Computer Hope

Software => Computer viruses and spyware => Topic started by: Suzanne on September 28, 2007, 07:52:25 AM

Title: HELLLLLLP!!! My mother F-ed up my laptop!!!!!!!!!
Post by: Suzanne on September 28, 2007, 07:52:25 AM
Somebody, Please help me. While I was at work - a window popped up while my mother was using the computer and she downloaded some crap that won't even let me get into my control panel to remove the program. All my personal access to my own computer is GONE!!! It keeps telling me to contact my system administrator. It's called the AVSystemCare - some spyware of sorts.

I am trying hard not to go berserk on my mom - Although I have warned her so many times against this stuff....now she is just looking at me and saying, "Oh, I don't know, go fix it." That doesn't sit well with me, as you might imagine.

Does anyone have some advice for me??? PLEASE???
Title: Re: HELLLLLLP!!! My mother F-ed up my laptop!!!!!!!!!
Post by: Amrykid on September 28, 2007, 08:16:32 AM
press windowskey + r and type in appwiz.cpl, and press ok, that will open the add and remove programs part of control panel.
Title: Re: HELLLLLLP!!! My mother F-ed up my laptop!!!!!!!!!
Post by: 2k_dummy on September 28, 2007, 08:19:28 AM
Try a system restore. Try to remove it in safe mode.
Title: Re: HELLLLLLP!!! My mother F-ed up my laptop!!!!!!!!!
Post by: Suzanne on September 28, 2007, 08:37:41 AM
This virus has blocked me from access my Add/Remove Programs. I can't even get into my Control Panel. The icon doesn't even show anymore. I can't check my emails either.

How do I remove it in Safe mode? i don't know what that means - I'm having no luck with getting rid of this virus.
Title: Re: HELLLLLLP!!! My mother F-ed up my laptop!!!!!!!!!
Post by: unlovedwarrior on September 28, 2007, 09:12:24 AM
 read  (http://www.saviour-pc.com/forums/view.php?pg=malware_guide) and follow, google spybot search and destroy

then read  this  (http://www.saviour-pc.com/forums/view.php?pg=win_guide)
Title: Re: HELLLLLLP!!! My mother F-ed up my laptop!!!!!!!!!
Post by: kbm292 on September 28, 2007, 11:15:44 AM
To boot into safe mode what you have to do is reboot your computer and press F8.  You can keep pressing it to make sure if you want to.  Then you will have a DOS screen with some options.  Choose "safe mode".  Then once your computer boots up try to access control panel from there.  Also run your anti virus and anti spyware scans from safe mode as well.

ps:  It's normal to have some text scroll by on a black screen when booting into safe mode.  Also if it seems like it's freezing don't touch it.  Some take longer to load then others.  Good luck.
Title: Re: HELLLLLLP!!! My mother F-ed up my laptop!!!!!!!!!
Post by: contrex on September 28, 2007, 11:37:10 AM
AVSystemcare is a fake "computer security" program that gives false warnings of security threats in order to induce people to buy a paid for version.

The application reports the presence of the following fake threats:

    * Trojan.Backdoor.IROffer
    * Trojan.Spy.DKangel

The user is then prompted to pay for a full license of the application in order to remove the fake threats.

This is how to remove it. If you do not feel competent to follow these steps (they involve dealing with the registry and if you do this wrongly you could make things worse!) I STRONGLY suggest you either find someobody you trust to do it properly, or take the laptop to a computer repair company and get them to do it, and present your mother with the bill. Don't let your mother use the laptop in future.

   1. Disable System Restore (Windows Me/XP).
   2. Update your antivirus software definitions. (You do have antivirus?)
   3. Run a full system scan.
   4. Using Regedit, navigate to and delete the following subkeys:

      HKEY_ALL_USERS\Software\AVSystemCare
      HKEY_CLASSES_ROOT\AVPGIntegrator.IEIntegrator
      HKEY_CLASSES_ROOT\AVPGIntegrator.IEIntegrator.1
      HKEY_CLASSES_ROOT\AppID\PopupG.DLL
      HKEY_CLASSES_ROOT\AppID\{7F7775D5-1EC8-4c0d-9BD7-6F3380959861}
      HKEY_CLASSES_ROOT\CLSID\{C4514FE1-54AA-42f0-B212-BA8065206F8F}
      HKEY_CLASSES_ROOT\CLSID\{D3B4C621-6024-410b-9F0F-22CBD6981F5E}
      HKEY_CLASSES_ROOT\G.Object
      HKEY_CLASSES_ROOT\G.Object.1
      HKEY_CLASSES_ROOT\Interface\{D961C9CA-59B3-46DD-9CEE-47714CFE2831}
      HKEY_CLASSES_ROOT\TypeLib\{55B49019-E69E-47FD-A67F-F28D83E5B695}
      HKEY_CLASSES_ROOT\TypeLib\{7F7775D5-1EC8-4C0D-9BD7-6F3380959861}
      HKEY_LOCAL_MACHINE\SOFTWARE\AVSystemCare
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3B4C621-6024-410B-9F0F-22CBD6981F5E}
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UGA6P_is1
      HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products\AntiVirus
      HKEY_LOCAL_MACHINE\SOFTWARE\uga6pcw
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\AVSystemCare
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AVSystemCare
      HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\FOPF

   5. Navigate to and delete the following entries:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\"atf_reinstall" = "%ProgramFiles%\AVSystemCare\atf.exe"
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"AVSystemCare" = "%ProgramFiles%\AVSystemCare\pgs.exe"
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"rtasks" = "%ProgramFiles%\AVSystemCare\rtasks.exe"
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"uga6pcw" = "%ProgramFiles%\Common Files\AVSystemCare\atf.exe"
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls\"%ProgramFiles%\Common Files\AVSystemCare\"UGaChk.dll" = "1"

   6. Restore the following registry entries to their original values, if required:

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\"AntiVirusDisableNotify" = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\"AntiVirusOverride" = "1"

   7. Exit the Registry Editor.
   8. Re-enable System Restore.

Title: Re: HELLLLLLP!!! My mother F-ed up my laptop!!!!!!!!!
Post by: Fed on September 28, 2007, 02:33:35 PM
AVsystemcare is one of the programs that RogueRemover (http://www.malwarebytes.org/rogueremover.php) targets so give it a try if your unsure about editing your registry.
If you decide to edit your registry take care and backup before you start.
Title: Re: HELLLLLLP!!! My mother F-ed up my laptop!!!!!!!!!
Post by: elxr06 on September 29, 2007, 03:51:03 PM
Suzanne, if you're using windows vista or windows XP, then create a GUEST account. That way, if you ever let your mom use your computer, she logs in as a guest so she can't mess with your files.

I believe you can find a way to restrict certain things so that she can't unknowingly change settings on your computer or make it not work...