david3 0 #26 February 28, 2011 QuoteJim, First, reboot your computer and F8 on bootup to get into "Safe mode with networking." Then download and run Malwarebytes Anti-Malware. Run it and it will clean up that POS If you try to chase it down, you'll spend days. http://www.softsailor.com/how-to/8723-how-to-remove-security-tool-virus-malware-removal-guide.html +1 . Quote Share this post Link to post Share on other sites
shah269 0 #27 February 28, 2011 Please let us know how things are working out. These new viruses are horrible. Thus why I was so angry to have started up the thread regarding introducing virus makers to the sport of skydying. I wish you the best. But I highly suggest getting an external HD from Wallmart and backing stuff up. It sucks but....well untill people let me kill hackers for fun and profit and enjoyment this is what we have to do.Life through good thoughts, good words, and good deeds is necessary to ensure happiness and to keep chaos at bay. The only thing that falls from the sky is birdshit and fools! Quote Share this post Link to post Share on other sites
Meso 38 #28 February 28, 2011 QuoteIm into the registry editor, I hit edit and then find....type in the name and (default) REG_52 IWMEncPushDistrubution ...come up, I try to delet hat and it won't let me...what am i doing wrong? You will probably need to give yourself permission to delete the item since they are protected by default. On the folder of the virus reg key on the left, right click and then click on 'permissions'. From here you should be able to select a list of users and then give that user the permissions, give the administrator and the user you're currently on full access to do everything. And then you should be able to delete. Next, I'm not sure how this exact virus/trojan/malware is doing it's business, but I'd recommend trying to find out if it is possibly running through a processor like most do, to check this - ALT + CNRL + DEL and check your processor list, look for anything that may be suspicious (though this may not help if you aren't used to the regular processors). Next I'd recommending restarting your computer in safe mode with networking. This should prevent unwanted executable processors starting up automatically. Next, I'd try to located where the software has been installed, due to the registry key it looks like it's installed software, so go to your program files, arrange by modified and see if you can see anything that may relate to the virus software. If you do find it, delete everything in that folder - it is important to be in safe mode when you do this as if the processor is running from an .exe file in that folder it won't let you delete it. If you manage to do that, try start your browser (in safe mode) and see if you can download a free anti-virus program, then run that to try clean up what may be left of the virus, assuming you have removed the main core files. Quote Share this post Link to post Share on other sites
airtwardo 6 #29 February 28, 2011 Can't be sure of the infected file(s) at this point, still looking... I went to advanced connections and unchecked the proxy server box which is allowing me to at least access explorer on a ifferent user name than the one initally infected...that one still has the redirect going. But at least I up dated malwarebytes and the program is running with 2 objects found so far. Geez I remember when surfing was SAFE! ~ If you choke a Smurf, what color does it turn? ~ Quote Share this post Link to post Share on other sites
Southern_Man 0 #30 February 28, 2011 Somewhat off topic but I do all of my browsing in a user account (restricted user, not sure of terminology), not an administrator account. I have an administrator account and I log into that only if I want to install something. Prevents anything from installing itself during surfing. Not sure it's 100% safe but it is working for me so far."What if there were no hypothetical questions?" Quote Share this post Link to post Share on other sites
airtwardo 6 #31 February 28, 2011 Yeah!!! Malwarebytes ROCKS!! Thanks everybody! ~ If you choke a Smurf, what color does it turn? ~ Quote Share this post Link to post Share on other sites
shah269 0 #32 February 28, 2011 Quote Yeah!!! Malwarebytes ROCKS!! Thanks everybody! Glad to hear you are well and it worked. I will pick it up tonight just to CYA!Life through good thoughts, good words, and good deeds is necessary to ensure happiness and to keep chaos at bay. The only thing that falls from the sky is birdshit and fools! Quote Share this post Link to post Share on other sites
regulator 0 #33 February 28, 2011 I hope you didnt remove any pertinant registry keys before you found the malwarebytes fix. Personally I've been working in IT for over 18 years and I dont go into the registry unless its absolutely necessary. That is not a place to go to and start deleting keys. Just remember a good way to have a good backup is to keep malwarebytes on a cheap 1 GB flash drive and a copy of antivirus as well. Dont use it until situations like this. Glad you found M-BAM. It works well. I use it weekly. Quote Share this post Link to post Share on other sites
hookitt 0 #34 February 28, 2011 Quotewent to advanced connections and unchecked the proxy server box Sorry I was not online to reply to this thread when you started it. That is one of the most common viruses out right now. It keeps being changed slightly so it's harder to find. Now that you've found the proxy setting and fixed it, delete all your temporary internet files. Check everything on the list and delete it. If you use multiple browsers, IE, Firefox etc ... delete the files from all programs. Clear your java cache as well, How to clear Java Cache After that's done, Run Malwarebytes again. Also update your Current Antivirus, then run a complete scan. Not a quick scan. Walk away from the computer because it could take a while. There are a few places that type of virus resides. There's a good chance malwarebytes got it all but there's also a good chance it missed some. If McAffee didn't find it, update it. If it fails later on in your computers life, replace it. Believe it or not, Microsoft Security Essentials tends to catch it better than some paid anti-virus programs. Good luckMy grammar sometimes resembles that of magnetic refrigerator poetry... Ghetto Quote Share this post Link to post Share on other sites
Amazon 7 #35 February 28, 2011 Quote I hope you didnt remove any pertinant registry keys before you found the malwarebytes fix. Personally I've been working in IT for over 18 years and I dont go into the registry unless its absolutely necessary. That is not a place to go to and start deleting keys. Just remember a good way to have a good backup is to keep malwarebytes on a cheap 1 GB flash drive and a copy of antivirus as well. Dont use it until situations like this. Glad you found M-BAM. It works well. I use it weekly. Wussie Quote Share this post Link to post Share on other sites
theonlyski 3 #36 February 28, 2011 Quote where is the warmer weather... Its here, in Florida. (no, that face isn't for cool, its because the sun if effin bright!)"I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly DPH -7, TDS 578, Muff 5153, SCR 14890 I'm an asshole, and I approve this message Quote Share this post Link to post Share on other sites
theonlyski 3 #37 February 28, 2011 Quote Wussie +1"I may be a dirty pirate hooker...but I'm not about to go stand on the corner." iluvtofly DPH -7, TDS 578, Muff 5153, SCR 14890 I'm an asshole, and I approve this message Quote Share this post Link to post Share on other sites
regulator 0 #38 February 28, 2011 I can delete reg keys all day long...but thats only when its required. The regedit applet is not a place I inform users to navigate to in any instances unless I know them personally. Too many n00bs have not followed my instructions to the tee and I've ended up having to do more work in the long run. And yes Jim in computers your a n00b. HA. You can kick my ass in skydiving all day long...perhaps we can work out a trade in the future. I'll fix your complex computer issues and you can give me a skydiving brain dump. I'm totally down for that. Quote Share this post Link to post Share on other sites
agentsmith413 0 #39 March 1, 2011 Quote http://www.malwarebytes.org/mbam.php Start here. It's not terribly hard to get these out of the system, but they take time. And quit surfing porn! This. Ive had this problem before and you have to reboot in safe mode with networking. you should be able to go to the site and download the software and run it in safe mode. It will most likely fix the problem. The software has always worked for me when i did this.Life is not a journey to the grave with the intention of arriving in a pretty and well preserved body, but rather to skid in broadside, all used up, and loudly proclaiming: Wow, what a ride! Quote Share this post Link to post Share on other sites
airtwardo 6 #40 March 1, 2011 Quote Quote http://www.malwarebytes.org/mbam.php Start here. It's not terribly hard to get these out of the system, but they take time. And quit surfing porn! This. Ive had this problem before and you have to reboot in safe mode with networking. you should be able to go to the site and download the software and run it in safe mode. It will most likely fix the problem. The software has always worked for me when i did this. Ski had me uncheck the proxy server which allowed me to use a different screen name to finally get a browser working...updated malware, ran it 3X's and everything is good. I couldn't get a browser up in any screen name even in Safe mode (w/ networking) The screen name in use when infected had multi-pop ups and the redirect to bogus site...all the other screen names didn't have the pop-ups or the redirect, just 'error cannot connect to interweb'. I did look through the reg files but couldn't find anything corresponding to the names on the pop-ups or redirect site... Even though I'm a stone tablet and chisel kinda guy, I know better than to just start zapping lines in files... ~ If you choke a Smurf, what color does it turn? ~ Quote Share this post Link to post Share on other sites
agentsmith413 0 #41 March 1, 2011 Quote Quote Quote http://www.malwarebytes.org/mbam.php Start here. It's not terribly hard to get these out of the system, but they take time. And quit surfing porn! This. Ive had this problem before and you have to reboot in safe mode with networking. you should be able to go to the site and download the software and run it in safe mode. It will most likely fix the problem. The software has always worked for me when i did this. Ski had me uncheck the proxy server which allowed me to use a different screen name to finally get a browser working...updated malware, ran it 3X's and everything is good. I couldn't get a browser up in any screen name even in Safe mode (w/ networking) The screen name in use when infected had multi-pop ups and the redirect to bogus site...all the other screen names didn't have the pop-ups or the redirect, just 'error cannot connect to interweb'. I did look through the reg files but couldn't find anything corresponding to the names on the pop-ups or redirect site... Even though I'm a stone tablet and chisel kinda guy, I know better than to just start zapping lines in files... Hmm i'm not a computer pro or anything of the sort so i have no clue why it's not working. The advice i gave was always what i did to fix the issue and it always worked. So Sorry i couldnt be more helpLife is not a journey to the grave with the intention of arriving in a pretty and well preserved body, but rather to skid in broadside, all used up, and loudly proclaiming: Wow, what a ride! Quote Share this post Link to post Share on other sites
nigel99 144 #42 March 1, 2011 Quote I can delete reg keys all day long...but thats only when its required. The regedit applet is not a place I inform users to navigate to in any instances unless I know them personally. Too many n00bs have not followed my instructions to the tee and I've ended up having to do more work in the long run. And yes Jim in computers your a n00b. HA. You can kick my ass in skydiving all day long...perhaps we can work out a trade in the future. I'll fix your complex computer issues and you can give me a skydiving brain dump. I'm totally down for that. Well if he screwed up editing the registry at least the re-directs probably wouldn't be his biggest problem any moreExperienced jumper - someone who has made mistakes more often than I have and lived. Quote Share this post Link to post Share on other sites
david3 0 #43 March 8, 2011 Think this is a safe attachment to open? QuoteDear client. Email notification No.2995190 Your package has been returned to the Post Express office. The reason of the return is "Incorrect delivery address of the package" Important message! Attached to the letter mailing label contains the details of the package delivery. You have to print mailing label, and come in the Post Express office in order to receive the packages! Thank you for your attention. Pos ./~ t Express Quote Share this post Link to post Share on other sites
popsjumper 2 #44 March 8, 2011 QuoteThink this is a safe attachment to open? QuoteDear client. Email notification No.2995190 Your package has been returned to the Post Express office. The reason of the return is "Incorrect delivery address of the package" Important message! Attached to the letter mailing label contains the details of the package delivery. You have to print mailing label, and come in the Post Express office in order to receive the packages! Thank you for your attention. Pos ./~ t Express Dear postmail-dep9536, I checked it out and marked it, "Return To Sender". Pay no heed to the ticking when you receive it. Thank you for your inattention, david3My reality and yours are quite different. I think we're all Bozos on this bus. Falcon5232, SCS8170, SCSA353, POPS9398, DS239 Quote Share this post Link to post Share on other sites
hookitt 0 #45 March 8, 2011 QuoteThink this is a safe attachment to open? QuoteDear client. Email notification No.2995190 Your package has been returned to the Post Express office. The reason of the return is "Incorrect delivery address of the package" Important message! Attached to the letter mailing label contains the details of the package delivery. You have to print mailing label, and come in the Post Express office in order to receive the packages! Thank you for your attention. Pos ./~ t Express No, that is not safe to open. Just delete it.My grammar sometimes resembles that of magnetic refrigerator poetry... Ghetto Quote Share this post Link to post Share on other sites
