[Closed] Possible fake AVG and Security Shield virus

Can I download Farbar to the flash drive from my infected PC or do I need to find another computer?

I cannot find an installation disc.

I have a problem accessing the Advanced Boot Options upon startup. I've tried pressing F8 a number of times, whether holding it down or pressing it repeatedly and neither works. I know that this particular issue is not a new problem because I tried this same thing a long time ago but pressing F8 failed to work. I also attempted pressing Delete to Enter Setup and F12 for Boot Menu which both of those failed to work also upon startup. Maybe it's a problem with my keyboard?

Is backing up files to a disc the samething as a system repair disc? I have Vista and when following the directions of the link you posted I don't come across any "Create System Repair Disc" option. I've tried to search for that option on my computer but can't find one.

The website ends providing a link to download a Windows Vista Recovery Disk, which I do have. Came with the computer and has three disks in the set.

I did not run Kaspersky but it popped up after apparently doing a scan and I figured I might as well post the results.


Computer protection (0)
Information about anti-virus software and firewalls installed on the computer.



Malware (7)

Information about malware detected on the computer.
Kaspersky recommends

1. HEUR:Trojan.Win32.Generic
   wmsng.dll
   c:\Users\Mary\AppData\Roaming
2. HEUR:Backdoor.Win64.Generic
   80000000.@
   C:\Windows\Installer\{8bf7e6e5-22a7-2d02-9ec4-ee60b2f264cd}\U
3. Trojan.Win32.Miner.dw
   data0000.res
   C:\Windows\Installer\{8bf7e6e5-22a7-2d02-9ec4-ee60b2f264cd}\U\00000008.@/
4. Backdoor.Win32.ZAccess.ycs
   80000032.@
   C:\Windows\Installer\{8bf7e6e5-22a7-2d02-9ec4-ee60b2f264cd}\U
5. Backdoor.Win32.ZAccess.mbs
   000000cb.@
   C:\Windows\Installer\{8bf7e6e5-22a7-2d02-9ec4-ee60b2f264cd}\U
6. Backdoor.Win32.ZAccess.ycu
   80000064.@
   C:\Windows\Installer\{8bf7e6e5-22a7-2d02-9ec4-ee60b2f264cd}\U
7. Virus.Win64.ZAccess.b
   services.exe
   C:\Windows\system32

Vulnerabilities (4)

Information about applications and operating system components in which vulnerabilities have been detected.

1. C:\Program Files (x86)\iTunes\iTunes.exe
2. C:\Program Files (x86)\Java\jre7\bin\java.exe
3. C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
4. C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

Other issues (12)

Information about vulnerabilities associated with the settings of installed applications and the operating system.

1. "Autorun from hard drives is allowed"
2. "Autorun from network drives is enabled"
3. "CD/DVD autorun is enabled"
4. "Removable media autorun is enabled"
5. "Windows Explorer - show extensions of known file types"
6. "Microsoft Internet Explorer - disable caching data received via protected channel"
7. "Microsoft Internet Explorer: disable sending error reports"
8. "Microsoft Internet Explorer: delete cookies"
9. "Microsoft Internet Explorer: clear list of pop-up blocker exceptions"
10. "Microsoft Internet Explorer: enable cache autocleanup on browser closing"
11. "Windows Explorer: display of known file types extensions is disabled"
12. "Microsoft Internet Explorer: start page reset"

Kaspersky has found some objects and has asked whether I want to "delete" or "skip" one in particular. The object is "Backdoor.Win32.ZAccess.xps". The option to quarantine is disabled. I tried to take a screenshot but apparently the snipping tool won't work with Kaspersky running. The scan has slowed down significantly after initially running quickly. I don't know if it's waiting for me to select an option for the object it found or not but it's estimated remaining time is 18 hours. It also seems stuck on one object which doesn't appear to be the apparent malicious one it found.

I ran the VirScan for "c:\windows\system32\services.exe" but it wouldn't work. I tried it twice and once left it alone for three hours and there was no sign of progress in it's status bar. I was able to click "ReScan" but that was as far as I got. However, I didn't close Kaspersky and had both running at the same time just in case that matters. I did end up clicking "skip" on the objects that Kaspersky detected and the Kaspersky scan is now moving again and scanning files. So I guess I should just let Kaspersky finish?

Ok the Kaspersky scan is done. Before I click "Disinfect all", I noticed that it has 8 objects listed as "Vulnerability", which includes things like QuickTime Player and iTunes. I was just wondering if those programs would be safe or not after clicking "Disinfect all"?

After clicking "Disinfect all" on the Kaspersky scan, it started disinfection and then upon completion it automatically restarted the computer, I was unable to click "Save" for the report. I reopened Kaspersky but couldn't find any report. There were a number of alerts in lower right hand corner of the screen from Kaspersky while it was disinfecting and I skipped over most of them, did I just ruin the scan and allow malicious objects to still be on my computer by "skipping" over them?

I ran the virustotal.com scan for services.exe and it came up completely clean.

- Well the most recent problem was a few resident shield detections. Though this was before the recent Kaspersky scan we ran that caught a bunch of stuff. One thing that resident shield still catches even after the Kaspersky scan is that services.exe file. I know the scan we ran for that file turned up clean but what do I do about AVG detecting it over and over again?



- Before we started doing the recent string of scans or at least attempts at scans, I posted a photo of a few questionable detections by resident shield including one object that read "May be infected by unknown virus Win32/DH{LgMPNg}". That just sounds odd to me and makes me wonder if it was actually cleaned or not? There was also an object in those detections that was supposedly removed successfully once but then was found again. I'll post a photo of that group of detections.



- I've had a lot of redirects while using Internet Explorer

- Since I restarted the computer after Kaspersky's disinfection, I have a pop up on startup that reads "Windows cannot find '3404752.exe'. Make sure you typed the name correctly, and then try again." Don't know if this is a big deal or not.

- One of the original problems I had was a pop in the lower right hand corner of the screen letting me know that User Account Control was off. I don't know how that happened whether it was part of any original virus or not, and I honestly don't know whether it was always off possibly or not. And now I went to the User Account Control settings and apparently the Control Panel icons and arrangement has changed from when I originally looked for whether it was off or not. I don't know how that happened but anyways it doesn't say whether UAC is off or on explicitly like before, I can still access it but I just can't tell what's it's setting.

- The computer had made great progress and a lot of the original problems were gone and then one day I had a bunch of trouble and one of those things was a malware detection by AVG. I mentioned before but just incase it could help I'll mention it again with a couple of pictures of the alert and the details of the initial alert.





- And I figured I'd just remind that one of the big problems from the start was a questionable alert from AVG's Identity Protection. I thought it might've been a fake but after a few scans, it seemed legit and it was as I moved the threat to the vault, which was listed as a certain backdoor trojan. Immediately after moving the threat to the vault ID Pro followed up with an alert saying it caught some malware. I assume AVG has taken care of those threats but since they seem significant I thought I'd let you know. I do have a photo of the alert, but not the details nor the malware alert that followed the trojan alert.

I took three pictures, one of the overview of the scan results. Another those under "infections" and third, those under "warnings". I didn't get all the objects in "warnings" in one photo since there was like 80 of them, but all are cookies. If you'd like to see the rest of those let me know and I'll take a couple more screenshots.

I noticed that there was one "infection" that wasn't removed or healed, I'm assuming that's the services.exe? It's confusing because there's a green check mark on that object. I left the results open since it has the option to "remove all unhealed", should I click that or leave it alone?