Overclock.net › Forums › Software, Programming and Coding › Networking & Security › [Solved] Something has taken
New Posts  All Forums:Forum Nav:

[Solved] Something has taken

post #1 of 7
Thread Starter 
Hi
A friend of mine has a strange issue on his laptop. The windows security centre icon in system tray is constantly flashing and informing him that there is no AV installed. He has AVG (all up to date) and a full scan reveals no viruses. If he clicks on the icon in systray, it tries to open a webpage directing him to some weird AV app.


Any clues please?

I am about to go see him and run Hijack-This.

TY for any input.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 Asus Lappy GeForce GT520M 4096 
Hard DriveOptical DriveOSMonitor
500GB LG W7=64 ult + Slackware13.1_64 + MineOS HP w2207h 
KeyboardCaseMouse
logitech G11 Fugly, lol logitech mx518 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 Asus Lappy GeForce GT520M 4096 
Hard DriveOptical DriveOSMonitor
500GB LG W7=64 ult + Slackware13.1_64 + MineOS HP w2207h 
KeyboardCaseMouse
logitech G11 Fugly, lol logitech mx518 
  hide details  
Reply
post #2 of 7
he's got the renos virus hoax.

It's a varient on the smitfraud virus and comes in when visiting "certain" websites. The only reliable way i have found of removing this is the latest version of smitfraudfix run in safe mode.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom 9600 BE Asus M3A32-MVP Deluxe Watercooled Saphire 1GB 3870 X2 4 GB DDR2 800 OCZ HTC Reaper 
Hard DriveOptical DriveOSMonitor
2 x WD 500GB SATA 2 2 x SATA DVD-RW Vista Ultimate 32" HD TFT on HDMI 
KeyboardPowerCaseMouse
Saitek Eclipse II Zalman 850 Watt Heatpipe cooled Gigabyte Mercury 3D Genius Navigator 525 
Mouse Pad
Desk 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom 9600 BE Asus M3A32-MVP Deluxe Watercooled Saphire 1GB 3870 X2 4 GB DDR2 800 OCZ HTC Reaper 
Hard DriveOptical DriveOSMonitor
2 x WD 500GB SATA 2 2 x SATA DVD-RW Vista Ultimate 32" HD TFT on HDMI 
KeyboardPowerCaseMouse
Saitek Eclipse II Zalman 850 Watt Heatpipe cooled Gigabyte Mercury 3D Genius Navigator 525 
Mouse Pad
Desk 
  hide details  
Reply
post #3 of 7
Thread Starter 
Quote:
Originally Posted by magus.tsf View Post
he's got the renos virus hoax.

It's a varient on the smitfraud virus and comes in when visiting "certain" websites. The only reliable way i have found of removing this is the latest version of smitfraudfix run in safe mode.
I shall go and try that right-away. +R if you are correct, Magus ^_^
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 Asus Lappy GeForce GT520M 4096 
Hard DriveOptical DriveOSMonitor
500GB LG W7=64 ult + Slackware13.1_64 + MineOS HP w2207h 
KeyboardCaseMouse
logitech G11 Fugly, lol logitech mx518 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 Asus Lappy GeForce GT520M 4096 
Hard DriveOptical DriveOSMonitor
500GB LG W7=64 ult + Slackware13.1_64 + MineOS HP w2207h 
KeyboardCaseMouse
logitech G11 Fugly, lol logitech mx518 
  hide details  
Reply
post #4 of 7
I've dealt with some things like this on some work computers. There is a yellow triangle with ! in it saying there is a virus and when you click it take you to a website to buy some AV software.
The way I removed it was going into safemode and deleting it from the registry and deleting the folders for it on the C: drive, after I figured out what they were called.
But I am sure this does the same thing, just wish I had heard of it earlier.
Mr. Folder
(16 items)
 
   
CPUMotherboardGraphicsRAM
i7 920@4021Mhz ASUS Rampage II Extreme EVGA GTX560 Ti 448 G.Skill 32 GB 
Hard DriveHard DriveCoolingOS
SATA Western Digital 500 GB Samsung 1TB Noctua NH-D14 Windows 7 Ultimate 64bit 
MonitorKeyboardPowerCase
Hanns-G 22" Logitech G105 Corsair 750 watt Lian Li PC-K62 
MouseAudio
Logitech MX1000 Laser Sound Blaster X-Fi Titanium 
CPUMotherboardGraphicsRAM
Intel i7 6700k Z170 Gaming-ITX/ac Intel(R) HD Graphics 530 G.Skill 16GB DDR4-2133 
Hard DriveHard DriveCoolingOS
Samsung PM830 256 SSD 3 x WD Black 4TB, 2 x WD Black 2TB CM Hyper 212 Windows 8.1 Pro 
Case
Fractal Design Node 304 
  hide details  
Reply
Mr. Folder
(16 items)
 
   
CPUMotherboardGraphicsRAM
i7 920@4021Mhz ASUS Rampage II Extreme EVGA GTX560 Ti 448 G.Skill 32 GB 
Hard DriveHard DriveCoolingOS
SATA Western Digital 500 GB Samsung 1TB Noctua NH-D14 Windows 7 Ultimate 64bit 
MonitorKeyboardPowerCase
Hanns-G 22" Logitech G105 Corsair 750 watt Lian Li PC-K62 
MouseAudio
Logitech MX1000 Laser Sound Blaster X-Fi Titanium 
CPUMotherboardGraphicsRAM
Intel i7 6700k Z170 Gaming-ITX/ac Intel(R) HD Graphics 530 G.Skill 16GB DDR4-2133 
Hard DriveHard DriveCoolingOS
Samsung PM830 256 SSD 3 x WD Black 4TB, 2 x WD Black 2TB CM Hyper 212 Windows 8.1 Pro 
Case
Fractal Design Node 304 
  hide details  
Reply
post #5 of 7
no probs, if after you run the smitfraudfix the icon is still there then it will be a new variant (they appear almost every week at the moment). The virus creates several registry entries and a constantly renamed dll file so they can be a right bugger to remove.

If this is the case then download Superantispyware which will get rid of what's left.
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom 9600 BE Asus M3A32-MVP Deluxe Watercooled Saphire 1GB 3870 X2 4 GB DDR2 800 OCZ HTC Reaper 
Hard DriveOptical DriveOSMonitor
2 x WD 500GB SATA 2 2 x SATA DVD-RW Vista Ultimate 32" HD TFT on HDMI 
KeyboardPowerCaseMouse
Saitek Eclipse II Zalman 850 Watt Heatpipe cooled Gigabyte Mercury 3D Genius Navigator 525 
Mouse Pad
Desk 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom 9600 BE Asus M3A32-MVP Deluxe Watercooled Saphire 1GB 3870 X2 4 GB DDR2 800 OCZ HTC Reaper 
Hard DriveOptical DriveOSMonitor
2 x WD 500GB SATA 2 2 x SATA DVD-RW Vista Ultimate 32" HD TFT on HDMI 
KeyboardPowerCaseMouse
Saitek Eclipse II Zalman 850 Watt Heatpipe cooled Gigabyte Mercury 3D Genius Navigator 525 
Mouse Pad
Desk 
  hide details  
Reply
post #6 of 7
Thread Starter 
Quote:
Originally Posted by magus.tsf View Post
no probs, if after you run the smitfraudfix the icon is still there then it will be a new variant (they appear almost every week at the moment). The virus creates several registry entries and a constantly renamed dll file so they can be a right bugger to remove.

If this is the case then download Superantispyware which will get rid of what's left.
Your first solution was pixel-perfect

many thanks and +r

although his wireless is now borked, lol, so am going back later.

(edit - for some reason I cannot rep you atm... but I will; promise)
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 Asus Lappy GeForce GT520M 4096 
Hard DriveOptical DriveOSMonitor
500GB LG W7=64 ult + Slackware13.1_64 + MineOS HP w2207h 
KeyboardCaseMouse
logitech G11 Fugly, lol logitech mx518 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 Asus Lappy GeForce GT520M 4096 
Hard DriveOptical DriveOSMonitor
500GB LG W7=64 ult + Slackware13.1_64 + MineOS HP w2207h 
KeyboardCaseMouse
logitech G11 Fugly, lol logitech mx518 
  hide details  
Reply
post #7 of 7
Quote:
Originally Posted by newphase View Post
Your first solution was pixel-perfect

many thanks and +r

although his wireless is now borked, lol, so am going back later.

(edit - for some reason I cannot rep you atm... but I will; promise)
No probs, glad you got it sorted, if you need any help with the wireless problem let me know
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom 9600 BE Asus M3A32-MVP Deluxe Watercooled Saphire 1GB 3870 X2 4 GB DDR2 800 OCZ HTC Reaper 
Hard DriveOptical DriveOSMonitor
2 x WD 500GB SATA 2 2 x SATA DVD-RW Vista Ultimate 32" HD TFT on HDMI 
KeyboardPowerCaseMouse
Saitek Eclipse II Zalman 850 Watt Heatpipe cooled Gigabyte Mercury 3D Genius Navigator 525 
Mouse Pad
Desk 
  hide details  
Reply
My System
(13 items)
 
  
CPUMotherboardGraphicsRAM
Phenom 9600 BE Asus M3A32-MVP Deluxe Watercooled Saphire 1GB 3870 X2 4 GB DDR2 800 OCZ HTC Reaper 
Hard DriveOptical DriveOSMonitor
2 x WD 500GB SATA 2 2 x SATA DVD-RW Vista Ultimate 32" HD TFT on HDMI 
KeyboardPowerCaseMouse
Saitek Eclipse II Zalman 850 Watt Heatpipe cooled Gigabyte Mercury 3D Genius Navigator 525 
Mouse Pad
Desk 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › [Solved] Something has taken