Cigar Asylum Cigar Forum  

Go Back   Cigar Asylum Cigar Forum > Non Cigar Specialty Forums > Misc > General Discussion

Reply
 
Thread Tools Display Modes
Old 11-22-2009, 06:32 PM   #1
BeerAdvocate
BeerHunter
 
BeerAdvocate's Avatar
 
Join Date: Mar 2009
First Name: Travis
Location: Topeka, KS
Posts: 1,912
Trading: (45)
VR
BeerAdvocate has a spectacular aura aboutBeerAdvocate has a spectacular aura aboutBeerAdvocate has a spectacular aura about
Default Virus Help!!!!

I got a damn virus on my new laptop. It installed some Antivirus Pro program and it wont let me access anything.
I cant go into ad/remove programs, system restore, nothing!!!
A web page pops up that says osadware.com.
Any ideas on how to get rid of it?
__________________
I Brew the Beer I Drink
BeerAdvocate is offline   Reply With Quote
Old 11-22-2009, 06:37 PM   #2
Kreth
Ronin smoker
 
Kreth's Avatar
 
Join Date: Jan 2009
First Name: Jeff
Location: Oneonta, NY
Posts: 3,620
Trading: (14)
Kreth is just really niceKreth is just really niceKreth is just really niceKreth is just really nice
Default Re: Virus Help!!!!

Reboot to safe mode, and do a thorough scan with both your AV and anti-spyware software.
Posted via Mobile Device
Kreth is offline   Reply With Quote
Old 11-22-2009, 06:44 PM   #3
Fumes
Not So Memorious
 
Fumes's Avatar
 
Join Date: Oct 2008
First Name: Tom
Posts: 205
Trading: (0)
Bolivar
Fumes is on a distinguished road
Default Re: Virus Help!!!!

We got this one at work. Nasty bugger. According to our IT guy (All Hail IT Guy!) it's not a virus. It's malware. He used a program called Malwarebytes to remove it. Good luck!
__________________
It has been my experience that folks who have no vices have very few virtues. -A. Lincoln
Fumes is offline   Reply With Quote
Old 11-22-2009, 06:46 PM   #4
MajorCaptSilly
Sklee
 
MajorCaptSilly's Avatar
 
Join Date: Oct 2008
First Name: Scott
Location: Mishawaka, IN
Posts: 2,523
Trading: (30)
Bolivar
MajorCaptSilly has disabled reputation
Default Re: Virus Help!!!!

Quote:
Originally Posted by Fumes View Post
We got this one at work. Nasty bugger. According to our IT guy (All Hail IT Guy!) it's not a virus. It's malware. He used a program called Malwarebytes to remove it. Good luck!
Yep. Download Malware Bytes and run a full scan in Safe Mode. If that doesn't work, try ComboFix.

MCS
__________________
Pillsbury, Minneapolis, Prince, Spoon Bridge and Cherry, coinkydink?
MajorCaptSilly is offline   Reply With Quote
Old 11-22-2009, 06:49 PM   #5
BeerAdvocate
BeerHunter
 
BeerAdvocate's Avatar
 
Join Date: Mar 2009
First Name: Travis
Location: Topeka, KS
Posts: 1,912
Trading: (45)
VR
BeerAdvocate has a spectacular aura aboutBeerAdvocate has a spectacular aura aboutBeerAdvocate has a spectacular aura about
Default Re: Virus Help!!!!

it wont let me access any website in order to download Malware.
Any website I go to, it says its infected.
__________________
I Brew the Beer I Drink
BeerAdvocate is offline   Reply With Quote
Old 11-22-2009, 07:00 PM   #6
pnoon
YNWA
 
pnoon's Avatar
16
 
Join Date: Oct 2008
First Name: Peter
Location: San Diego
Posts: 29,919
Trading: (20)
RA
pnoon has disabled reputation
Default Re: Virus Help!!!!

Quote:
Originally Posted by BeerAdvocate View Post
it wont let me access any website in order to download Malware.
Any website I go to, it says its infected.
Have you rebooted in Safe Mode?
__________________
Be more concerned with your character than your reputation, because your character is what you really are, while your reputation is merely what others think you are.
-John Wooden
pnoon is offline   Reply With Quote
Old 11-22-2009, 07:02 PM   #7
SeanGAR
Crotchety Geezer
 
SeanGAR's Avatar
 
Join Date: Oct 2008
Location: Radford VA
Posts: 911
Trading: (3)
SeanGAR has disabled reputation
Default Re: Virus Help!!!!

Quote:
Originally Posted by BeerAdvocate View Post
it wont let me access any website in order to download Malware.
Any website I go to, it says its infected.
You've tried ALT-CTL-DEL and looking for anything that looks like osadware in the running processes and ending it?

Else, DL the file onto a USB drive on a separate computer. Boot into safe mode .. press F8 when booting. You might have to F8 a few times. access the malware bytes program on the thumb drive and install it then run it.
__________________
How can you have any pudding if you don't eat your meat?
SeanGAR is offline   Reply With Quote
Old 11-22-2009, 08:02 PM   #8
Thrak
.. the man from Nantucket
 
Thrak's Avatar
 
Join Date: Jan 2009
Location: Canton, GA
Posts: 558
Trading: (2)
HUpmann
Thrak is on a distinguished road
Default Re: Virus Help!!!!

sounds like vundo... that sux man... I deal with it at work too..

download malwarebytes, install it, update it, restart into safe mode and run it..

You may also be able to find the process listed in TaskManager like SeanGAR mentioned, I always look for processes with random letters and end those.
Thrak is offline   Reply With Quote
Old 11-22-2009, 08:06 PM   #9
Kreth
Ronin smoker
 
Kreth's Avatar
 
Join Date: Jan 2009
First Name: Jeff
Location: Oneonta, NY
Posts: 3,620
Trading: (14)
Kreth is just really niceKreth is just really niceKreth is just really niceKreth is just really nice
Default Re: Virus Help!!!!

Maybe someone could paste manual removal instructions from a reputable site like Spybot, McAfee, or AVG? I'd do it, but the instructions are way over the clipboard limit for my phone..
Posted via Mobile Device
Kreth is offline   Reply With Quote
Old 11-22-2009, 08:13 PM   #10
Starz26
Adjusting to the Life
 
Starz26's Avatar
 
Join Date: Aug 2009
First Name: Eric
Location: Ohio
Posts: 486
Trading: (22)
Army (Served With Honor)
Starz26 will become famous soon enough
Default Re: Virus Help!!!!

can you access this site: http://www.bleepingcomputer.com/viru...virus-pro-2009

Also, get malwarebytes on a usb drive or something by using another computer if you cannot access it.

Worst case, reformat (typical response)
Starz26 is offline   Reply With Quote
Old 11-22-2009, 08:15 PM   #11
shilala
Dear Lord, Thank You.
 
shilala's Avatar
6
 
Join Date: Oct 2008
First Name: Scott
Posts: 13,721
Trading: (252)
Cuaba
shilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond repute
Default Re: Virus Help!!!!

Reboot in safe mode.
Go to your Local Drive.
Go to Documents and Settings (and choose You).
Go to Local Settings. (If this doesn't appear, go to tools/folder options/view/and click the tab beside "Hidden files and folders" and Apply)
Go to to Application Data
Look there for a nonsense folder that begins with the letter a (forget the string).
It's abeghfdgt or something ridiculous like that.
Inside that folder will be a program called osadware.exe (again, don't remember the exact file name) or something of that nature and it will say it is a Microsoft Corporation file. It is not.
Delete it and it's containing folder.
Empty your recycle bin.
Reboot into your normal mode.
Then be careful where you are getting your torrents.
__________________
shilala is offline   Reply With Quote
Old 11-22-2009, 08:17 PM   #12
shilala
Dear Lord, Thank You.
 
shilala's Avatar
6
 
Join Date: Oct 2008
First Name: Scott
Posts: 13,721
Trading: (252)
Cuaba
shilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond repute
Default Re: Virus Help!!!!

Oh yeah, once you've done that, you'll likely need to do a system restore to the day before you jacked up your rig.
__________________
shilala is offline   Reply With Quote
Old 11-22-2009, 09:07 PM   #13
jledou
Have My Own Room
 
jledou's Avatar
14
 
Join Date: Oct 2008
First Name: Jay
Location: Kansas
Posts: 2,225
Trading: (27)
Punch
jledou has a spectacular aura aboutjledou has a spectacular aura aboutjledou has a spectacular aura about
Default Re: Virus Help!!!!

Fought it at work and BIL fought it a couple of weeks ago. There are a couple of things you can blow it away from the registry (script from symantec to unlock the registry) or there is a dos prompt to kill it and a restore point that will fix it also. More solutions are out there now on google but easier if you search from another computer. Time I fought it, it blocked malwarebytes install.
jledou is offline   Reply With Quote
Old 11-23-2009, 06:50 AM   #14
shilala
Dear Lord, Thank You.
 
shilala's Avatar
6
 
Join Date: Oct 2008
First Name: Scott
Posts: 13,721
Trading: (252)
Cuaba
shilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond reputeshilala has a reputation beyond repute
Default Re: Virus Help!!!!

Quote:
Originally Posted by jledou View Post
Fought it at work and BIL fought it a couple of weeks ago. There are a couple of things you can blow it away from the registry (script from symantec to unlock the registry) or there is a dos prompt to kill it and a restore point that will fix it also. More solutions are out there now on google but easier if you search from another computer. Time I fought it, it blocked malwarebytes install.
It's pretty much advanced to where it blocks all executables, and it hijacks your browser so you can't even do an online scan.
I found it last week, worked out the solution, re-aquired the virus purposely, and retested.
The system restore is a lot easier than cleaning the registry for the browser hooks.
__________________
shilala is offline   Reply With Quote
Old 11-23-2009, 10:26 AM   #15
Starz26
Adjusting to the Life
 
Starz26's Avatar
 
Join Date: Aug 2009
First Name: Eric
Location: Ohio
Posts: 486
Trading: (22)
Army (Served With Honor)
Starz26 will become famous soon enough
Default Re: Virus Help!!!!

I had it about 8 months ago before I installed Kapersky....It was a ***** to remove then, I can only imagine what it is like now.....

Hope you get it all worked out Travis
Starz26 is offline   Reply With Quote
Old 11-23-2009, 11:12 AM   #16
bobarian
Cranky Habanophile
 
bobarian's Avatar
3
 
Join Date: Oct 2008
Location: Wine Country
Posts: 8,869
Trading: (51)
ERdM
bobarian has disabled reputation
Default Re: Virus Help!!!!

There are some sites that can be accessed by typing directly into the address window. Sometimes you can also search by going through a third-party site like a news site. Clicking on links is almost 100% disabled. Its a serious pain and will take some time to get rid of all instances. I used ComboFix and a second program to clear a similar redirect a few months ago. Good luck.
bobarian is offline   Reply With Quote
Old 11-23-2009, 12:43 PM   #17
jledou
Have My Own Room
 
jledou's Avatar
14
 
Join Date: Oct 2008
First Name: Jay
Location: Kansas
Posts: 2,225
Trading: (27)
Punch
jledou has a spectacular aura aboutjledou has a spectacular aura aboutjledou has a spectacular aura about
Default Re: Virus Help!!!!

Quote:
Originally Posted by shilala View Post
It's pretty much advanced to where it blocks all executables, and it hijacks your browser so you can't even do an online scan.
I found it last week, worked out the solution, re-aquired the virus purposely, and retested.
The system restore is a lot easier than cleaning the registry for the browser hooks.
I agree, these pain in the arse people need to invest their time in Linux then it really would bring down MS. Unfortunately though it looks like they are moving towards virus hijacking and ransoming of the computer which is what this is/is leading to.
jledou is offline   Reply With Quote
Old 05-05-2010, 12:10 PM   #18
BC-Axeman
Guest
 
Posts: n/a
Default Re: Virus Help!!!!

My daughter clicked on one of those fake ativirus warnings and downloaded a rouge security malware. It was blocking all attempts to remove it.
I had to boot into safe mode and I ran a program called SuperAntiSpyware from a CD. It removed all the malware plus some adware plus the tracking cookies and a trojan backdoor. I rebooted and ran a Windows Defender full scan and found a couple more evil program files. This took hours. I will run a registry cleaner next.

Those fake antivirus warnings are convincing enough except I get them telling me my Windows files are infected when I'm not running Windows.
  Reply With Quote
Old 05-05-2010, 12:16 PM   #19
dunng
MassHole
 
dunng's Avatar
 
Join Date: Oct 2008
First Name: Greg
Location: MassHole
Posts: 4,719
Trading: (59)
Bolivar
dunng has disabled reputation
Default Re: Virus Help!!!!

Typically you can run either Malwarebytes or Combofix by changing the file name...
__________________
MassHole Banter
dunng is offline   Reply With Quote
Old 05-05-2010, 12:16 PM   #20
Ogre
****CENSORED****
 
Ogre's Avatar
7
 
Join Date: Apr 2010
First Name: Larry
Location: Central Florida
Posts: 12,068
Trading: (46)
Montecristo
Ogre has a brilliant futureOgre has a brilliant futureOgre has a brilliant futureOgre has a brilliant futureOgre has a brilliant futureOgre has a brilliant futureOgre has a brilliant futureOgre has a brilliant futureOgre has a brilliant futureOgre has a brilliant futureOgre has a brilliant future
Default Re: Virus Help!!!!

I am lost when it come to the crap being sent out today. I am lucky, I have an IT friend that I give my lap top to twice a year and he goes through my files and cleans it up. If you cant figure it out, you may have to take it to someone for service.
Ogre is offline   Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -6. The time now is 12:23 AM.


Powered by vBulletin® Version 3.7.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
All content is copyrighted jointly by Cigar Asylum and the content provider.