Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Closed] Computer Virus + Alpha Antivirus


  • This topic is locked This topic is locked
2 replies to this topic

#1 Chase

Chase

    Authentic Member

  • Authentic Member
  • PipPip
  • 81 posts

Posted 12 November 2009 - 03:07 PM

Disclaimer: The virus I have is closing my internet window every time it sees the full spelling of MB's AM, H.JT or AVG, so please don't use them in the thread.

One of my friends has some sort of infection and for the past couple days I've been trying to fix it, but without any luck. The first thing they told me was that Alpha Antivirus had appeared and was telling them that their computer was infected. After doing some research I figured out that Alpha Antivirus was the problem, but I've had no luck in removing it.

If you're unfamiliar with it, the psuedo AV asks for a registration key if you try to uninstall it via the normal control panel method. After that failed, I found a few manual solutions online, but they recommend removing file and registry edits that I cannot locate (I know how to remove registry edits, that's not the issue). The last alternative I found online was a suggestion to use MB's AM. After exploring this route I learned that the program seems to be closing my internet window (IE, Chrome, etc.) every time I go to a site that mentions MB's AM (hence the reason I'm abbreviating), H.JT or A_G. MB's AM was already downloaded onto their computer, but it simply does not run, and neither does HJT. I've tried changing file names and the like but nothing has worked.

The last idea I had was to boot into safe mode in order to run MB's AM, but I get the blue screen of death every single time I try.

Also, I've made sure to do all of these after deleting Alpha.exe from my running processes, but it hasn't had an effect. Can anyone offer suggestions?

    Advertisements

Register to Remove


#2 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 12 November 2009 - 05:37 PM

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


NEXT


Please download DDS from either of these links

LINK 1
LINK 2

and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

NEXT


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 17 November 2009 - 01:31 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users