Help Please, System Security Virus

[DerekD]

I need some help with getting rid of the System Security Virus. One of our computers here at my work was infected with it and I have tried getting rid of it with no luck.

I have searched online on the best ways to remove it and they all point to Malwarebytes. The problem is I can't run Malwarebytes as I get an error that says "This System Administrator has set policies that prevent this installation".

So I ran Avast Anti Virus since I was able to do that, it caught a couple of Adwares and what not but it did not remove this virus.

I have tried installing other Anti Virus Softwares and it will not let me. This is also all being done in Safe mode.

In regular Windows I can't do anything as any program I try to open I get a message from System Security that the program is infected and it will start to scan prompting me to pay and what not.

Any help would be greatly appreciated!!

 

[tystanwick]

It sounds like you have a rootkit. If you can get online, download combofix here:

https://www.techspot.com/downloads/5587-combofix.html
or here:
http://www.forospyware.com/sUBs/ComboFix.exe

When saving combofix to your PC, rename it to 123.com so malware won't disable it. Launch combofix (now titled 123.com), allow it to download and install the Recovery Console if it prompts you. Once the scan starts, DO NOT TOUCH YOUR PC, clicking anywhere while combofix is running is enough to make your system become non-responsive. Be forewarned that combofix will make your desktop dissapear and will also reboot your PC as needed. This is normal.

Once combo fix is done, post its logfile and a HJT logfile here, please.

 

[DerekD]

Ok I went ahead and did what you said, it appears to have fixed the problem? Is there anything else I need to do. The computer seems to work fine again. I attached the log.

I really really appreciate the help!

 

[tystanwick]

Looks like you had a fairly heavy infection. If you could, please download and run HJT:

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Once HJT is open select "Do a System Scan and save a log file"
Then post the log file here..will give me a better idea of *if* your pc needs anything else.

 

[DerekD]

Ok ran High Jack This, here is the log.

Thank You.

 

[tystanwick]

Looks clean. You should be all set.

 

[DerekD]

Wow great thank you for helping me out. If you ever need any automotive performance parts let me know as that is what I do.

On another note, I have some adware on my personal laptop at home that I can't seem to get rid of. Every time I click on a link on Google it redirects me to another website. I have tried Malwarebytes, Search & Destroy, Avast, and some others. Nothing has been able to get rid of it. Do you have any suggestions or ideas on what I could do?

 

[tystanwick]

DerekD- I might just have to take you up on that sometime.

For the laptop I would use the exact same proccess. That google link redirector is usually a variant of the SKYNET virus. Combofix should be able to clean that up no problem.

 

[DerekD]

Ok will try that here in a few and let you know.

As for the parts whenever you need something just send me a PM on here.

Thank You,

Derek

 

[mcluke633]

Hi,

I'm working on a friend's laptop and it's infected with the System Security virus. I've tried the advice given above and it isn't working. I'm able to download the .exe file which I named 123.com. It asks if I want to proceed due to it being an unknow file. I click 'yes' so then it starts the installation process. Two windows pop up which are immediately "killed". Then the installation process is stopped. Is there any way around this? I feel like I've tried everything at this point... except reformatting the hard drive. Are there anymore suggestions? Thanks.

 

[snowchick7669]

mcluke633,

I would suggest making your own thread with your problem as your issue may seem the same but need different instructions

It saves confusion and possible overlooking of the thread.