O/T - Severe PC Problem

[RichP]

Dear all

I'll kick this one off with an apology for yet another O/T  post. I really will finish all the various house, IT and other related projects soon and then be able to dig the Westy out of the bag in which it sits on my drive, so I can try to contribute towards this forum rather than constantly asking completely O/T questions. In the mean time your patience is appreciated!

PC Problem

My laptop, running XP, seems to have developed a fault that means I can't open any .exe files. It seems to start up ok, but beyond that Outlook, Excel, Word, Firefox, Explorer etc - it doesn't want to know.

I can search the hard drive and find the .exe files directly rather than using the Start menu or desktop shortcuts, but it makes no difference.

The laptop is protected by McAfee which, until now, seems to have done a sterling job and I've been quite happy with. It's fully up to date (although the license does run out in about a month) and I've run a couple of full scans with no results.

About a week ago a strage fault did appear to crop up, apparently a clash between McAfee and the Windows Security which is usually "turned off" so McAfee can do the job. McAfee was saying all was well, but Windows was raising merry hell telling me I had 31 viruses (trijans, worms, keyloggers etc etc) and I should quickly invest about £50 for a full license to clean it up. I merrily ignored this as McAfee said all was well. Perhaps this was a mistake.

Since this time the .exe problem as been evident and I've no idea what to do about it. All can't be well but where to start? I have a NAS drive that I could copy the whole laptop hard drive on to so I can clean it off and re-install Windows, but I'm hesitant to connect the laptop to anything else for fear of spreading a virus further.

So, I'm stuck with an expensive door stop until I can work out what to do with it. Any thoughts?

Cheers

Rich

[Blatman]

You have a virus!

The "advert" for saying you should pay for a licence is the "front end" of the virus. You have done the right thing in NOT proceeding any further.

If the laptop is currently not working, (and by your descrption I'd say it wasn't) can you still get to the Internet on it? I assume you can as the virus wants a 'net connection to steal your money...

If you can, jump on to the Symantec web site. They have a free tool for scanning and fixing things like this.

If that doesn't work, report back...

[Mike H]

Sounds to me like you may have one of those fake Windows security malware things.  They are a pain in the A***, tell you that your PC has loads of viruses when it doesn't and get you to call someone, spend £50 for nothing and they run off with your card details.

What happens when you use Internet Explorer?

If you can post if pic of the 'windows security' message that may help.

They usually consist of a few registry entries, setting IE to use a proxy and a random executable somewhere on your hard drive.  Not too difficult to get rid of but a PITA.

Mike

[RichP]

Thanks both - will try to connect to Symantec tonight and see what it throws up, and will report back. It's annoying that McAfee has not picked this up and I have to visit Symantec instead. The re-instatement of the McAfee license is now looking less likely!

[peterg]

download malwarebytes free and run that

also, you may have got a 'nasty' which adds a folder in Program Files and an entry in the Registry which causes just such a problem but the details are on my laptop at home and I can't remember what it's called  

you may need to do this to get it to run:

QUOTE

malwarebytes installed on that computer, so I changed the malwarebytes file extension from .exe to .com. (go to program files>Malwarebytes> mbam.exe rename it to mbam.com)

and was then able to launch malwarebytes. Update it, and run a full scan.

it picked up a registry hijacker at the following key: HKEY_CLASSES_ROOT\exefile\shell\open\command

after removing infection the problem was gone.

[Dommo]

Many anti-virus products don't pick this up as it's usually something the user inadvertantly installs. They can masquerade as stuff like an Adobe Flash Player update and look pretty genuine.

I've had to fix a few variations of these now, some can be a right PITA

[Blatman]

Yup. A couple of folk I know have installed what looks like a genuine Adobe update only for it to be malware. I've turned off Adobe updates until I can be sure I know how to tell the difference between the genuine update and the fake ones.

Virus' and trojans that are executed by the user are ignored by most AV programmes as they are user initiated.

FWIW I dumped McAffee last year. All my PC's are running Avast and I'm also testing Windows Security Essentials (which is free! ) which is getting good reviews. I am seriously condidering going back to Norton following a conversation with a security expert recently.

Which remnds me... Rich if you can get to t'internet try running Windows Malicious Software Removal Tool. It comes out once a month with the regular update cycle but it can be downloaded and run at any time from Microsoft.com. BUT... that tool will pick up legitimate programmes too so I'd turn to it last. The Malicious Software tool picks up *every* fuel injection ECU programme I have (DTA, Emerald, MBE, Omex etc etc) and lists them all as malware, which is annoying, but not as annoying as having a dead computer...

[Andy Banks]

Yup, it's Maleware and a right PITA to fix. There may be some anti-maleware kits out there to do the job for you. What I have noticed it that copies itself all over the place (inc regisrty) and the filenames are all random numbers/letters. There are some good articles on the net that show you how to remove but it can take a while and is not for the faint hearted!

However, I have succesfully removed on the two occasions I've come across this one so all is not lost.

[Dibby]

Do you have backups of all your important files? I'd wipe and re-install Windows if it were my machine .... Windows is a bit like the oil in your car, it fills up with cack and needs replacing every year or so to keep the computer running smoothly.

If you have to keep your Windows installation intact, google for and download Combofix, after that, use Malwarebytes/ Spybot/ Microsoft Security Essentials

Don't pay for virus protection ever. There are free virus scanners out there that do a better job than the Norton/ McAfee with a smaller footprint: Avast or AVG

[Mark Stanton]

Yep its a PITA - I got it via a spurious adobe update     and a few of guys at work had same

best way to get rid is to download something called RKill        works a treat and once rid then you can update your mcaffee and also malwarebytes from malware.org    

[Blatman]

I have recently learned that in spite of Nortons poor reputation as a resource hog and generally being a bit fussy, I now understand better *why* it's a resource hog and fussy, enough for me to be tempted to go back to Norton at some stage...

[Dibby]

Why would that be then?

Never had a virus in the past with free software

[peterg]

QUOTE

enough for me to be tempted to go back to Norton at some stage...

 now you go and wash your mouth out immediately young man for suggesting such a thing    

[Dommo]

Annoyingly, the latest version of Norton is actually quite good!

[Blatman]

Why would that be then?

Never had a virus in the past with free software

I suspect you have half an idea what the score is though.

I was chatting to a security guy recently. His credentials are 100% kosher and part of his job is hacking "enemy" computers. He can get past every firewall known to man except Norton. When I asked about Norton, he guessed the reason I (like many others) ditched it (resource hungry, intrusive etc etc). His point to me was, *why* is it so resource hungry and intrusive?

It's resource hungry because it sits between the O/S and the kernel and *properly* monitors for the footprints of virus' trojans, spyware etc etc, all of which are used by "hackers" to defeat security.

The intrusiveness can be turned down by setting it up properly (which I always did) but like many, a ctrl/alt/delete and a look at the processes running was annoying to see Norton hogging lots of it. I'm not so annoyed now that I have been (apparently) properly educated by an expert in the field...