Hijacked browser

Topic

New Reply

Somehow a virus or trojan has infected my desktop and I cannot access the internet or run Quicken or other programs. Constantly getting Windows Security Alert messages which I believe are phony. Being taken to one website for costly protection program. Will not allow me to go elsewhere! What isthe best way to delete this hijack? thanks! Software is called “anitvirus system pro”

Reply | Quote

Replies

You should be able to remove it using a program called Malwarebytes. For more details see Remove Antivirus System Pro (Uninstall Guide)

Reply | Quote

You should be able to remove it using a program called Malwarebytes. For more details see Remove Antivirus System Pro (Uninstall Guide)

Thank you. I saw that and was uncomfortable in what it asked me to do…and the Trojan was not letting me access those files anyway. It looked like a ton of tricky steps. I wasn’t sure how to get started. Luckily, I was able to use ERUNT to restore a cleaned up registry and get going again. My new question: Why didn’t ZA or AVG defend my system? I spend plenty on that stuff and they let me down. Also, was it my status as an Administrator that also contributed to the successful invasion? If I had been a Guest or non Administrative user, would this not have happened? Thanks!

Reply | Quote

….. My new question: Why didn’t ZA or AVG defend my system? I spend plenty on that stuff and they let me down. Also, was it my status as an Administrator that also contributed to the successful invasion? If I had been a Guest or non Administrative user, would this not have happened? Thanks!

This is scareware and probably got on your system with another download, email attachment or a mouse-over on a website. Usually these things don’t get their hooks in unless you interact with them and that can sometimes be as simple as clicking the “X” to close the window.

I would suggest that you turn off System Restore to remove all the old restore points and then restart it. If this got into a restore point, it could reoccur. If you get a scareware warning again, I would recommend that you first use Ctrl/Alt/Del to bring up the Task Manager and close the window from there. Then disconnect from the internet and run a program like Ccleaner to dump all your temporary files and clear your browser cache immediately.

I’m not 100% certain that these things cannot get on the system in a Guest account and then reside in the browser cache or temp files until the Administrator logs on and gets warned that there is an infection.

Reply | Quote