CB Radio Talk

anyone know how to get rid of the virus alert
it changes the desktop screen
changes the time clock in the bottom right corner to militarytime
where the time is located to the right of that it says VIRUS ALERT
it locks out the task manager
in the start then setting menu it clears that to only be able to see taskbar and menu

anyone got an idea how to kill it

and no stinger or avg wont even touch it

Maybe [Please login or register to view this link]?
It's one of the better antivirus programs on the market.

and i did forget to mention zonealarm
free version did not get it

Have you tried [Please login or register to view this link]?

TwentyTwo-Zero wrote:Have you tried [Please login or register to view this link]?

As a computer tech, I do not recommend Norton 360 to ANYONE. It has caused way, way more problems than it's helped - things such as complete lockout of the internet (something I call 'firewall disconnect'), absolute total hammering of the computer (all your resource are belong to us), things of that nature.

In response to the original poster, you got hit with one of the various Smitfraud rootkits. Godspeed in its removal, it's a tough one.

In the meantime, STAY AWAY from anything that calls itself "WinAntiVirus" or "XP AntiVirus Pro 2008" or any mixture of those two terms.

I pay for a full subscription of Spyware Doctor and Registry Mechanic. My machines all haul even after visiting the most unscrupulous websites.

Hey NorthTexas,

That thing you are infected with is called Antivirus 2008. If you do a search on google, you will find a manual way to remove it. The only way to automatically remove it, is to pay for a removal program, that is probably made from the manufacturer. Adaware, Spybot, and all the ot her popular spyware removal tools will not remove this program. I'm "retired" from computer service, but still in the past few weeks I have repaired numerous computers infected with this crap. In a nutshell, you go to Program Files, delete the program, and then remove it from the registry and remove it from the start-up.

Good luck. If ya can't get it removed, shoot me a PM and I'll try to help more.

ok just got back from store
got the
windows one care
got rid of alot of crap
but now the time still says 20:06 VIRUS ALLERT

I picked up the xp antivirus 2008 myself last night. I tried Microsoft one care with no luck. I got rid of it with free avg and adware and spybot.

and i ran the spybot first thing then the stinger then avg free edition
then went and got windows 1 care and it really made it mad and then rebooted then it
shut it down
but now just working with the 22:16 VIRUS ALERT

and the desktop issue

Check out kim kommando's website search for antivirus. She also has lots of neat stuff on there too.

North Texas Mudduck wrote:anyone know how to get rid of the virus alert
it changes the desktop screen
changes the time clock in the bottom right corner to militarytime
where the time is located to the right of that it says VIRUS ALERT
it locks out the task manager
in the start then setting menu it clears that to only be able to see taskbar and menu

anyone got an idea how to kill it

and no stinger or avg wont even touch it

I had a similar situation. I kept getting a notification similar to what you are describing. It is a spyware/malware virus. Mine kept prompting me to get a free pc check-up for virus and when one does the spy/malware was installed. I had to spend lots of time removing the installed junk daily until I took my pc to a tech. I have all the goodies to protect against such junk but it still got by. I had to take my pc to a shop where they have the appropriate removal system.

The prompt-alert is the virus.

Mike

You need to get a free program called HiJackthis. Run it and look for suspicious entries and delete them. Also run AVG antispyware and anti virus. Also get free antispyware Spybot.

Hope that works,let us know.

Linx said it best:
If you do a search on google, you will find a manual way to remove it.

Try this before you go spend your money.
Good luck!

i got 2007 man it took no more then 10 mins before i popped my full install disk in and formatted, first link on google i read how bad it was corrupting your registry and how hard it was to remove... easier on my nerves and time to just format when you get hit hard.

Black Lightning wrote: As a computer tech, I do not recommend Norton 360 to ANYONE. It has caused way, way more problems than it's helped - things such as complete lockout of the internet (something I call 'firewall disconnect'), absolute total hammering of the computer (all your resource are belong to us), things of that nature.

In response to the original poster, you got hit with one of the various Smitfraud rootkits. Godspeed in its removal, it's a tough one.

In the meantime, STAY AWAY from anything that calls itself "WinAntiVirus" or "XP AntiVirus Pro 2008" or any mixture of those two terms.

Being a computer tech, then you should also be aware of the fact that these issues were resolved with the release of 360 2.0. It consumes LESS resources then either MacAffee or One Care, doesn't slow your computer down as much as either of those programs and is updated multiple times a day with the most current virus definitions making it a better choice if you are serious about protecting your computer from viruses/trojans and online attacks.

If you go [Please login or register to view this link] you can run a free virus scan on your computer. If you have pop=ups blocked allow them on this site and select "Virus Detection". After the scan is complete you will be instructed on how to remove any/all viruses/trojans/malware that is found. Best of all it is provided by the LEADER in antivirus software - and it is FREE. :wink:

Here is the url in case it didn't come through above:

[Please login or register to view this link]

I also have 15 years experience in the PC world.. Smitfraud rootkits is the answer to your problem, and it is a very common one.. When you open your browser does it take you to the same bunk virus scan page?? if so its a hijacker and smithfraud will take care of it.. Good luck.. 76 out..

I use AVG and TuneUp Utilities 2008

What NCMidnight is referring to is a removal tool called "SmitRem" or "Smitfraud Remover". Smitfraud is the malware itself. These latest versions don't go away simply with Smitrem. In my experience, the only way to get rid of it without referring to the 'nuclear option' of reformatting and reinstalling, is to use a BartPE disk of some sort. I use "The Ultimate Boot CD for Windows". You boot the system to that, which is in effect a Windows XP live CD, and the hard drive is not locked by the OS. Also, since you're running a clean copy of XP that cannot be infected (Closed CD-ROMs cannot be written to), you can find the stealth components of the infection which exist in various areas of the system.

XPAntiVirus2008 installs itself into the registry in the following keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run,
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon Shell
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify

as well as various named services under

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet00x\Services (where the 00x in ControlSet00x refers to the most recent one).

It also manipulates registry keys that prevent the user from running regedit or ctrl-shift-esc or ctrl-alt-del to access the task manager. There are registry access tools that you can obtain in order to repair the registry so you can access it with regedit (these tools will not work if the malware is running, however).

With a BartPE CD, you can use the command prompt to delete random filenames in the \windows\system32 directory, files that are usually dated the current date or within the time the computer has been infected. Files with .exe and .dll extensions, as well as any .htm or .html file in the system32 dir. Some variants also create 'INI' files in the system32 dir as well. These are easy to spot however; they're usually large compared to real INI files (e.g. 161,200 bytes) and when you attempt to read them, they're binary and not text. Any filename ending in .ini2 or .ini.bak can safely be deleted. You can use RegEditPE to load the remote registry (the registry on the infected computer) to fix keys in there.

Twenty-Two Zero - I'd love to believe that, however I was dispatched last week to fix someone's computer which had pretty much hard locked from CPU load. The installed Norton 360 2.0 was the culprit. A quick run of the symnrt tool from Symantec fixed it by deleting the software. Symantec software has not been good now for a number of years. The only thing they make that I find useful is Ghost.

Hope you solve your problem .We use Norton 360 but we can't recommend it it doesn't catch all spy ware according to spy-bot