Hello everyone!
I turned on my computer today, and I started downloading some updates.
While downloading updates this Registry Scan 2.5 thing somehow was added to my computer.
It appears on the taskbar as a red shield with an X through it. And everynow and then it pops up and says “Your Computer is Infected”
This spyware has caused my Firefox to stop loading pages, and also I can not access many search engines using IE. Has anyone experienced this problem before, or does anyone know how to solve it?
So far I have tried.
Scanning computer using AVG Free virus scan, sent all the trojans to the vault
Also have tried scanning with ad-aware, quarintined all infected files
Try running Ad-Aware and Spybot Search And Destroy from safe mode (boot the computer to safe mode and run a scan). Then run both from your regular account.
Then take a look at Spyware Warrior and the forums they have. The forums will explain further what you can do. They have a forum where you can post a Hijack This log which will show anything that is left on your computer. Someone will analyze the log and tell you what to do.
go to www.torrentspy.com and type in kaspersky to the search bar.
go to the first listing and hit the download button. you will end up with a small file. then download u torrent using google search. use that program to open the file. it will proceed to download the program kaspersky which was voted the best anti virus and spyware program. while you are waiting download daemon tools using google search. once the program has downloaded run deamon tools. its icon will appear in the start bar. right click it and a small toolbar will open up from it. go to the top option and select mount image. find where you downloaded kaspersky to and select the file that comes up. usually a rar or mds or bin file. these are a disc image, find the one in the file that u downloaded and select mount. the pc should now act like you have inserted the program disc into it. so the install program for kaspersky should pop up. run it like normal. when it asks for the serial code go back to torrentspy.com and search for kaspersky. find the file that you downloaded. it should be the first on the list. go into that and look thru peoples comments for the serial code. use that. it should work. if not try a different one that someone posted. follow their instructions for how to use the liscence key. there will be insructions posted. if not on this file check the next one. there will always be instructions. it is usually along the lines of " complete installation and select use existing liscence key, find the file called example.key the file name is irellevant. the extention isnt. it should be .key or whatevers posted. select that file and use it your liscence key. now the program should work PERFECTLY. no viruses, no spam, no crap attatched to it. so perform a full computer search and it should find the little bastard that is causing you problems. if not search the problem on google. someone will know how to kill it.
Note: people will post that the program doesnt work. they say that because they dont know how to make it work. their idiots. however if someone says it has a virus DO NOT download it. they may be making it up but the risk is not worth it. if my instructions dont work have a mess around and try different ways of doing it other that mine. every download is different and my instructions are only written from memory. what you use www.torrentspy.com to download after this is none of my buisness. also dont exceed your download limit. isps say its unlimited. it isnt. any problems pm me
edit: they will eventually blacklist the liscence key for kaspersky so you will have to download a newer version when that happens to keep getting updates.
Best thing to do is the HiJackThis log, like JC already said, and just wait for the forum members to get back to you and tell you how to go about fixing it. Those guys are wizards.
Or, you can make a backup of all the stuff you really really need, and save it and store it somewhere save, re-format your disk and reinstall all your stuff back.
Yeah usually reformatting is a last resort type thing.
But yeah, I posted my log on the forum, and now I am waiting. This does not seem like a huge threat, aslong as I do not install any of the “anti-virus” stuff it is offering me to install.
The only thing that is really pissing me off is that it is causing my firefox to not let any website load…
Some spyware/malware will change your hosts file to prevent you from being able to access search engines, windows update, and other internet sites. The computer checks the hosts file first when looking for an IP address for a host name. If it finds the host name there it uses the IP address supplied by the hosts file. If it doesn’t find the host name in the hosts file it will go out to the DNS servers to find the IP address.
What that means is that malware can modify the hosts file to make it impossible to get to Google or any other site.
Check to see if the hosts file has any extra addresses added to it, especially things like Google and other search engines.
The hosts file is located at “C:\WINDOWS\system32\drivers\etc”
The name of the file is “hosts”
The file does not have an extension, it’s just the name hosts
It is a regular text file that can be edited with Notepad
The default hosts file should look like this:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
Delete anything extra that is in the file then save the file.
There is a chance that the malware may rechange the file after you edit it.
If that happens just rename the file to something like “hosts.foo” and hopefully that will stop that shenanigans. The computer will function just fine without a hosts file.
If that works you may be able to go to Google and other blocked sites again.
The other suggestion would be to keep the computer disconnected from the Internet as much as possible while it’s infected. That will keep it from being remote controlled or get updates. Disconnect the Internet whenever you don’t need to be online till you get the computer cleaned.