I recently picked up a nasty little virus cruising the Internet on my NetBook. I was using FireFox so I was surprised. It was what is called “Scare Ware” or “Fake-AV”. It presented itself as a virus protection program scanning my system, a ‘fake’ Windows Security Shield with a balloon pop-up, “Your system is infected, click here to fix”. And that makes the fake AV program window show it’s ugly head, “scanning” your system,… a few virus names show in a “Found” menu and a “Click Here to Clean” button appears. (I later learned that if this happens again, don’t touch anything and power-off. Best way at this point is to just press and hold the power button till it powers off)
When the button is pressed it takes you to a page to “Purchase” the virus scan program to be able to continue. Of course it’s fake, it’s not the virus scan program I have installed you say to yourself. I tried to close it, I tried to use my real virus scanner, I tried “Task Manager” to stop it, no other browsers would open, only the one you were using when you contracted it. Everything kept pointing to “Purchase”
I shut down and restarted in “Safe-Mode” (restart: after the screen goes black, start tapping your F8 key repeatedly until a screen appears, Arrow up/down to select “Safe Mode”, press Enter) I used my Spybot S&D to remove the initial programs and stuff associated with it. After that I did virus scans and used a few other programs designed to remove Malware but all came up empty after Spybot S&D removed what it found.
None of my browsers worked. I basically had to go through the Network setup wizard and establish a network connection again. Then I had to go to Internet Settings (Windows XP…. Control Panel>Internet Options>Connections-tab>Setup, follow the wizard) That got my browsers to at least work, but none would bring up a web page. I did a System Restore back to a few days before the incident. (Start>All Programs>Accessories>System Tools>System Restore) That got me back online, but things were still not right….
I went to my un-infected Desktop PC and went online and changed all my passwords anywhere I had important business because after doing a search around Google, Microsoft had a page explaining what this virus was and does, It first tries to fool you to buy the product, then it steals your passwords, looking for FTP servers to put itself on to spread further. I didn’t want to take any chances so I changed everything important.
I did a search for help and whenever I clicked a search result, it would take me someplace other than where I wanted to go. But not on everything, luckily, important places like MSN support, Google support, some fix-it sites, etc… worked fine. So I now had Hijacked /redirect search results. I did manage to find a great place that basically does the same thing a Tech place would do if you took it down there and paid who knows how much money to have it cleaned.
I went to TechSpot.com where I found other people who had my same problem. It is a several step-procedure, customized to your particular malware/problem. Here is a link to my forum/post and what I had to do to clean my system. If you need help, don’t follow my procedure, every one is different and the scripts they create are catered to only my PC. Follow the “8 step” procedure before posting (sticky post at top of page) It is all volunteer work, these fellows do this on their own time so be patient, it takes a while, Mine took about a week. You might swear you are being ignored but everyone does get helped.