My dads computer was infected with this last week. I thought i'd got rid of it, but no such luck :dry:

He rang me tonight saying that it was popping up on most webpages trying to install itself again when you try to close it down. Does this sound like his computers infected with it again and has it also hijacked his browser :unsure:

What i'm asking really is how the feck do i get rid on this once and for all. When i ran AVG it got rid of it but the internet browser was still hijacked. Everytime time i tried to set the security setting bar to the middle and then clicked apply i shut down IE and opened it up again the bar had gone back down to the bottom on the cookie settings. Windows defender did something and it seemed to fix it, but i think it back again :dry:

Thanks in advance :D

maybe the way posted here : http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009 will do it ..
hope this helps.

i have faced this problem twice in the last week , tried every possible thing but all of them were useless , so i went to format my tow PCs and that soved the problem :) , i know that's not a good solution but there were no other options for me .

This virus is everywhere! Whats the best way of getting rid of this shit (without getting even more of it)?

I'd like to solve this problem without the old re-format if possible :smilie4:

I had to reformat too, I tried everything but nothing works with it.

Running smitfraudfix, then combofix and going through add/remove programs should almost clean everything. Then install/update AV and do a full scan. There was no infected computer I could not clean if I had internet access when I was cleaning systems.

For some really tough trojans/viruses you need to use autoruns and process explorer and the windows cacls command to deny access to them and so that your AV can remove them.

for example in windows XP:

cacls c:\wndows\virus name.exe /p guest:n

Would make it so that the virus does not load the next time windows reboots because the user won't have rights to load the file. Then the AV can detect and delete the file. But you need the name and location of the infected file for this which can be found by using Autoruns and process explorer.

Process explorer will show you all running processes including viruses. You can kill the process and simply delete the infected file this way. Autoruns is used to uncheck the trojans/viruses so that windows does not load them on the next reboot and scanners like Smitfraudfix and Combofix will scan, detect and delete infections. Much more effective than Antivirus software. You want to run these 2 before the AV. Also remove as much as you can from add/remove programs.

Its funny but a friemd brought over a computer with the same Antivirus 2009 crap . I remember SMITFRAUD from this post and ran in safemode .


Problem seemed solved till I use google search , I'm getting some weird pages loading from search engines I'v never heard of . I ran TuneUp 2008 Start Up Manager and deleted but dam as I'm typing I'm getting some weird web pages .


Oh well back to the drawing board , I'm going to try Trojan Hunter see what it finds .

Ya Hiyackthis may help :

l


Found Three Browser Helpers with Trojan Killer but can't delete ! After a reboot I find Zamgo or Zango trying to reinstall and its going to be hard to get it . I'm moving on to Hyjackthis . Crap if my computer I'd just nuke it .

http://www.merijn.org/programs.php


Wow this thing is a lil bugger , took two try's type this .

It's probably coming back through a dll somewhere... most likely one with a generated name.
You could give SuperAntiSpyware a go; I've found it very smart in the past.

try removing it 4 the reg.

You have to run both Smitfraudfix and Combofix

They both do an amazing job together. Then install/update and run superantispyware. Then if you have IE7 make sure to reset IE settings, IE7 has a reset button that resets everything to default. Last you can run a virus scan. Like I said for some stuff you need to use Autoruns and Process explorer and cacls to get rid of it.

I was given computers that would not load to windows and I fixed them doing a manual system restore then cleaning them up. I was given computers that would not load the desktop and I fixed them. PCs with access denied errors when trying to load programs and I fixed them. the tools I mentioned are simply the best of the best.

Got it ! Took awhile tho as Its not my computer so the start up programs give me some pause .



Its funny eh , took 4 programs to fix it . Ran Smitfraudfix , Trojan Killer ,Hijackthis and installed ESS to finish it off . Very tough that Zangosa .


@ saulin, I did n't try Combofix that might of saved me a few steps .:pinch:

send the file to kaspersky they will find a cure.

send the file to kaspersky they will find a cure.

Won't they be infected then :unsure:

send the file to kaspersky they will find a cure.

Won't they be infected then :unsure:

Ya why don't they fix the fricken thing in the first place . I pay good money for their security , oops I don't pay for anything ... :naughty:

kaspersky is good.

i sent n.vbe and driver guard to them and they found a cure for them.send it as a zip file.

use good anti virus like BitDefender Internet Security 2008 ... ur problem will solved with 98% :D ...

well i have used BitDefender Internet Security 2008 b4 it takes up too much of sys memory

kaspersky is good.

Ya very good , but they protect their software license too good in my opinion . You know what I mean , nudge nudge wink wink from a blind horse . :whistling

kaspersky is good.

they protect their software license too good in my opinion . :whistling

@peatmoss
Still I don't agree with that:happy: becoz my pirated KIS 2009:naughty: key is still working. 299 days remaining:P

Honest to god ..

The EASIEST way to get rid of this virus is use ANY of the two following programs:
1.) Spybot Search & Destroy v.160
2.) Spyware Detector

Thank me later.

thanks

sounds like a job for "vundofix"..you gotta know the name of the dll file or files causing the problem tho..checking the system/system 32 folders and monitoring running processes can reveal the name sometimes..checking browser addons, checking dates of when files are created and last used knowing you didn't install anything..files with weird stupid names like "glajhlfahg.exe/.dll" <--made that up lol

this is the program i always use to remove browser hijackers that keep regenerating on reboot or are hidden

Ok...Download kaspersky Internet software and do an update then run a full scan then u will have the problem fix up...the only anti virus program that actually really works is kaspersky.

Ok...Download kaspersky Internet software and do an update then run a full scan then u will have the problem fix up...the only anti virus program that actually really works is kaspersky.Posts like this aren't helpful; no singular anti-malware program is guaranteed to cure all problems or detect new threats.

I use Kaspersky myself - even paid for it - but I know it's not the be-all and and-all of computer security.
Indeed, I have spent a week trying to nail down what looks like a new vundo variant and a trojan that were extremely resilient.

cacls c:\wndows\virus name.exe /p guest:n
Thanks for that little tip - finally think I've got a laptop sorted. :)