Wendig0
Posts: 1,156 +146
[Solved]Particularly frustrating virus
This is going to be long, so I apologize.
After an all day raiding marathon on WoW, I needed a nap. When I woke up and went back to my computer, I had several popup windows advertising "Win 7 Internet Security 2011" plastered all over my screen. Firefox 4 was also running because it was left open during my nap.
I'm smart enough to know not to click on anything like that, and so I killed firefox in my task manager processes thinking it would close the popup windows. It didn't.
At that time, I noticed a process that was unknown to me called "HPF.exe (steam)". As soon as I killed that process the popups went away. I then attempted to access firefox again so that I could ultimately come here and follow the steps for virus removal. No joy though. Every webpage was taking me to "Win 7 Internet Security 2011" spam.
From here I disabled my internet connection through Avast Internet Security v6, and unplugged my computer from the router. I couldn't have this bug infecting my other systems (which have checked out to be clean). I rebooted into safemode, and attempted to run MalwareBytes, though it wouldn't open. I then ran SuperAntiSpyware (free edition) and it came back with 3 instances of "Trojan.Agent/Gen-FakeAlert(Steam)", which got me thinking about "HPF.exe (steam)". I cleaned them with SuperAntiSpyware and rebooted back into safemode again. I then ran a full scan with Avast and found 2 more instances, which Avast couldn't clean.
I still couldn't access the internet, so I called Avast, and they had me go through the registry, although I couldn't even access the registry. My whole system turned against itself, and the only thing I could think of doing, after 2 days of scanning and cleaning, was to start from scratch and format everything.
After reinstalling windows, all my drivers, avast (from a file on my external drive), and my games, Avast told me it was time to renew. When I tried going to avast.com, I got a message saying the connection had been reset. I checked the status of the site, and it seems to be working for everyone but me. I checked my hosts file, and avast isn't blocked, so now I am here to follow the 8 steps.
tl;dr - Nasty virus, can't fix it, format and reinstall windows, still having problems, need help.
Attached is my mbam log.
*edit* Missed the part about pasting the logs. ... Here is the mbam log.
MBAM log
_________
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6185
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
3/27/2011 1:47:09 PM
mbam-log-2011-03-27 (13-47-09).txt
Scan type: Quick scan
Objects scanned: 158052
Time elapsed: 2 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
This is going to be long, so I apologize.
After an all day raiding marathon on WoW, I needed a nap. When I woke up and went back to my computer, I had several popup windows advertising "Win 7 Internet Security 2011" plastered all over my screen. Firefox 4 was also running because it was left open during my nap.
I'm smart enough to know not to click on anything like that, and so I killed firefox in my task manager processes thinking it would close the popup windows. It didn't.
At that time, I noticed a process that was unknown to me called "HPF.exe (steam)". As soon as I killed that process the popups went away. I then attempted to access firefox again so that I could ultimately come here and follow the steps for virus removal. No joy though. Every webpage was taking me to "Win 7 Internet Security 2011" spam.
From here I disabled my internet connection through Avast Internet Security v6, and unplugged my computer from the router. I couldn't have this bug infecting my other systems (which have checked out to be clean). I rebooted into safemode, and attempted to run MalwareBytes, though it wouldn't open. I then ran SuperAntiSpyware (free edition) and it came back with 3 instances of "Trojan.Agent/Gen-FakeAlert(Steam)", which got me thinking about "HPF.exe (steam)". I cleaned them with SuperAntiSpyware and rebooted back into safemode again. I then ran a full scan with Avast and found 2 more instances, which Avast couldn't clean.
I still couldn't access the internet, so I called Avast, and they had me go through the registry, although I couldn't even access the registry. My whole system turned against itself, and the only thing I could think of doing, after 2 days of scanning and cleaning, was to start from scratch and format everything.
After reinstalling windows, all my drivers, avast (from a file on my external drive), and my games, Avast told me it was time to renew. When I tried going to avast.com, I got a message saying the connection had been reset. I checked the status of the site, and it seems to be working for everyone but me. I checked my hosts file, and avast isn't blocked, so now I am here to follow the 8 steps.
tl;dr - Nasty virus, can't fix it, format and reinstall windows, still having problems, need help.
Attached is my mbam log.
*edit* Missed the part about pasting the logs. ... Here is the mbam log.
MBAM log
_________
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6185
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
3/27/2011 1:47:09 PM
mbam-log-2011-03-27 (13-47-09).txt
Scan type: Quick scan
Objects scanned: 158052
Time elapsed: 2 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)