What I'm concerned about is that AVG is still reporting threats that are identified by Anti-rootkit and I can't seem to remove them. This a serious virus? Not an artifact of having thrown so many tools at the problem? I tried one more round of 'Remove all', reboot, and now I've logged into the secondary account again. So, the system seems to be infected but can't be cleaned by the normal (for me) removal tools. The additional one, the first one in the list was Hidden Driver, path c:\Windows\System32\drivers, Identified by Anti-rootkit. I ran AVG again (whole system scan) and this time it found 60-something threats, all with the X in front of them and all but one was Object:name: idle and Identified by: Anti-rootkit. No more splash screen asking for money to unlock the computer. This time, I logged into the main account where the virus first made itself apparent. Again, I clicked 'remove all' and rebooted. If I chose 'remove all' and then started the scan again, without rebooting then it found more, something in the 60's as the number of threats. I again logged into the secondary account and I ran the same scan again with AVG and the same threats were back. I clicked 'remove all' and again rebooted. I aborted the scan after it seemed to be not finding any more and it had those same threats with X's on them. I clicked the button to 'remove all' and it said this required a reboot.Īfter rebooting and logging into this secondary account again, I had AVG do a whole system scan and right off the bat while it was displaying that is was scanning for Rootkit it flagged 59 threats. The nature of these threats were Object name : idle and all were identified by Anti-rootkit. some of which it seemed to be able to handle and fix (green check marks) but others remained as threats and had X instead of checkmarks.
I then installed and ran AVG (whole system scan) and it found many serious things. I then installed and ran Malwarebytes and it found some serious things which I removed. It found and removed a few things but they didn't appear to be very serious. His main account also has admin privs I used Norton (which was already installed) to scan his computer and it found no problems.
I switched user to another account on his system with admin privs and this account did not have this problem. It provided a link to go to in order to pay money to unlock the computer. The screen had a lot of official text about national security and gave his IP address and quoted a lot of threatening legalese. After booting up and logging in, things would seem to startup normally and then the screen would get taken over by a large splash screen. System particulars: Win 7 Professional, SP1, 64 bit, 4GB ram, MicroElectronics
0 kommentar(er)
