Terminalcoffee discussion

Something just appeared yesterday. Message 1 says: application cannot be executed. The file googleupdate.exe is infected. Do you want to activate your antivirus software now?
Message 2: ANTIVIRUS SOFTEWARE ALERT. Infiltration alert: your computer is being attacked...(etc). Says it's being attacted in a particular place by Bankerfox.A.

I looked up bankerfox.A on the net yesterday and what I found said ignore these warnings. And I know better than to say "yes" when it asks if I want to activate anything. I've run McAfee twice and McAfee isn't finding anything. The problem, other than these messages continuously flashing, is that they keep me from opening most of my programs. I can't open system restore, which is my usual go-to for this kind of trouble. I also can't open any of my media programs, which really makes a girl cranky.

So anybody got any clues?

Go here and do a scan/cleanup. That's a good place to start anyway. You're smart not to accept anything that comes from a popup like that.

http://onecare.live.com/site/en-us/de...

It's a trojan.

Trojan?

way screwed up. It's telling me this won't work because I don't have the right operating system. I DO have the right one. This virus is blocking everything i'm trying to do.

Rebecca, reboot your computer in safe mode, and do a system restore. You have to restore it to a date before the virus entered your system

how do I get to safe mode? It even let me into most of my files.

What operating system do you have?

windows 7

From the micrososft site:

If your computer has a single operating system installed, press and hold the F8 key as your computer restarts. You need to press F8 before the Windows logo appears. If the Windows logo appears, you will need to try again by waiting until the Windows logon prompt appears, and then shutting down and restarting your computer.

thanks Britt - I'll be back with an update soon.

Larry wrote: "Trojan?

"

Rebecca, this sounds exactly like what happened to me. I was able to figure out the name of the offender by hovering my mouse over a link they wanted me to click on to buy "virus removal software." Once I knew the name, I googled it and went to various tech forums and found out as much about it as I could. (I had to go to the library to do this because I wasn't aware that there is a safe mode with networking, which allows you to go online in safe mode.) I found a specific fix for the browser hijacker. I printed out both the link to click on to download the fix, as well as the registry keys you were supposed to delete if you couldn't download the fix. Once online in safe mode, I downloaded the fix. Later I went into my registry to make sure the corrupted registry keys were gone (they were). It took awhile but it all worked out.

Here's the relevant thread -

http://www.goodreads.com/topic/show/2...

Do a system restore - post 37 explains how.

Sigh.

Anyone ever been infected with cryptor.dropper?

I don't know how to interpret what AVG is telling me. I was at a website, the detection shield popped up - does that mean it stopped the infection or not? In the "resident shield detection" screen, AVG is showing a list of detected assaults going back a few months. The last one is from earlier tonight; the object apparently went to Temporary Internet Files. In the "result" column one of them says "object inaccessible," the other result is "infected." So am I infected? Does this mean AVG detected the threat but couldn't stop it?

Rah-roh.
I would think it should say something like 'quarantined' or removed, but I don't know anything about AVG.
I'd say disconnect from the interwebs and run a scan.

I'm doing a scan now.

I don't understand - the site I visited had the AVG little green seal of approval that shows up with your google results. I don't think I've ever clicked on a site that didn't have the green seal. So it's apparently useless?

The bad guys are constantly looking for ways to outsmart the good guys. It looks like you have been snagged in the cyber arms race.

Okay, the AVG scan completed and it told me cryptor had been removed and healed. It is now in the Virus Vault. I feel better!

Gabby wrote: "Never install the scam antivirus software programs particularly the "Windows live security essentials". It appears like the original product from Microsoft but it is a dangerous malware which will ..."

That's why I'm always wary as I'm searching for virus removal tips on google. How do you know which are real, and which are posing as real but are malware? It's very, very scary.

Hopefully it is OK.

There are a bunch of threads on the AVG site about this virus, and it sounds like a tough one to get rid of.