help with virus

[shearim]

got infected with some sort of virus on laptop. installed this personal virus program which can not be deleted or unistalled and is not the virus protection I use. can log into home page and as soon as you go to search the site your trying to get to is blocked and this box pops up stating your computer is infected continue unprotected or click here to get protected and it is this personal antivirus that they are trying to get you to use to fix the problem. It is I think blocking my avg from working properly to rid it. Avg says its clean but like I said this crap pops up and blocks everything. cant even continue unprotected. this so called virus protection states that the computer is infected with trojan.win32.agent.azsy and it is a windows pe exe file that is harmed and you need to click here to protect and clean your computer. I have not clicked on it but unsure if children have they say they have not. not even sure if that is the real virus its just what this personal virus program is saying. Again I use avg antivirus not this obviously fake one. Any help would be greatly appreciated.

Moved from Technical Forum Issues.
Sr Moderator allisolm

 

[Harvey]

That is definitely virus/malware behavior. Depending on how bad it is, it may not be easily removed or completely. Searching Google for trojan.win32.agent.azsy gives a lot of links that may help.

If you have your System Restore/Rescue CD/DVD, it may be fastest to wipe the drive and re-install everything from the ground up. I know that's tedious, but so is trying to remove some viruses that don't yield to quick fixes.

If you don't have your System Restore/Rescue disk, the manufacturer may sell them at a relatively low price because your Windows license is with the machine. The disk is just an installation medium to utilize your license.

You can try to export your critical files to another drive or flash drive. If you do, once you have your new system installed AND PROTECTED, scan the external drive before copying your files back to your new installation.

If you want to try to remove the virus, it will help to know which OS you're using.

Good luck.

 

[shearim]

Thank you. I am not very good with repairing computers but I can tell you it has a system restore right in the programs on it. Is that the system restore you are talking about? I also have all the cds that came with it. I think all that is on there that needs to really be saved is photos. Its my daughters laptop. It is windows xp. and we us avg for our antivirus. I will google the virus but just in case do you know a place I can get step by step instructions on redoing the computer back to scratch? I need instructions for computer dummies. lol. I am nervous about doing something wrong. I think you are right about that being the easier route but need help to do it. I appreiciate your help.

 

[tzdk]

Well dont put too much faith in what fake AV detects Seems like yummy for Malwarebytes and SuperAntispyware. These sites could be blocked by infection, if so download from here http://filehippo.com/download_...arebytes_anti_malware/

You can also contact a real removal-forum like http://www.bleepingcomputer.com/forums/forum79.html May be someone around here has that special expert patience and knowhow? They can guide you from A to Z, make sure any bad side effects are removed. Certain Windows functions might not work right now, or have been manipulated - much like your AVG If Malwarebytes know this infection it should do all this, might take a reboot but then back to normal.

Program most likely wants you to make yet another mistake by clicking yes I want to remove "virus". Then you will be encouraged to pay up for pro version which can help you. How they usually works. Should not be that hard to fix.

Did not see your last post. May be an idea to contact one of those forums then. You can run Malwarebytes - can be required before even posting. Program is very good at removal and safe to use. Wont make things worse. If more is needed you will want guidance in details and that is best given by "freaks". Not difficult for you so dont give up.

If you want to Google then use program name as keyword, not output from program. Program is the infection. If you find manual removal guides, links to removal-forums/security sites it is most likely taken care of by Malwarebytes and other tools.

 

[shearim]

any site I try to go to that personal av virus blocks me. I can load the home page and thats it then im blocked from then on. Everything I do im just blocked or it freezes. Im sorry im not helping matters.

 

[tzdk]

Not much you can do. What about a link which should make download window pop up? http://filehippo.com/download/...bbaddc04a4c29bbcc4bb7/ Infection/program is of course trying to prevent you from using tools which can remove it.

Possible another browser lets you go on internet. Depends on infection, everything does. Or you need to disable certain startup entries, browser plugins, whatever it has running. Boot up in safe-mode perhaps. Possible you can put it to temporary sleep right now through task manager. If Windows is truely hosed you might need to approach it from outside, via a bootable cd with AV on it. Dont think so but many questions until details are known. Can be risky to make "wize" suggestions. I recently told a tech-guy to use one of those live-cds but he said it did not remove infection. I was ??? because I had tried on other computer. Turned out tool only reports unless told to remove. I thought he knew or would notice. He know computers though not so much PC infections Panic and impatience = mistakes, possible making things worse!

Im curious about name of that fake Antivirus program but I think you should contact one of those forums. If it is a unique infection as in not possible to remove by usual tools they can still help you. Almost guaranteed success. Dont think this type of infection destroy computer beyond repair - might appear so right now but because it want you to do what you should not. Computer is hijacked that is all

 

[shearim]

the name of the fake anti virus is showing itself as personal av--personal antivirus. shows up in the start menu but when you go into the control panel to add/remove programs its not there. Will also place an icon in the lower right corner of the screen. well gonna try safe mode and that link you posted. Also forum you suggested. if to advanced for me probably gonna take to some one. will copy photos and music anything else can go. all else can be reestablished once puter is back up and running right. thanks for info if you want to know more let me know im glad to share.

 

[tzdk]

This one http://www.bleepingcomputer.co...ove-personal-antivirus ? Standard infection then, no problem. There are tons of these, yours could be a variant of original but more or less the same. Same goal at least.

Does not say much about blocking internet except "Your Internet Explorer browser will be hijacked to show security warnings when browsing the web that stop you from reaching your desired page." Malwarebytes homepage is not desired if you ask those who made PA May this is fixed by closing processes in Task manager or a safe mode. Disable service/startup entries might also do it - using Firefox allow downloads? Or you can copy Malwarebytes installation file to a usb flashdrive and install from there. Malwarebytes can most likely fix this in few minutes.

If lesson is not learned, also about safety level having AV installed, then consider WOT http://www.mywot.com/ Very likely it would have prevented installation of Personal Antivirus in the first place, domain would have been blocked or warned against. Old products like AVG fail with this. Why Malwarebytes can make a living. WOT is a supplement though, not replacement. Also a good chance IE8 or Firefox will block but not as fast as WOT.

 

[shearim]

was able to finally get malewarebytes installed on her computer just had to click quicker than the pop-up window that was blocking evrything couple of attempts and bam was there and downloading. scanning now showing 211 infections. hopefully can fix all the problems. thank you for your help I am going to install it on my computer too. also I use firefox on my desktop and will be installing it on her laptop so she will no longer be using ie. also what is that wot should i install that and use in addition to my avg?? Thats what I thought you were suggesting and will do so following her scan and fix issue. I will also add it to my desk top and i am also going to do it to my other daughters laptop as soon as I find out whats wrong with hers now. Think the hard drive went it will turn on but wont boot up brings up copyright page then this PXE-E61: media test failure, check cable and PXE-MOF: exiting broadcom PXW ROM. I did get into a psa+ pre-boot system assessment test somehow and error code 0141 msg error code 2000-0141 msg no drive detected so hard drive test failed. so I am assuming her hard drive died. Do you have any suggestions or imput on this? I again that you for all you have done and appreiciate everything. I just dont know what my issue is with all our computers deciding to fail all at once but im learning alot sometimes the hard way and sometimes by error but the best has come from you thank you.

 

[exitbs]

I would boot into safemode (HOLD F8 before windows logo boot screen), and then see if you can run your antivirus in there and scan the whole computer for "FAKE" AV apps. Go into your program files folder (C:\Program Files\...) and look for anything suspicious. Don't just delete anything, make sure that its a virus first.

 

[tzdk]

Dont know about that boot problem, Google brings up many suggestions. Think you should post about that in other category, see menu at top left. sff, notebooks or computer help. More people will see, if lucky some will recognize.

When computer appear to be clean may be you should double-check with other antivirus program. Malwarebytes is targeted towards special areas, not all and who knows what else there is? Could try an online-scanner like the one from ESET http://www.eset.com/onlinescan/ when it starts up set it up like on this picture http://i44.tinypic.com/2qu2e02.jpg So it wont remove anything = cant make mistakes. When done you can export results to a textfile, look at the bottom http://i40.tinypic.com/i4lr1z.jpg If nothing major computer should be ok again. If too much in red post content of text file here. ESET will suggest you disable AVG while scanning so do that. I dont know AVG but if you rightclick icon you can probably disable realtime scanner.

Malwarebytes will probably ask for a reboot or 2 since so much is found. Just do what it asks. Do an extra quick-scan do make sure. You can post log-file from Malwarebytes as well. Space is for free so nobody should mind. Or a log-file from Hijackthis. Run http://www.trendsecure.com/por...ownload/HiJackThis.exe click "Do a system scan and save a logfile". When done notepad will pop up with content. Save that as a file, or simply copy and paste content here in forum. Might mess up because of formatting, I dont know. More or less the same you will be asked to at a removal-forum. May be best to let them deal with it but people here have eyes as well Just that it can be hard to explain what to do and in which order. Not so critical since Malwarebytes seem to know what to do - lets hope all is gone.

WOT is just a plugin/add-on for browser - will check sites you visit against a database full of domains with bad intentions. PA did not come out of the blue. If you try to enter a site like personalantivirus.com WOT will block or warn you with an overlay, cant miss it. In settings you decide how sensitive it should be. Sites are colorcoded, from green to red. Click around on the site and see how it works. Can be uninstalled in a flash so no big experiment. However if you have AVG link-checker installed it might interfer. Disable AVGs would be my way of fixing that.

 

[tzdk]

Btw, even if Personal Antivirus was a super program it was still wrong to install because there should not be more than 1 AV-program installed at a time. They tend to conflict. You can probably add Windows Defender from MS as real time supplement for free version of AVG, but have to investigate each program. As a rule dont assume more is better. You might conclude it would be great to throw AV no. 2 on top of AVG since it have missed this PA. But much can be done to help navigate safely. If your daughter has problems separating good from bad sites WOT is a good helper. There are many scam sites/programs. IE8 is just as good as Firefox in blocking so no reason to force Firefox if she is used to IE. Just make sure it is vers. 8 since one of bigger improvements is better blocking. Now also covers "malware" not just "phishing" sites. Does not make WOT redundant though.