I have a super nifty virus

[Redlin5_v1legacy]

Go with Malwarebytes, a good program like others have indicated.

Don't be like me. I put off removing a virus and it eventually got too entrenched for me to remove. Being the cheap bastard I am, I just used recovery discs rather than taking it in to get purged... I don't think it is totally gone though so I'm trying to find out whether I still have it.

Win/32 Heur virus = Pain in the ass!

 

[Iznat]

Don't download SHIT to get rid of download shit.

It's such a dumb ass way to do things.

You've identified the .exe right?

[snip]

Half of the downloads to fix this junk has enough bloatware to be problems in their own right.

Learn how to take care of your comp yourself.

Cheers, thanks, but I can.
It's fixed by my own damn hands, and I properly research ANY program before I download it. Nice of you to make an assumption when I have already removed the problem, and all systems are go. Read the whole thread before lecturing me on how to take care of something that I own, not you.

Everyone else:
Thank you for all your help ^_^

 

[Throwitawaynow]

Spoiler: Samuel L Jackson wants you to

http://img.funnyanimatedgifs.net/img/515-samuel-l-jackson-read-the-mutha-fucking-post.gif]

Not that hard. When I first got a PC when I was like 10 had no idea about anti-virus programs and the default mcafee doesn't cut it... Wouldn't let me launch any programs except internet explorer which would then spam pop ups. Had to reformat.

 

[Sleekgiant]

I seem to have gotten hit pretty hard, and while it completely sounds like I'm blaming certain people, I know it wasn't me xD
Now all I gotta do it come up with a reasonable way to tell my sister to stay the hell away from my stuff - any suggestions?

Thanks guys ^_^

Okay if I were you I would set up the computer with multiple accounts, only one of them being an ADMIN account. Ditch AVG or Avast, get Microsoft Security Essentials and keep MBAM and Spybot S&D, also get Comodo Firewall.

Set up each to scan every week on a slow day, for me thats Sunday, and keep them up to date.

Also get Common Sense 2013

Also if you are running IE, ditch it for anything else like Opera, Chromium, Minefield, Firefox(if your computer can handle its resources) and NEVER EVER USE INTERNET EXPLORER

 

[TraderJimmy]

On a similar note, how do you get rid of BearShare? Is it a virus or just an irritating program?

Like OP, my sister dl'ed it (thankfully not onto my laptop, onto my parents' computer - although of course I get to hear about it every time they call!), and I am a bit worried about it.

EDIT: Separate issue on my laptop - just tried to run Malwarebytes' quick scan, and it froze. Hmm.

 

[Gilhelmi]

When I had this problem, I gave up and took my computer to the shop.

 

[Skorpyo]

Explorer keeps crashing and restarting, almost constantly.

Um, try Firefox? Or Chrome?

Seriously, IE is probably the reason a virus had such an easy in on your compy in the first place.

 

[SimuLord]

Back up and re install windows. It's probably terminal.

Indeed. I had one of these find its way into my system a few months ago (probably a rogue piece of Javascript---don't disable NoScript if you've got Firefox, kids.) I ended up having to completely reinstall. Used it as an excuse to upgrade to Win7.

 

[omega 616]

I am still trying to recover from a virus, I have it to a stage were I am getting no more pop ups from avast stating the bleeding obvious.

I am now going to get windows 7 and format my hard drive, with any luck that will sort it.

As a side note, is paying for anti virus programmes better than running the freebies from the net? 'cos I am seriously considering doing it if it stops me from going through this shit again.

 

[Iznat]

Explorer keeps crashing and restarting, almost constantly.

Um, try Firefox? Or Chrome?

Seriously, IE is probably the reason a virus had such an easy in on your compy in the first place.

XD Lmao, it's not the browser Internet Explorer, it's things like the task bar and start menu that are explorer.exe

I use Chromium =3

 

[Hateren47]

On a similar note, how do you get rid of BearShare? Is it a virus or just an irritating program?

Like OP, my sister dl'ed it (thankfully not onto my laptop, onto my parents' computer - although of course I get to hear about it every time they call!), and I am a bit worried about it.

EDIT: Separate issue on my laptop - just tried to run Malwarebytes' quick scan, and it froze. Hmm.

Dunno what's wrong with your Malwarebytes, try google.

To remove Bearshare you can either buy Spyware Doctor [http://www.securemost.com/antisp/spyware_doctor.htm] (pffff!) or do it the old fashion way for free. I'll walk you trough it in case you don't know how to do stuff in Windows. First step: Google.

BearShare Manual Removal:

Follow these steps to remove BearShare from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.

This is good advice.

1. Kill these running processes with Task Manager:
bsinstallit.exe
bearshare.exe

Pretty self explanatory.

2. Go to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run.
If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bearshare, delete it and reboot the machine immediately.

Depending on whether you are using XP or Vista/7 open the start menu, select Run...(XP), type in 'regedit' without the airquotes-thingies and navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and if there is an entry called "bearshare" delete it. Reboot.

3. Unregister these DLLs with Regsvr32, then reboot:
bearshare.dll
bsidle.dll

Good you are back from your reboot. Now it gets a little tricky as I'm not sure how regsvr32 works on all versions of Windows but try typing "regsvr32 /u bearshare.dll" and " regsvr32 /u bsidle.dll" into either Run..., the start-menu searchbox-thingy or, if all else fails, a command promt. Reboot again.

4. Remove these registry items (if present) with RegEdit:
HKEY_CLASSES_ROOT\clsid\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\clsid\{9f95f736-0f62-4214-a4b4-caa6738d4c07}
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CURRENT_USER\appevents\eventlabels\bearsharechatnotifymsg
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\classes\clsid\{558ec983-bedb-9168-b2de-31dbf0ee543e}
HKEY_LOCAL_MACHINE\software\classes\ed2k
HKEY_LOCAL_MACHINE\software\classes\gnu
HKEY_LOCAL_MACHINE\software\classes\gnufile
HKEY_LOCAL_MACHINE\software\classes\gnutella
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_LOCAL_MACHINE\software\licenses\{056b3cf0d9ab991e1}
HKEY_LOCAL_MACHINE\software\licenses\{i56b3cf0d9ab991e1}
HKEY_LOCAL_MACHINE\software\magnet\handlers\bearshare
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f95e1af-2620-4f15-bdf9-7fdce4607e17}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f95e1af-2620-4f15-bdf9-7fdce4607e17}\componentid
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f95e1af-2620-4f15-bdf9-7fdce4607e17}\isinstalled
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f95e1af-2620-4f15-bdf9-7fdce4607e17}\locale
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5f95e1af-2620-4f15-bdf9-7fdce4607e17}\version
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bearshare
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bearshare
HKEY_USERS\.default\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\.default\appevents\schemes\apps\bearshare
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare
HKEY_USERS\s-1-5-21-329068152-1677128483-854245398-500\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\s-1-5-21-329068152-1677128483-854245398-500\appevents\schemes\apps\bearshare

Now it gets boring and I hope the backwards slashes appear when I hit "Post". Open RegEdit again and delete all those entries if you have them. It's not hard, just tedious. If you mess up you have your Restore Point so you can start over.

5. Remove the directory (if presents) and its containing files with Windows Explorer:
programfilesdir+\bearshare

Navigate to where Bearshare was installed and delete anything that's left.

It's kinda tricky to do all these things but I'm sure your parents will appreciate not having to re-install Windows and all their stuff just to remove a shitty P2P-program.

Easy-peasy. If this was too hard (it's not hard!), get a Mac

 

[ToyGamer]

For protecting mac you can use ProteMac NetMine http://www.protemac.com/NetMine/.It’s really good tool.It’s must be helpful to everyone

 

[Loud Hawk]

Get a Macbook Pro?

 

[Brandon237]

I also had a rogue AV program... Personal anti-virus. God damn that thing was annoying. I had to delete a user profile cause of that. It messed up the one profile much worse than the other... I used Malwarebytes + guys at the local IT office... Fixed it up nicely.

 

[Kenko]

All I can say is "Kaspersky". It has a freetrial, download it and rejoice as it hunts, locats and terminates spyware, malware and viruses with ease.

 

[BabySinclair]

Had it on mine at one point but Malwarebytes and Spybot got it off right fast.

 

[etherlance]

I once gained a virus after downloading a film online.

It called itself "Trojan apocalypse"

It got into EVERYTHING and eventually I destroyed the bastard thing by Purging the system!!

I mean purging the entire system!
All my movies
All my images (had those on a spare hard drive so not total loss)
Everthing

Problem was the laptop could no longer start up because some of the start up files were purged as well (desperate measures to kill the virus)

Thankfully my dad used a reboot CD and got it working.
Now My laptop is protected with a:

Firewall
Avast antivirus
Spyware Terminator

I no longer downoad anything and have had no problems since, anything that does pop up is destroyed by the new defences installed.

 

[Imbechile]

That is an absolute pain in the arse to get rid of.

It's something called Security Tool, a vicious Rogue Security Software package.
I've been trying for a day or two now to get rid of it, but it's a persistent cow. I figure it's from my sister using the other user (she'll be losing the use of my laptop from now on fo' sho') and I'm sort of at a loss for what to do.

I have AVG and SpyBot, and upon recommendation of Tom's Hardware and HowToGeek I used Super Anti Spyware, which found it, but wasn't able to remove it. It's bothering me an awful lot, because with constant pop ups telling me that there's a worm trying to send my credit card details to a shady site, that Explorer has stopped working and that I can't use CTRL-ALT-DEL to do ANYTHING because of a Trojan hidden in my processes tab, waiting to be let out.

Currently I'm using Safe Mode with Networking, and Explorer crashes every few minutes and the resolution is about 800x600, and I can't play anything ;_;

So, Escapist, I have two questions for you.

1) Have you ever had to get rid of Security Tool or another false security software? How did you do so? D:

and
2) What ridiculously awful experiences have you had with virus'?

I also had a Security tool called My security engine and it was doing the same thing, I removed it with spybot, but i still can't use Task manager and i tried to install AVG antivirus and it doesn't let me. I installed Spyware doctor and that program doesn't also work, and so on ........
So, I'm still having a lot of problems :-(