I was wondering how long Win7 would hold out....

[shawdreamer]

Basically whenever I tried to open my browser (IE9) with my WIN7 Pro OS lappy a sudden program would kick in claiming my "Windows 7 security software was deactivated" and a convincing approximation of the Win7 security box pops up with a "activate now" button present.

 

I initially clicked it thinking something minor had occurred when Google was updating only moments previously but no, some nondescript scanner pops up and does "a scan" before claiming there's shiteloads wrong on the pc and then offering up a variety of price ranges to re-activate the win7 security software (not once does it mention MSE which is present and used on the lappy).

 

Naturally I thought "ah its a feckin sly virus thing doing the rounds" and immediately attempted to open MSE to run a scan and remove the offending software hopefully..... double click....... nothing......... double click again........ nothing......... attempt to open via start menu........ still feckall, dammit its blocked MSE from starting up grrrrr.

 

I opened task manager in the hope that Id be able to force any dodgy running processes long enough to allow MSE access again but the only thing I could see was associated was "pug.exe" which I shut down (the "scanner" immediately vanished) but still MSE refused to open and win7's resolution centre wont fix the issue either.

 

quick google of "pug.exe" from my office pc came back with something referred to as the "tbyz.exe/pug.exe" which was listed to cause all the hijacking issues present on my lappy at the mo.

 

amongst the advise in regards to getting rid of it without the aid of MSE was CCleaner and a adware remover called "adwareaway", I ran CCleaner as I already had it and it went through but still the hijack occurred, I then downloaded this adwareaway thingiemabob which is currently happily scanning my pc for issues (of which its says its found 4 so far).

 

Anyone got any further advise (given that there's atleast two members on ere who specialize in this sorta crap) just incase this Adwareaway thing drops its gonads at the end of its scan?

 

cheers in advance lads.

[scottg17]

Okay, 1st boot to safe mode, Power PC down and repeatedly tap F8 and soon as you press the power button.

You'll get the advanced boot options, Select safe mode with networking.

You'll then be in safe mode.

Goto www.malwarebytes.org and download the free version of malware bytes.

Try and run the scanner, all going well the virus should be detected and removed.

 

If malware bytes fails to run goto my computer C:\Program Files\Malwarebytes' Anti-Malware

Press ALT, Select VIEW, Then Folder options and untick the box 'hide extensions for knows file types' and click okay.

Find the file called mbam.exe, right click and rename to '1234.bat'

Try to run this file, Malware bytes should run.

 

If it still fails its likely that the virus running in the background maybe stopping processes from running so we can try looking for signs of the virus elsewhere

 

Navigate to C:\Users\*user*\AppData and look through the local, roaming and system folder and look for dodgy named EXE files, you may well find the mentioned 'pug.exe' here. If any of these files are found just delete them and see if you can run malware bytes.

 

If all this fails run Hijack this http://www.trendmicro.com/ftp/products/hij.../HiJackThis.msi

select run and scan and save a logfile

Copy the log file here and I can check it

[shawdreamer]

Okay, 1st boot to safe mode, Power PC down and repeatedly tap F8 and soon as you press the power button.

You'll get the advanced boot options, Select safe mode with networking.

You'll then be in safe mode.

Goto www.malwarebytes.org and download the free version of malware bytes.

Try and run the scanner, all going well the virus should be detected and removed.

 

If malware bytes fails to run goto my computer C:\Program Files\Malwarebytes' Anti-Malware

Press ALT, Select VIEW, Then Folder options and untick the box 'hide extensions for knows file types' and click okay.

Find the file called mbam.exe, right click and rename to '1234.bat'

Try to run this file, Malware bytes should run.

 

If it still fails its likely that the virus running in the background maybe stopping processes from running so we can try looking for signs of the virus elsewhere

 

Navigate to C:\Users\*user*\AppData and look through the local, roaming and system folder and look for dodgy named EXE files, you may well find the mentioned 'pug.exe' here. If any of these files are found just delete them and see if you can run malware bytes.

 

If all this fails run Hijack this http://www.trendmicro.com/ftp/products/hij.../HiJackThis.msi

select run and scan and save a logfile

Copy the log file here and I can check it

 

hero..... that got shut of the ickle shite.

 

nice one lad I owe you a Wham bar.

[PeeWee]

Good work Scott, I was going to mention similar regarding Malware bytes, some other good little snippits in there too I hadn't thought of though.

[eetaylog]

Rolling back to a pre-virus date would have worked as well. Used it a few time in Win7.

[shawdreamer]

Rolling back to a pre-virus date would have worked as well. Used it a few time in Win7.

 

 

sorry meant to mention that, tried that too, it reported registry errors which then flat refused to initiate the repair tool required to fix the errors so that a previous restore point could be used..... I can only assume it was the virus at work again.