1. Checking the title of the dialog box : if it has the name of your browser in it, it is part of the site, and not an actual Windows message.
2. Minimizing the window of the browser : if it makes the dialog box goes away, it is part of the site.

Also, Windows and antivirus will never, ever ask you to download something to get rid of malware, except their regular updates.

By the way, always make sure your antivirus, firewall, anti spyware and operating system are up to date. Most people can't be bothered with them : this is a mistake. Computer security companies work to release update against viruses hours after the virus is first detected. Delaying updates is a great way to get infected.

Additionally, if you did not install those programs, make sure you know their name. UIt's a good way to know where a message is coming from.

There is a weasely program out there called Malware Defense. . However this program does not defend your computer from malware, it is in fact malware.

Avoid it like the plague.

You may be saying, "but Sir Chonas, I thought you were a tech savvy wizard too knowledgeable about viruses for this sort of mishap," well friends I'm here to say this Malware defense is one sick sumvaitch.

A. A prompt exactly like a standard window's security prompt comes up and says "___ has detected ____, keep blocking, allow, or cancel." I normally hit "keep blocking," but the option was greyed out so I hit cancel.

B. The statusbar icon for this malicious malware is the exact same as windows security station but a few shades darker ie it is blue green yellow and orangish and goes right next to the windows security icon.

C. It opens inet explorer and corrupts all your files and requires a reformat, and blocks all virus removal programs.

In summary, if you get any prompts from "windows" that don't allow you to keep blocking malicious programs, make sure you CLICK THE RED X IN THE CORNER OR SUFFER DIRE CONSEQUENCES.

Will now go back to my 5th day without shroud farming/crying.

Heh, I personally highly recommend using Avira Antivir and Spybot Search & Destroy. Be careful with spybot though. It has a virus lookalike out there.

Sounds liek it's the next reincarnation of the winantivirus scareware/scumware.

Winantivirus went through several modifications and was a beyotch to remove. It functioned similarly in that it told you that you were infected and you could block/clean etc but never really did anything. I can't count the number of systems that were brought to me that were infected with this and many of them required a format due to the damage caused and sheer number of files infected.

I got an easy way to tell such malware ads. They try to look like a windows system message, but they usually look like ones from XP. I'm not using XP.

http://www.safer-networking.org is the legit place for spybot
http://www.malwarebytes.org/ quite good for removing spyware

Currently recommend Microsoft Essentials for antivirus/spyware for the relatives I support. No confusing popup ads to install a pay version or anything else like that. It also auto updates without user intervention. Fairly good as far as resources are concerned.

http://stayoff.russian.pornsites

Well, one good side effect of this... it's kept me employed for the last couple weeks. Getting a bit tired of reformatting computers, though. :mad:

Failing that working, yup, its reformat time...

Make sure to boot into a clean environment from a boot disk and wipe the master boot record too, some viruses/root kits hide there.

http://stayoff.russian.pornsites

But how else will I learn the Russian language?

I remember my first desktop. It got killed by a virus that was equally nasty. The virus slipped through Norton Antivirus (never trusted it since). The freaking bug would restart the computer if I did any of the following:

*start windows update
*start the computer in safe mode
*try to run an antivirus
*try to run an antivirus
*start up my internet (was on dialup then)
*had the computer on for fifteen minutes
*double clicked on the My Computer icon

When I had a profesional take a look, he too recommended replacing the computer. Beyond that virus, it had something like 3000+ other viruses that Norton had allowed through. And I was paying Norton the 40 dollars a freaking month to get updates.

Malware Defense shuts down/inactivates Spybot S&D so that it can't run. I didn't find out about malwarebytes until I was in the "solution to a problem," rather than prevention phase, and AdAware only fixes advertisement related viruses.

This one didn't restart my computer when I did those things, it did however only allow the computer to run if the internet connection was provided. Would lock up after at most 5 minutes of usage. Wouldn't allow virus scans.

By lock-up I mean no ctrl-alt-del, taskmgr, or computer on/off button. I'm talking about the pull the plug/hit the on-off surge protector switch kind of lockup.

Problem should be resolved now, lets cross our fingers shall we?

As long as the subject of antivirus is being discussed, I've been impressed with Kaspersky's antivirus. In my limited experience, it seems more secure than Norton and McAfee, and their online scan has found things that neither of those two found.

Malwarebytes anti-Malware

download this run it and will solve your problems, I had same issue on one of my computers and this took care of it 100%, only take 3 min and all be gone,

Just saw this post and figured i would help yah as I had same issue a while ago

Ya know those emails ya get from the Nigerians who say someone died with 50 million dollars in the bank and they need your help to withdraw the funds?







Yeah?



You've seen those?











Those are fake too.

There is a weasely program out there called Malware Defense. . However this program does not defend your computer from malware, it is in fact malware.

Avoid it like the plague.

You may be saying, "but Sir Chonas, I thought you were a tech savvy wizard too knowledgeable about viruses for this sort of mishap," well friends I'm here to say this Malware defense is one sick sumvaitch.

A. A prompt exactly like a standard window's security prompt comes up and says "___ has detected ____, keep blocking, allow, or cancel." I normally hit "keep blocking," but the option was greyed out so I hit cancel.

B. The statusbar icon for this malicious malware is the exact same as windows security station but a few shades darker ie it is blue green yellow and orangish and goes right next to the windows security icon.

C. It opens inet explorer and corrupts all your files and requires a reformat, and blocks all virus removal programs.

In summary, if you get any prompts from "windows" that don't allow you to keep blocking malicious programs, make sure you CLICK THE RED X IN THE CORNER OR SUFFER DIRE CONSEQUENCES.

Will now go back to my 5th day without shroud farming/crying.

reformat not required.

I got this twice in a 3 day period both times did a normal reboot,shut off process before it could start(cntrl+alt+delete keys,stop unknown processes),then ran malware bytes anti malware and followed the steps provided by a website that told me exactly how to remove and which processes to remove from my root registry.removed all the registry entries and have not had any problems since.

For a simple fix find the name of the process or the name of the program,google it and find the website that has a program list to delete,and steps on how to stop the process then get malwarebytes running.malwarebytes was free btw and for those of you looking to spend 300 dollars for something an uneducated hack could do(me) I would suggest you google it first,usually the page has some posts at the bottom explaining in further detail what to do for certain situations.

reformatting might not be required, but it is worth it imo (who knows what damage has been done)

Active@KillDisk is a great program to boot from DOS, will wipe EVERYTHING from the hard drive

I've had a few times when I had to clean install my OS. In fact, I got two different OS install disks. One for the one I use, and another for a different OS I use just for when I need to clean install due to virus or corrupted files.

Guys, guys....the answer is simple here: Don't use Internet Explorer.

Firefox with popup blocker enabled and you'll never see this kind of stuff. IE is bad.

I have no idea why anyone still uses IE in this day and age...

Guys, guys....the answer is simple here: Don't use Internet Explorer.

Firefox with popup blocker enabled and you'll never see this kind of stuff. IE is bad.

I have no idea why anyone still uses IE in this day and age...

Because Microsoft claims it's so dang perfect, and it's bundled with Windows. In fact it's a core component of Windows.

oooo, I think someone got burned by a nigerian.....

Sorry for your loss.

http://stayoff.russian.pornsites

:D


Comrades, lets use Chrome instead, it's really fast.

Ya know those emails ya get from the Nigerians who say someone died with 50 million dollars in the bank and they need your help to withdraw the funds?

My favorite is the Nigerian 'Astronaught' (sic) trapped in the space station and owed millions in overtime.....


Guys, guys....the answer is simple here: Don't use Internet Explorer.

Firefox with popup blocker enabled and you'll never see this kind of stuff. IE is bad.

I have no idea why anyone still uses IE in this day and age...

This is not 100% true.

FF will not protect you against much except IE vunerabilities, but FF has its own expolits and vunerabilities. Most 'drive-by downloads' will work in both IE and FF.

It is similar to the impression MAC OS is 'safer' than Windows, when it is just much less popular, not more secure, and so less of a target (to the average 'Warhol' virus writer).

Guys, guys....the answer is simple here: Don't use Internet Explorer.

Firefox with popup blocker enabled and you'll never see this kind of stuff. IE is bad.

I have no idea why anyone still uses IE in this day and age...

Since I have firefox, and use it exclusively I'll have to argue this point. I have turned every setting on IE to not allow anything through. . . basically a customized "superhigh" security setting so NOTHING should ever prompt from IE. I've also deleted any access points for IE (shortcuts and everything) except the initial one incase I ever need to change a setting to allow some nonFF compatible programming in. Yeah, nice try though :).

Another reason people still use IE... Because sometimes it is used as the default browser, and there's nothing you can do to stop it.

:D


Comrades, lets use Chrome instead, it's really fast.

and incognito is the shizz

My favorite is the Nigerian 'Astronaught' (sic) trapped in the space station and owed millions in overtime.....


It is similar to the impression MAC OS is 'safer' than Windows, when it is just much less popular, not more secure, and so less of a target (to the average 'Warhol' virus writer).

Sounds like a good enough reason to love my iMac even more. Shame D&D didn't keep up with supporting the mac. I thought I would check this game out but this will probably my one and only post here since there is not a mac version.

By the way I like Mac's stealth mode on the firewall, not even computers on my own network can see the machine.

Firefox, NoScript addon. Block JavaScript on sites except what you explicitly whitelist. It is absolutely fantastic.

You can also trying invoking the last known good configuration. Press F8 on startup if the menu is not coming up on its own.

I remember my first desktop. It got killed by a virus that was equally nasty. The virus slipped through Norton Antivirus (never trusted it since). The freaking bug would restart the computer if I did any of the following:

*start windows update
*start the computer in safe mode
*try to run an antivirus
*try to run an antivirus
*start up my internet (was on dialup then)
*had the computer on for fifteen minutes
*double clicked on the My Computer icon

When I had a profesional take a look, he too recommended replacing the computer. Beyond that virus, it had something like 3000+ other viruses that Norton had allowed through. And I was paying Norton the 40 dollars a freaking month to get updates.


I hope that you no longer patronage this "professional"
And in my opinion, Norton IS malware, I hope that you have found other security solutions.

Firefox, NoScript addon. Block JavaScript on sites except what you explicitly whitelist. It is absolutely fantastic.

I agree NoScript is a great tool. NoScript lets you block all JavaScript but easily turn it back on for individual websites with just 2 clicks. It takes a little while to get used to (you quickly learn to spot when a page is broken because the scripts are disabled) and if you have a small screen you might need to disable the bar that pops up at the bottom of your window to let you know about blocked scripts. However with so many exploits these days using javascript you are much much safer using a tool like NoScript.

Oh yeah, I caught that one too. It was megadefender 2009 or something. The windows update is the same icon, EXCEPT the quality : The windows logo is not really good, that caught my eye. However, stupid that I am, I downloaded, and boom, plagued.

No access to internet, crashed, everything. Hopefully, I borrowed my dad's computer, downloaded Malwarebyte Antimalware and crushed this virus.

http://www.malwarebytes.org/

Malwarebytes is very good it recently found a couple of viruses on my computer that Norton and Spybot S&D did not.

Ouch, this does sound nasty. And is yet another reason why I've been now 6? years with no anti-virus. I've found the only good anti-virus to be me. I do however run an anti-maliware program cause that stuff can really slow down the system if not cleaned regularly. I've trusted the life of my baby in Spybot S&D for a least the last 6 years and its never let me down keeping me clean of spyware/maliware. I use to use Tea-timer too on my old XP machine, until it developed a memory leak that was system crippling that is... great at protecting the registry from unwanted edits though.


Now surely you say, "WHAT!!! you don't use anti-virus?!?!?!?! but but those people at Norton... they want your monies..."*
First off... I strongly believe that computer security is a right, not a privilege so Norton will never see a dime of mine to pay for that privilege. If/when I've ever decided to run a virus scan to help diagnose a problem I used the FREE program "clam win"... nothing ever showed up... so it was a waist of time to download it in the first place. Active personal prevention wins always :p. Second, in the last 7 years the only "virus*" I have had was the first incarnation of Aurora, and thats during a time I even had Clam win on the computer. No idea how it got there, cause I hadn't installed anything in weeks. Nothing would remove it, it's so called un-installer the program offered was a trojan, and nobody could verify if it actually removed the program. So I brute force crippled the thing while in Safe-mode and using the Registry Editor... It still ran, but it no longer worked. (like a dwarf with no alcohol :D*).*


*Aurora was never actually classified as a virus due to the fact that it had an "un-installer" and was only labeled as maliware. Even though the program operated as a virus

Agreed, internet security shouldn't be a privilege.

http://www.techsupportalert.com/how-to-secure-your-pc.php (with freeware and a lil discipline)

Still learning many things about computers and teh interwebz, figured someone looking over this thread might get some use out of that like I did. :)

@OP: That sucks, I've run into something similar, idk the name of the virus but it "bootnuked" my HDD after I restarted my comp thinking I had just updated windows :( >.<


....all that pron, such a waste...

@OP: That sucks, I've run into something similar, idk the name of the virus but it "bootnuked" my HDD after I restarted my comp thinking I had just updated windows :(* >.<


Old room mate of mine had that happen, Myself and my other Tech-savy friend/room mate couldn't figure out what just happened. He had windows updates turned off... It was a legit copy of windows so we couldn't figure out who hit him with the stupid stick, and end up eventually convincing him to turn it on. He had hours of Downloading/Installing (using windows update) to do, so we all went out for dinner since our collective hunger was starting to make the windows vibrate :p. Upon returning home, we find his computer off. When he tried turning it on, it wanted him to input a boot CD... after a few minutes of getting frustrated and trying to yell at it to work, I stop what I'm doing, shut down my computer, grab his case, leaving his HDD in his case I connect it to my computer as a slave drive and reboot... Only to find that his c:\Windows partition (he was a strange person) was empty... completely imploded. All his other partitions with his important files/ documents/ software were still there and fine... Just windows went *poof* (there wasn't even a windows folder on the partition.. it was completely empty)


Moral of the story; In addition to good safety habits. It is also important to keep your system updated.

Had a few times back in the day, had to wipe HD. Always a big ouch!

Then I learned a little trick on those nasty little bugs.

Even if they are set to block an Anti-Virus, they require Windows to do such.

Did you ever think to boot into a Linux Live CD and bug hunt it from there? No Win=Lot less probs?

I ALWAYS have a Linux sector on my Drives now, even can boot from Live CD into it even if bug tries to rewrite boot sector.

Beauty of it is, can top load Win on top(inside Linux OS) and get AV to kill, at worst use editor to remove any reference to Virus. CCCleaner works very interestingly like this, removing any hidden Hkeys, etc., their favorite place to lurk. Trick is if you do a backup to registry while using CCCleaner beforehand, makes much easier to just roll back to it, then poof, AV usually works no prob in safe mode.

And yes, AVG has been 100% successful this way. Have charged more than a few people by the hour to watch football games while comp does this.

And by the way, anybody think to open up one comp to another? My laptop can debug my tower with no prob over network. Just takes longer. Again, easy simple thing is to pop LiveCD(UBUNTU) into tower (or problem child comp) and let it be seen on network, with full admin rights, and let lappy do its thing. Easiest $50. And yes Windows removal tool works same way.

Just a thought from 33 years in comp business, and unix derivatives still kicking butt, lmao.

Malwarebytes is very good it recently found a couple of viruses on my computer that Norton and Spybot S&D did not.

Malwarebytes saved my boss's and co-workers project data.

My computer was unaffected. I had Google Chrome in incognito mode; they had IE and Firefox.

I've disabled IE at home.

Malwarebytes anti-Malware

download this run it and will solve your problems, I had same issue on one of my computers and this took care of it 100%, only take 3 min and all be gone,

Just saw this post and figured i would help yah as I had same issue a while ago

so what do you do when in my situation? comp locks before i can even login a username

so what do you do when in my situation? comp locks before i can even login a username

Try booting up into safe mode, then installing malware bytes and running it.

Try booting up into safe mode, then installing malware bytes and running it.

thanks and +1 to you

I used to remove this type of garbage professionally. First and formost, you must boot in safe mode. These little beasties live in the Windows System32 folder and of course, anti-virus apps cannot scan a folder in use. Booting in safe mode only loads limited drivers and services which leaves these folders virtually unused. Next, get rid of Norton, McAfee and the likes as they are more problems than they're worth. I use AVG Free, this app, when started in safe mode, starts a command prompt scan which by far is the ONLY way to scan a system. You also need to use other apps as ONE program is not enough to clean your system. I use Hijack This as well as spybot, these two apps along with AVG Free have kept my system clean and running nicely. Good luck.

I had the same thing pop up on my computer shortly after I installed DDO (no it was not DDO that did it). It actually found it's way onto my computer while I was browsing Lone Sentry, which I've been to many times through the years, so I know it was not the site I was going to.

It took me the better part of 4 hours to remove it. Had to reinstall Spybot, Hijack This, ZoneAlarm, and AdAware because of it, though I stopped it from uninstalling AVG.

It is a SOB to get rid of, though it doesn't require an reformat. There is a specific tool you can use, though you may have to download a randomly named .exe file and then rename it to explorer.exe in order to get it to work right. Since then, I've kept the removal tools saved on a flash drive, so if it happens again I can deal with it without borrowing my parents computer.

Same thing has happened to my landlord 3 times in the last 3 months since I moved onto the property. I've cleaned her comp all three times with the required 'no more porn' lecture, as I actually did find traces of porn after the first time, heh. But this last virus/scumware she picked up from a relatives website that uses java, and it too was a 'antivirus defender' that clicking on it would 'scan' your comp and 'clean' it. Obviously it wasn't and didn't.

I've used a combo of these to completely clean her comp each time:
- Spybot
- Glary Utilities
- Adaware
- MalwareBytes
- CCleaner
- System Mechanic (30 free trial)

Yea, that's a bit overboard, but each of those picks up things that the others didn't. Since she is clueless when it comes to her comp, she had no idea if she had the install discs for XP (I searched the desk, no she didn't); so just reformatting wasn't really an option. I wiped all of the infections off each time, and finally got her to install an antivirus program. All of those are free except for System Mechanic, which wants a yearly sub, but its good for cleaning up a virus instance once.

So far she is on a once per month schedule, I'm kinda hoping something else happens. If anything, it helps keep my rent down. :p