Wei's tips: rogue virus leading to antispy-guide.net

Friday, May 28, 2010

rogue virus leading to antispy-guide.net

My wife's computer was infected by a rogue virus. It's constantly asking to buy anti-virus software from antispy-guide.net. And it blocked the execution of other program by saying they are infected.

The only exception is browser. You can still open a browser. Apparently, they don't want to block the way so that the infected user can purchase their software.

Here is how I dealt with it:

In explorer, copy \windows\system32\taskmgr.exe to some other place. Then rename it as firefox.exe and run it. Now the task manager appears. In the task manager find and kill a process with a very strange name which unfortunately I forgot what exactly it is. And I also deleted the corresponding .exe file from the file system.

Now everything is back to normal. I am not sure this is a permanent fix. But so far so good.

34 Comments:

JFowler said...: I also have this virus on my computer but I am confused by your instructions on how to fix the problem. You said In explorer, copy/windows/system32/tackmagr.exe and put it someplace else. I am unable to "copy" that program, the virus software seems to block that abilty. Also, where do I need to copy the program to?; 9:08 PM
hwianshirt said...: The damn thing got me too. Panda Antivirus has been fighting it for hours to no avail. Your trick definitely worked to get in to task manager but if you could remember what to look for itwould be a big help.
JFowler, I just typed it in explorer like it was a website then hi-lighted it and it asked to save it. I saved mine to desktop for easy access.; 2:05 AM
Paul said...: Asam is one of them
Everything described kernel verifier; 1:30 AM
Paul said...: Thanks for your idea, it worked. I am able to run system restore now and trying it now. Time to get a Mac I think.; 1:34 AM
Issac said...: In my case the spyware file was located in C:\Documents and Settings\YOUR_USER_NAME\Local Settings\Application Data\bqvhvdkud\nvfhtbctssd.exe

Folder "bqvhvdkud" may be different on your PC. Make sure you have changed your Windows settings to show hidden files.

If you are not sure, You can boot up the PC in safemode (F8) and browse to the above folder and rename the file or folder to nvfhtbctssd.exe-old .; 9:34 AM
Issac said...: This comment has been removed by the author.; 9:34 AM
705RupertJ_Brobst0 said...: This comment has been removed by a blog administrator.; 10:08 AM
建霖 said...: hello~ nice to meet u..............; 5:47 PM
07_TeddyF_Silvey0 said...: first catch your hare, then cook him. ..................................................; 12:31 AM
佩GailBohanan1蓉 said...: Lets cross the bridge when we come to it............................................................; 1:06 PM
adkinsra said...: good post..................................................; 11:33 PM
林奕廷 said...: 來幫你衝一下人氣,幫你推推推......................................................................; 11:13 PM
LesW_Saulsbu信豪 said...: 生存乃是不斷地在內心與靈魂交戰；寫作是坐著審判自己。......................................................................; 2:35 PM
原秋原秋 said...: Poverty is stranger to industry.....................................................................; 11:38 PM
湘均湘均 said...: It takes all kinds to make a world.............................................................; 1:40 PM
吳婷婷 said...: 人生是故事的創造與遺忘。............................................................; 4:56 AM
欣怡 said...: 這麼用心的經營你的文章, 當然值得我們留連拜訪的！..................................................; 3:17 PM
JasonBirk佳琪 said...: Quietude is the crown of life.............................................................; 5:32 PM
姿柯瑩柯dgdd憶曾g智曾 said...: 一個人的際遇在第一次總是最深刻的，有時候甚至會讓人的心變成永遠的絕緣。............................................................; 11:11 PM
姿柯瑩柯dgdd憶曾g智曾 said...: blog有留言互動才好玩~~希望留言能支持您的更新動力!!!............................................................; 6:12 AM
楊儀卉 said...: Riches serve a wise man but command a fool.............................................................; 9:37 PM
潘凱花潘凱花 said...: 鞋匠能作好鞋子，因為他只做鞋，不做別的。..................................................; 4:33 PM
冠宇DeonKilgore0 said...: 道歉是人類一定必要的禮節..................................................; 5:43 AM
徐俊賴靜雯賢 said...: 時間就是塑造生命的材料。．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．; 1:31 AM
奕蕭君 said...: 「仁慈」二個字，就能讓冬天三個月都溫暖。..................................................; 5:07 AM
承王蓁 said...: 好的blog值得一推再推，要愈來愈好哦!!!!..................................................................; 11:04 AM
文王廷 said...: Learning makes life sweet.......................................................................; 2:03 AM
王辛江淑萍康 said...: 這一生中有多少人擦肩而過？而朋友是多麼可貴啊！......................................................................; 10:19 PM
bokk said...: 你的努力我們都看見了--支持你..................................................................; 5:55 AM
淑君韓淑君韓淑君韓 said...: 好文不寂寞～支持!!!!@@a 搞錯了，這不是論壇推文 XDDD............................................................; 7:26 PM
王辛江淑萍康 said...: 拒絕冒險和成長的人，終將被生命的潮流陶汰。..................................................; 8:18 PM
忠姜姜姜蓮 said...: Judge not a book by its cover.. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .; 12:14 AM
黃英吳思潔吳思潔邦 said...: 時間就是塑造生命的材料。．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．．; 7:05 AM
偉DimpleHolloway043昀 said...: 在莫非定律中有項笨蛋定律：「一個組織中的笨蛋，恆大於等於三分之二。」............................................................; 9:40 PM

Wei's tips

Friday, May 28, 2010

rogue virus leading to antispy-guide.net

34 Comments:

About Me

Previous Posts