Looks like I'm in deep doo-doo (Virus)

[Cream Soda]

Alright, I'll go ahead and get this out of the way and say I took a risk/fucked up; won't be any denial of that. Basically I downloaded a cracked version of Vidgif a while back. It ended up w/ a corrupted file last night, after a year of use. No problem, I'll uninstall and get another. Ok, well the new one I got came w/ some shit.

AVG picks up 2 threats, moves them to the vault, no problem. Uninstall, etc, go to bed and try again in the morning.

So I use my laptop as an alarm clock. I have an alarm program, and I keep the volume on high. I'm supposed to wake up at 7am to get ready for school. 2:30am comes along and I'm woken up by new virus found new virus found new virus found, spammed over and over. I wake up and Antivirus Studio and some other program are going crazy (which I don't even think I had to begin with, if I did was inactive because I sure never used it).

So I run spybot, 50 infections, clicked fix problems, and they were solved, np. I go to restart my computer and I'm greeted by Antivirus Studio (Pay now to remove threats!). It starts it's auto scan again. Every .exe I try to open, it says it has a virus and is closed by Antivirus Studio. I can't open firefox, avg, ccleaner, spybot, etc.

I put in my SD card and start saving shit. Old photos mainly of friends and family, everything from my documents. At this point, I can't even open task manager, as it'd also get closed out. So, I have the important stuff, I go to restart again.

This time, before anything loads, I'm able to get task manager up and start closing out some of this shit while it opens (Though antivirus studio keeps coming back, the other one (which i can't remember the name of right now) is gone for now). I'm able to open other programs, like firefox on here typing now, and AVG, running a full scan. Malwarebytes is also at work.

Now that I have the important stuff on my SD card, I'm working on other stuff in general, like my ffxi screen shots to make sure they're saved.

While I still have control, is there any programs I could use or anything I could do? Right now I'm just focused on saving as much data as possible, but if there are means to get rid of this shit w/o formatting (I don't have an operating system disk), then I'd like to do what I can

[Grimeybob]

Tried booting into safe mode and running virus scan?...

[Cream Soda]

Tried safemode and wouldn't load. Will try again after current back up though, since Malware bytes got about 8 things it just removed. Everything seems to be running at regular speed again, it isn't randomly restarting anymore, but AntiVirus Studio still bring a prick. Every time I end the task it opens itself right back up again 2 seconds later.

Edit: AVG just finished and found nothing

[Waef]

This sounds kinda like something I got on a computer a while back. I think the advice given here was to run MalwareBytes in Safe Mode, followed by ComboFix. I'm not sure what the exact instructions were, but those were the two programs I used, and it got rid of it.

[Talragan]

I have gotten these things a few times. What has fixed it every time for me was loading a system restore point from a few weeks ago.

[Cream Soda]

I've never done a system restore before. How would I go about doing that?

Also, it seems the Antivirus itself was a spyware (w/ windows logo no less)

Currently following this guide, and I'll see where it leads me

http://www.myantispyware.com/2010/10...-instructions/

However, at the hijack this part of the removal process

O4 – HKCU\..\Run: [AntiVirus Studio 2010] “C:\Documents and Settings\Username\Application Data\AntiVirus Studio 2010\AntiVirus Studio 2010.exe” /STARTUP
O4 – HKCU\..\Run: [SecurityCenter] C:\Documents and Settings\Username\Application Data\AntiVirus Studio 2010\securitycenter.exe
O4 – HKCU\..\Run: [{RANDOM}.exe] C:\Documents and Settings\Username\Application Data\AntiVirus Studio 2010\securityhelper.exe

Only one of the three were present, which worries me. I removed the one i could, but idk if I have the other 2 at all or if they're hiding.

[Cheerios]

Start, Progams, Accessories, System Tools, System Restore. If your PC was set to never make restore points, then you're out of luck in that field. Since you never messed with the function anyway, it's probably still set to make restore points by default.

Just follow the steps in System Restore and go back to a point that it gives (a date before this all happened).

There are some Antivirus (AV) programs out there that do disguise themselves as part of the Windows interface pretty well. Those programs like to generate a lot of false threat alerts to get you to use the program and cause more damage. If you can find a way to get your task manager up, then closing that fake AV will let you run anything else you need.

[Cream Soda]

Alright. I'm at the system restore. Only gives me options of up until yesterday morning, but this happened within the past 6 hours.

We have

Yesterday
12:40:28 AM
8:35:27 AM
11:09:01PM

I'm gonna go w/ the 8am restore. nothing was wrong at that time.

[Cream Soda]

Operation system restore: Success

Tyvm to all who offered their advice.

For the future, is there ways to document the system as it is so I have restore options for longer than 24h hours?

[Cheerios]

In System Restore, it gives you the option to create your own restore point in the very first window. You can also Right Click on Computer > Properties, and at the top left should be System Protection. At the bottom should be a button that says "Create" for a system restore point.

In the system restore menus as well, there should be a button to check that enables you to view restore points older than a few days.

If that's not what you meant by document the system, then whoops!

[Cream Soda]

It is, thanks

[Cream Soda]

Fucking fuck lol. Got that bleeping "New virus sound" at 2:30am. I went to bed at like 11:30 and I leave in like an hour (7am). Full day of gym and school on 3hrs of sleep, goo!

[Norellicus]

http://www.bluegartr.com/threads/897...g-AVG-its-shit.

[Norellicus]

System Restore also has a bad habit of containing infected objects, and really smart viruses can just house themselves there. If you have a virus, the first thing you need to do is shut system restore OFF so that it purges that cache.

[Slott]

Sometimes when you get one of those annoying ass pop-up virii, it will only have that happen on the account you're logged in to. So if you had another account on the computer (or an admin account or something) you can log into that and clean the computer fairly easily. Not always the case, but it works on a majority.

[Byrthnoth]

So, it has been a while. Is NOD32 still the way to go? If so, should I just grab ESET Smart Security 4 and be done with it?

[Cream Soda]

What's the best free protection?

[chiyio]

avira is probably the best free one. Really though, most AV is pointless. Instead, check files you don't trust here before running them. http://www.virustotal.com/

[Gustave]

Sometimes when you get one of those annoying ass pop-up virii, it will only have that happen on the account you're logged in to. So if you had another account on the computer (or an admin account or something) you can log into that and clean the computer fairly easily. Not always the case, but it works on a majority.

This has worked for me a few times other things have not. The safe mode + malwarebytes works 90% of the time for me though. Every once in a while someone will get one that recognizes rkill and those become pesky.

I've had to clean about 8-10 "rogue" programs over the last year but I have never had one. Where do they most commonly come from? We have McAfee Enterprise here and that never seems to slow them down.

[chiyio]

They come from two things really. Something you download and run that you shouldn't have, or browsing the web without noscript on an admin account. If you are logged into a user without admin rights, you'll pretty much NEVER get the fake antivirus stuff since it requires admin rights to install itself.