I got some kind of it from one of Google's "recommended" search results :facepalm:

Anywho, it's taken over my computer. Security Essentials won't update, Windows Updates won't run, it won't let me edit my hosts file, Malwarebytes keeps turning off it's real-time protection and there's a file in my users folder that it won't let me delete.

I've tried the safe mode route, system restore, etc all to no avail. Anyone have any ideas? :facepalm:

Taskkiller.

MSConfig.

Linux.

Seriously, what's the name of the file that won't delete? Google that and go from there.

^Can't believe I forgot Linux LiveCD.

Just be careful. Linux IS able to modify core files, and Windows might not be able to replace it.

I usually run Process Explorer (renamed as iexplore.exe in case other executables are blocked). Then mouse over processes you don't recognize. Locate where they are and what the .exe name is. Kill process. Regedit - search - delete process name items in reg - delete executables - reboot - win, hopefully.

Last one I got was a Google image search with a poisoned photo. Hover over photo, immediately I get a popup stating that my "multimedia system is corrupted. click here to repair." The regedit hack wiped out my machine's ability to run executable files, but a quick trip on the internet got me a script file that reassociated the extensions.

the file I can't delete is named fccu4o20iv.exe. It's in c:\users\Will folder. I googled it but nothing came up. Spybot was able to delete the registry entry that keeps it from running at boot. I also can't set my permissions on my user account to edit/replace the hosts file.

I'll try taskkiller next.

Those random garbage names are usually self-replicating RAM hogs.

Try "cacls". It's the file permission editor of windows, equivalent to "chmod". Read up on that, delete the file, shut down.

Last resort, get a Linux LiveCD,

hirens boot cd will let you scan before windows is loaded, and has many utilites for AV and malware included

edit: forgot link: http://www.hirensbootcd.org/

Those random garbage names are usually self-replicating RAM hogs.

Try "cacls". It's the file permission editor of windows, equivalent to "chmod". Read up on that, delete the file, shut down.

Last resort, get a Linux LiveCD,

didn't work. the command said it processed the file successfully but when I tried to delete it it still said I needed permission. Funny thing is that it said it needed permission from Will (the only account on the PC and the one I'm logged into) to modify it. :think:


hirens boot cd will let you scan before windows is loaded, and has many utilites for AV and malware included

edit: forgot link: http://www.hirensbootcd.org/

Looks neat, will look into that now

Also, the file is the least of my worries right now as it's no longer running in startup. problem is I still can't update windows/malwarebytes/security essentials or a whole host of other things. I'm thinking I may just do a fresh install anyways....

Log in as Administrator or System via the command line?

Yes, the Command Line has/had a bug where you could into the "system" account via the "at" command.

yea I don't know that much about it (read: about 5% familiar with the command line).

I'm just copying everything to an external now and I'll just reinstall. Exported my emails, bookmarks, etc etc.

Be careful.


Don't want to re-infect yourself.

it's all in my c drive and all of the other stuff is in my RAID setup.

I just added meebo.com to my browser's list of Restricted Sites. Now all those dumbass annoying animated-pause-timed spam banners which fill up like half the screen on every single wiki site that's not Wikipedia ... poof, gone, don't even load (they try, but fail mwoohahahaa).

linux is the better way to go, of course. But, yes, the sad reality is that there are times when I must use Windows, and worse, when I must also use Internet Explorer. Restricted Sites works well enough.

Chrome and ScriptNo seem to be working well for me. It's a little annoying as it instantly breaks just about every website, but then you opt in the scripts site by site and script by script and things start working well again. So far I haven't been hit by any more drive-by malware installs.

And the Web of Trust plugin... sheer awesomeness.

I find myself astonished to speak this way ... but ...

Running Win7 and IE8 and I don't get broken sites, I don't get drive-by malware or probs of any kind, maybe once every week or so I get a popup warning that some site is listed as being especially dangerous for mere mortals to visit. The downsides? A performance hit which isn't even noticeable on any post-2005 PC, plus frequent annoyances from Windows Update.

Google has started be become bloat and suck, it all started when they put that annoying black bar across the top ... I fear that one day soon, if google continues to push google's interests ahead of my own, it will no longer be my search engine of choice.

My last drive-by malware was on a Google Image search. Mouse over a picture.... BAM! "Your multimedia system is corrupted. Click here to repair it.". My words... not printable here.

My first drive-by malware? Visit a site, rogue ad, "Antivirus 2010".

Ugh, it was a nightmare to clean out.



And that's when I learned AVG sucks...

I've been happy with Avast - although I'll admit that I jump out of my chair every time the *AWOOGAH AWOOGAH* MALWARE THREAT DETECTED! audio warning kicks in. I know I could turn it off, but lulz.

AVG has failed me before, twice, once with a trojan exe, once with some nasty little pieceof maltrash from lop.com. Don't know if Avast is better, but so far it's been perfect. F-Secure would be my first choice, if it wasn't so costly.

Lavasoft's Ad-Aware finds and cleans all sorts of stuff which gets by the other scanners. Although most of it is "low threat" datamining and such.

I ditched AVG because it made a moderate gaming computer lag worse than a Pentium 3.