I was using my laptop when all of a sudden I started getting these pop-up and system notifications about this virus and that malware. I didn't go to any naughty websites and I wasn't installing any new software, so can't explain how it happened.I know I'm in the middle of a malware attack, so I tried to call up my arsenal. Ctrl-Alt-Del to bring up Task Manager. No good, Windows tells me that it has been infected. I tried running HiJackThis! and ProcessExplorer. No good, they're being silently killed as soon as they start to execute.
Tried to Google for more information. Even my Internet access is being blocked. Instead, I was being redirected to pr0n sites, and more notifications urging me to install Antivirus System PRO now!Using another laptop, I found out that this Antivirus System PRO is itself the culprit. Most websites suggest killing certain processes,
deleting certain files and registry entries, but I'm not even being allowed to do that. Booted into Safe Mode with Networking, and went straight to the BSOD. Left with no choice, I booted up normally and fired up Task Manager and HiJackThis! the first chance I got. The rouge process (bwbtsysguard) eventually showed up and I terminated it quick. That seemed to be the end of it, as the system worked fine afterwards.A quick scan by HiJackThis! found this:
O4 - HKLM\..\Run: [isavkgid] C:\Documents and Settings\alching.***-INTRA\Local Settings\Application Data\shxroa\bwbtsysguard.exe
which I promptly deleted.
Just to be on the safe side, I downloaded Malwarebytes Anti-Malware and Spyware Doctor and gave the hard disk a good scan. After weeding out a few more startup entries, everything seems to be back in order. Whew! Just imagine if this had happened in the office. Half a day of downtime.
oh, dang yeah that happened to me.
ReplyDeletebut i was still aloud to go on the internet but there were like "fake bugs" litteraly eating my icons so i used superantispyware google it its actually really good and its free. im not trying to sound like spam so i will stop now hahaha .