HELP! Wife's computer hosed!

[Hawkmoon]

My wife's notebook (a Toshiba running Windows Vista Home Premium) has picked up an infection of "Vista Anti-Spyware" and I can't get rid of it. I stopped her from clicking any "Yes" or 'Register" buttons, but we still can't run anything. It has her blocked out of both IE and Firefox. Neither Malwarebytes nor Ad-Aware will run.

Does anyone know how to put a stake through the heart of this thing?

[TechMan]

HM,
Try the below link.  Scroll all the way to the bottom to see the associated registry/file entries.

http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2011

[never_retreat]

Go get rkill.exe from download.com. Run this than run your AV software. It will kill all non windows critical process, including the pest thats stopping you from running your av.
After you run rkill do not open any other programs like your browser that my restart the pest. Or reboot. If you have to re boot rerun rkill.

[Phantom Warrior]

Booting in Safe Mode may let you get some stuff done.

[robear]

I have also had good luck with ComboFix...

http://www.combofix.org/

[Hawkmoon]

BLAST!

Second anti-virus scanner/cleaner found it and removed it -- but after that, no executables will execute. I'm up to about Plan 'D' at this point. Maybe it's prophetic -- I hate Vista anyway, so maybe this is the impetus I need to go out and buy a Windows 7 Upgrade Family Pack.

[Brad Johnson]

Can you get to your critical data?  If so, back it up then do a complete blow-away and reinstall.  Chances are you'll spend a lot less time than trying to fix a machine with a bunch of software glitches and executable errors from the infection.

Brad

[lee n. field]

BLAST!

Second anti-virus scanner/cleaner found it and removed it -- but after that, no executables will execute. I'm up to about Plan 'D' at this point. Maybe it's prophetic -- I hate Vista anyway, so maybe this is the impetus I need to go out and buy a Windows 7 Upgrade Family Pack.

Hold on, there's a fix for that.


A quick google, aaaaand, try these : Windows® XP File Association Fixes.  You want the exe file association fix.

It's an exported registry key.  Get this to the desktop (somehow.  It can be done.).  Then double click on it, and click yes when it asks if you want to import the key.  Then reboot, for good measure.

Vista?  try http://www.winhelponline.com/articles/105/1/File-association-fixes-for-Windows-Vista.html

[Hawkmoon]

I THINK we're fixed. It only took the entire day (excluding church service).

I had to download a freestanding virus scanner/cleaner on another computer, onto a thumb drive. Ran that -- it found 1524 infections, and (of course) my wife has no idea where they came from or how they got there. After that was supposedly cleaned up was when the executables wouldn't run, so I went back to the oldest restore point available (March 22 -- which wasn't old enough) and restored. After that, Malwarebytes would run, and it found and removed 177 more infections.

But then Avast! (my anti-virus software) wouldn't run. So I uninstalled that, downloaded the newest version, and reinstalled. Things now appear to be running about normally (which, given that it's a Vista computer, means about as fast as blackstrap molasses on a cold morning). But we're in business .. I think ... and hope.

It was disappointing that none of the "solutions" I found through Google worked. Depending on which one I read, there were differing lists of what to delete -- or whether to delete registry entries or just change values. All of which was meaningless, because the instructions for how to get there and do that ... didn't get me there. Probably just as well.

I'm sort of thinking I might take the $100+ I didn't spend on taking it to a professional to buy a 3-copy family upgrade to Windows 7 Home Premium. It has to be better than Vista (doesn't it?).

[erictank]

I THINK we're fixed. It only took the entire day (excluding church service).

I had to download a freestanding virus scanner/cleaner on another computer, onto a thumb drive. Ran that -- it found 1524 infections, and (of course) my wife has no idea where they came from or how they got there. After that was supposedly cleaned up was when the executables wouldn't run, so I went back to the oldest restore point available (March 22 -- which wasn't old enough) and restored. After that, Malwarebytes would run, and it found and removed 177 more infections.

But then Avast! (my anti-virus software) wouldn't run. So I uninstalled that, downloaded the newest version, and reinstalled. Things now appear to be running about normally (which, given that it's a Vista computer, means about as fast as blackstrap molasses on a cold morning). But we're in business .. I think ... and hope.

It was disappointing that none of the "solutions" I found through Google worked. Depending on which one I read, there were differing lists of what to delete -- or whether to delete registry entries or just change values. All of which was meaningless, because the instructions for how to get there and do that ... didn't get me there. Probably just as well.

I'm sort of thinking I might take the $100+ I didn't spend on taking it to a professional to buy a 3-copy family upgrade to Windows 7 Home Premium. It has to be better than Vista (doesn't it?).

Win 7 *IS* better than any build of Vista, IMO.  Does the computer in question meet the specs to run it?  If not, or if it's close to the minimum spec, you might not be any happier with performance under Win7 than you are under Vista.

[Jim147]

I THINK we're fixed. It only took the entire day (excluding church service).

I had to download a freestanding virus scanner/cleaner on another computer, onto a thumb drive. Ran that -- it found 1524 infections, and (of course) my wife has no idea where they came from or how they got there. After that was supposedly cleaned up was when the executables wouldn't run, so I went back to the oldest restore point available (March 22 -- which wasn't old enough) and restored. After that, Malwarebytes would run, and it found and removed 177 more infections.

But then Avast! (my anti-virus software) wouldn't run. So I uninstalled that, downloaded the newest version, and reinstalled. Things now appear to be running about normally (which, given that it's a Vista computer, means about as fast as blackstrap molasses on a cold morning). But we're in business .. I think ... and hope.

It was disappointing that none of the "solutions" I found through Google worked. Depending on which one I read, there were differing lists of what to delete -- or whether to delete registry entries or just change values. All of which was meaningless, because the instructions for how to get there and do that ... didn't get me there. Probably just as well.

I'm sort of thinking I might take the $100+ I didn't spend on taking it to a professional to buy a 3-copy family upgrade to Windows 7 Home Premium. It has to be better than Vista (doesn't it?).

That's a lot of infections!

I would double check your antivirus settings or change to another one.

jim

[RocketMan]

I had to download a freestanding virus scanner/cleaner on another computer, onto a thumb drive. Ran that -- it found 1524 infections, and (of course) my wife has no idea where they came from or how they got there.

Hawk, I can think of two reasons this might have occurred.  One, many AV tools report ordinary Internet browser tracking cookies that normally present a low security risk as "infections".  I have a mix of BitDefender, Norton 360, and MSE on several different machines.  They all report cookies as infections.
Two, most rogue anti-malware tools like "Vista Anti-Malware" put a mega-buttload of nasty files on systems they infect.  It is possible you still had a bunch left from previous scans.  I've seen that before on customer's systems that I had to restore after a rogue anti-malware infection.
Multiple scans with multiple tools on infected machines was the order of the day back when I had my computer business.
Also, you need to get a several anti-rootkit tools and run them.  Most of these rogues install some variant of the TDSS rootkit on the machines they hit.  Most of the big AV players make anti-rootkit tools available on their websites.  

[Hawkmoon]

Hawk, I can think of two reasons this might have occurred.  One, many AV tools report ordinary Internet browser tracking cookies that normally present a low security risk as "infections".  I have a mix of BitDefender, Norton 360, and MSE on several different machines.  They all report cookies as infections.

True. Some of the "infections" were tracking cookies and were reported as such.

Two, most rogue anti-malware tools like "Vista Anti-Malware" put a mega-buttload of nasty files on systems they infect.  It is possible you still had a bunch left from previous scans.  I've seen that before on customer's systems that I had to restore after a rogue anti-malware infection.
Multiple scans with multiple tools on infected machines was the order of the day back when I had my computer business.
Also, you need to get a several anti-rootkit tools and run them.  Most of these rogues install some variant of the TDSS rootkit on the machines they hit.  Most of the big AV players make anti-rootkit tools available on their websites.  

I have now scanned with Avast!, Ad-Aware, Malwarebytes, and whatever it was I had on the thumb drive. Wife and daughter have been using the computer all day and not encountered any problems, so I believe we are back to normal. The only lingering question is how long it'll take for one or the other of them to ignore a warning and load something they were told NOT to load. I already stopped daughter from overriding a stopped file that was caught by Windows Firewall.

Unfortunately, they have no appreciation of what a PITA it is to fix these problems. All they know is, "It doesn't work. You can fix it, can't you? Is it done yet?"

I suppose I should make daughter pay for having the next infection cleaned professionally by skipping lunches at school for a couple of months.