Need help with a virus

[Guest]

[ericd]

My computer has windows xp service pack 2 and I have the comodo firewall 3 and the comodo antivirus 2.  A couple of days ago I got a lot of error messages saying I am infected and that I should download anti-spyware master to protect the computer.  Well, when I tryed to download it the antivirus told me that it was a virus.  By then though the program was already on the computer and it started to download x-rated stuff onto the desktop.  I got that to finally stop but it is still trying to gain access to the internet again so it can start it all over again.  When that happened a folder call pchealth popped up in the program files and windows folders. The program inside of it is not pchealth instead it is something else that I don't know, because I am on a friend's computer and can't look it up now.  When I scanned the computer it did find seven virus and about 8000 suspicious files and when I try to submit them the firewall says that rundll.exe is trying to get shutdown privileges.  When I hit deny, it shuts down the internet connection. Now the firewall pop ups don't have the writing on the tops on them anymore.  Is there anything that I can do or is it a lost cause.  Thinks for any help.

[grayhair]

   Yikes!!  I don't know anything specifically about this "antispyware master."  My first words of advice would be not to connect it to the internet right now, as you may have unintentionally installed some sort of downloader, and being connected could make things worse.  Besides Comodo Firewall v.3 and Comodo antivirus 2, what other security programs do you have installed?  There are things you can do--the worst being a reformat of your operating disc.  Do you have backups of your documents, important files, installation programs, etc.?  If not, don't try to back things up right now, as the malware could be scattered around your computer.  Be patient, hopefully help will be on the way here.
   Anyone know anything specific about this "Antispyware Master?"

[grayhair]

   I Googled a little bit about the AntiSpyware Master thing.  It does appear to be nasty.  I did see in one forum that someone had good results in getting rid of it by installing and running SuperAntiSpy (which is very legitimate!).  Here is the link to SuperAntiSpy:

Edit: I hit the wrong key and sent this on its way incomplete.  Now the finish:

   http://www.superantispyware.com/

   If your friend will let you, I would download SuperAntiSpy on your friends computer, save the install file on a CD, then install it on your computer from the CD.  After installation it will want you to update it--maybe just do a COMPLETE scan first, and see what it picks up.  Then maybe connect the computer to the internet, update the program, and do another complete scan.
   Probably SuperAntiSpy won't be the only thing you will need to run, but it is a start.

   Second edit:  just download the free edition of SuperAntiSpy for now.

[gandalicious]

or... maybe you can try DrWebCureIt . it's portable, no installation needed. don't forget to scan your comp with it or superAntiSpyware on safe mode.  goodluck 

[ericd]

Besides Comodo Firewall v.3 and Comodo antivirus 2, what other security programs do you have installed?

I have ad-aware 2008 and spy sweeper.  I don't if you count winpatrol as a security program but it did help close one part of the virus.  Thinks for the suggestions I am going to try that and hope it gets rid of it, and I'll let you know the results of it.

[3xist]

Recommendation:

Remove Ad-aware & Webroot Spy-Sweeper (If you paid for it then keep it).

Download, Install, Update & Scan with:
Malwarebytes' Anti-Malware
SUPERAntispyware

Josh

[Info-Sec]

I have ad-aware 2008 and spy sweeper.  I don't if you count winpatrol as a security program but it did help close one part of the virus.  Thinks for the suggestions I am going to try that and hope it gets rid of it, and I'll let you know the results of it.

Use malwarebytes, it is the most effective ive found at removing rogue antispywares such as antispyware master.

[LEWIS HAMILTON]

Recommendation:

Remove Ad-aware & Webroot Spy-Sweeper (If you paid for it then keep it).

Download, Install, Update & Scan with:
Malwarebytes' Anti-Malware

SUPERAntispyware

Josh

He!!o ericd. . .   

Take 3xist advice! and replace your CAVS2.0 with AVIRA Free. you can download it here: http://www.download.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?part=dl-10322935&subj=dl&tag=button&cdlPid=10877501

    
              
                        

[ericd]

I tried running dr web cureit and it found like 20 different virus and Now i am running super anti-spyware and it has already found like 20 more viruses. Now I am going to try the mal-ware bytes thing.  I will let you all know the results of the scans. Thanks for all the help that you all have given me.

[CGPMaster]

You are most welcome,

Superantispyware works better while in safe mode

CG

[grayhair]

I tried running dr web cureit and it found like 20 different virus and Now i am running super anti-spyware and it has already found like 20 more viruses. Now I am going to try the mal-ware bytes thing.  I will let you all know the results of the scans. Thanks for all the help that you all have given me.

   Some good news! And just in time for the weekend LOL.   

   Don't be afraid to run these various scans several times.  I have found that in a very infected machine sometimes it takes the first scan (sometimes two) to "make the bunnies run."  Have you installed Avira Free yet?  I would do that, and again make sure it has the latest updates, and run the thing several times.  Avira would be a better AV than Comodo ver.2 right now.  Comodo ver. 3 should be out soon, and promises to be much better.  Let us know how this thing all turns out.

   Good luck.

[Info-Sec]

I tried running dr web cureit and it found like 20 different virus and Now i am running super anti-spyware and it has already found like 20 more viruses. Now I am going to try the mal-ware bytes thing.  I will let you all know the results of the scans. Thanks for all the help that you all have given me.

While your running scans run a spybot search and destroy scan, it isnt as good as it used to be, but generally if it dosnt detect anything then your system should run fine.

[3xist]

I tried running dr web cureit and it found like 20 different virus and Now i am running super anti-spyware and it has already found like 20 more viruses. Now I am going to try the mal-ware bytes thing.  I will let you all know the results of the scans. Thanks for all the help that you all have given me.

Thanks.

Try that for now and let us know how things go.

Josh

[ericd]

Super Anti-Spyware finished running and it found like 400 different objects, and I downloaded and installed Avira Antivirus and it found about 10 Trojans and a couple of viruses. I ran the Malware bytes thing and it found like 10-15 infected registry keys.  I have been running the scans and it has been finding nothing.  However the pchealth folder that has the virus or whatever in it, sometimes come back after I delete the folder, so maybe there is something that the scans are missing.  Is there something wrong or am I just paranoid?  Thanks for any help.

[3xist]

Super Anti-Spyware finished running and it found like 400 different objects, and I downloaded and installed Avira Antivirus and it found about 10 Trojans and a couple of viruses. I ran the Malware bytes thing and it found like 10-15 infected registry keys.  I have been running the scans and it has been finding nothing.  However the pchealth folder that has the virus or whatever in it, sometimes come back after I delete the folder, so maybe there is something that the scans are missing.  Is there something wrong or am I just paranoid?  Thanks for any help.

Is your PC Running OK?

Are the scans removing threats found?

Josh

[Tags:]