How do I get rid of this virus?

[Waef]

Well, basically I have 2 computers. Both are infected with the same (or very similar) viruses.

On the first computer, there are constant pop-ups saying that the computer is infected. Then an "anti-virus" scanner pops up, scans 34 threats, and offers to remove them. However, if you try to use that to remove the threats, it says you need to buy some $50 software.

It also prevents the internet for working, and it constantly tries to open up sites like porno . org, viagra . com, and such, although it doesn't work. Both IE and Firefox come up with "the page cannot load".

It also prevents the opening of antivirus programs, although by spamming it I've been able to do some scans, although they didn't detect anything.

On the second computer, the same annoying popups telling you to buy new software come up every few seconds. Fortunately the internet still works.

Basically, is there anything I can download to clean up this computer, and then transfer that over through a disc or something to the internet-less computer? I'm pretty sure this computer became infected, and then the second became infected after using a USB flash drive that had been used on this computer.

Much help would be appreciated, because this is getting ridiculously annoying. Thanks in advance.

[Cephius]

Tap F8 on startup and get to the safe mode selection screen. Start safe mode (with networking, if possible. If you use wireless or something, just start it in safe mode). Once you're into the OS, download and run (or throw them on a USB stick if you can't get the net to work) two things:

1) Combofix

2) Malware Bytes

Update and run them both. Run Combofix first. It'll give you some warning messages, just click past them and let it scan. Once it's done, reboot, go back into safe mode, and run Malware Bytes. Once done and everything is clean, restart and boot normally. See if everything is fine. If it is, run one more scan to make sure. If it's not, post back.

If your computer refuses to run either Combofix or MalwareBytes, try renaming the exe files on your desktop to something else. Some viruses will stop them from running if you don't.

[Kriz]

Tap F8 on startup and get to the safe mode selection screen. Start safe mode (with networking, if possible. If you use wireless or something, just start it in safe mode). Once you're into the OS, download and run (or throw them on a USB stick if you can't get the net to work) two things:

1) Combofix

2) Malware Bytes

Update and run them both. Run Combofix first. It'll give you some warning messages, just click past them and let it scan. Once it's done, reboot, go back into safe mode, and run Malware Bytes. Once done and everything is clean, restart and boot normally. See if everything is fine. If it is, run one more scan to make sure. If it's not, post back.

If your computer refuses to run either Combofix or MalwareBytes, try renaming the exe files on your desktop to something else. Some viruses will stop them from running if you don't.

There is nothing else to add. This is it. Might as well sticky that as the answer to 99% of all virus/malware/spyware/trojan issues.

[Cephius]

There is nothing else to add. This is it. Might as well sticky that as the answer to 99% of all virus/malware/spyware/trojan issues.

Yeah pretty much a copy paste from before.... with your right link added in

[fishstix]

mmm porno and viagra

what's not to love

[Waef]

Well, currently I'm running running Malware Bytes on this computer. Unfortunately, ComboFix didn't work on this computer, even when I changed the name. It said that it only works for Windows XP and such, yet this computer has Windows Vista on it. Is there a substitute for ComboFix that works on Vista? (The other computer has XP on it, so it shouldn't be a problem with that computer (I hope...))

Update: Just finished the scan in safe mode, started it up normally and the problem seems solved. Thanks a lot, Cephius. Currently the second Malware Bytes scan is running. However, I'm still curious if there's another program like ComboFix that's specifically for Vista that I could run on this computer just to be on the safe side.

[xopher]

When all else fails, slash and burn.

Format the drive, reinstall windows.

Seems you got things fixed without having to resort to that, though.

[Cephius]

Well, currently I'm running running Malware Bytes on this computer. Unfortunately, ComboFix didn't work on this computer, even when I changed the name. It said that it only works for Windows XP and such, yet this computer has Windows Vista on it. Is there a substitute for ComboFix that works on Vista? (The other computer has XP on it, so it shouldn't be a problem with that computer (I hope...))

Update: Just finished the scan in safe mode, started it up normally and the problem seems solved. Thanks a lot, Cephius. Currently the second Malware Bytes scan is running. However, I'm still curious if there's another program like ComboFix that's specifically for Vista that I could run on this computer just to be on the safe side.

Vista cleaning instructions are located here.

Note that if you have 64 bit Vista, Combofix is not compatible and won't run. If you have 32 bit Vista it should work though. Follow the steps in the link to do it.

Otherwise, just run a scan with your antivirus software, or download SuperAntiSpyware and run a scan with that. If they both come up clean you should be fine. I've seen the virus you mentioned before, you should be fine with these tools. Combofix is great for rootkits, but I doubt you have one.

[Olo401]

Nah doesn't sound like a rootkit.. actually it sounds like he hit some particularly aggressive advertising that uses javascript/activex to hook into his registry. I had something similar happen to me once and it took some pretty hardcore registry cleaning to get the shit out.

Just to be sure though, after he's done cleaning I'd run HijackThis & post the log. We should be able to pick out anything else that's left easily.

[Cephius]

Yeah, once the virus is cleaned out, running Ccleaner isn't a bad idea to tidy up the registry and take out those leftover entries.

I also usually go through the HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run and deleting any entries that refer to dll files in system32 or with obvious names like PERSISTENCE. Those are usually left over entries from the virus.

[Waef]

Yeah, both computers seem clean now, but I'll still run the other programs that have been suggested later today. Thanks a lot, everyone. :D