I work at the Boys and Girls Club of America and one of our members managed to get the vitrus mentioned in the topic description on one of our computers. Normally this would be no problem to fix; however, the computer has an Admin password and since the management was changed recently we can not seem to find it. Does anyone know of any creative way to get the proper programs onto the computer or get this thing out with what we have (Macafee). Also, I managed to find a "fake" license that made the program "be nice" for a little bit.

you can kill that from the bios if i'm not wrong

I may be able to access dos, but idk which program/process the program is to kill.

guide made by me ^^
note that this infection will disable the use of .exe files so try what's in red with malwarebytes
e: the process is a random 3 letter name .exe
there are some legit 3 letter name process required to run windows so make sure not to terminate them

How to remove Rogue security software with anti-viruses

First step is to access your computer into safemode.

How to start your computer in safemode:
1. Restart your computer
2. As your computer restarts, press F8 before Windows launches
3. Use the arrows keys and select Safemode
If you still cant access safemode, try in normal mode.

Secondly, download Malwarebytes Anti-Malware located here:
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022%5F4-10804572.html

After downloading Malwarebytes, install it and it should download the updates manually.
Simply run the Full scan and wait for it to finish, if it detects something simply click on remove selected.

Restart your computer in normal mode and your done!


I can't run any anti-virus/anti-malware programs, what do i do?

Most of the rogue security software blocks software execution, meaning it wont let you open any files.
Assuming you already have malwarebytes or another anti-malware on your computer, follow these steps:

First, try renaming the program that you want to open to something like: explorer, userinit, Iexplore (make sure to add .exe if there was one before renaming)

Secondly, if renaming does not work, changing the file extension might.
1. Open my computer
2. Click on Tools - Folder options (if windows vista/7, go in control panel then folder options)
3. Click on the View tab
4. Uncheck Hide extensions for known file types
5. Rightclick the file that you want to open and select rename (note, do not rename the shortcut but the real file instead, the location of the file can be found by rightclicking the shortcut - properties then looking at the Target).
6. Rename the file to (filename).COM (ignore the warning and click OK)
Other file extentions to execute applications incudes .SCR and .PIF (Warning: renaming the file to .pif would be the last thing to do, once you rename it you can't change it back.

Some rogue security software will change the command line of the execution to open itself meaning every time you open a program, it will open the fake AV instead.
To stop this from happening, open your computer in safemode or change the file extension.




if you cant install/download malwarebytes, let me know

This post was edited by ShadowFiend on Aug 2 2011 03:04pm