Help with a Computer virus: My daughter uses one of my laptps for school and uses the computer for school. She downloaded a game for her son to play and with it came a pop-up that asks...

GC likes NIKON Loc: East Greenwich, Rhode Island

My daughter uses one of my laptps for school and uses the computer for school. She downloaded a game for her son to play and with it came a pop-up that asks you to call a phone number to rid your computer of a virus. She unknowingly did and a guy came on the phone with a heavy accent. He took control of the computer and showed/told her that she had several viruses and asked for a credit card number to "Fix" everything. She hung up on him and shut down her computer, but the damage was done. Now every time she boots up, the pop-up comes back and she cannot X out of it.

Is this something we can delete from add/delete programs or do we need professional help ?? If I take it back to Best Buy will they install a security program and help us ??

MT Shooter Loc: Montana

She has a browser hijacker, a very powerful one. I had it last month and it cannot be removed. I ended up having to completely reload Windows and basically start all over. Even having a complete backup will not get rid of it.

No anti virus software will even detect it. Look in your program folder for a folder called "groover". It self protects and is impossible to delete.

Whatever you do stay off the internet and turn off Wi- F i as the malware will steal your passwords and account data if you stay connected.

harryh813 Loc: Riverview, Florida

MT Shooter wrote:

She has a browser hijacker, a very powerful one. I had it last month and it cannot be removed. I ended up having to completely reload Windows and basically start all over. Even having a complete backup will not get rid of it.

No anti virus software will even detect it. Look in your program folder for a folder called "groover". It self protects and is impossible to delete.

One thing you can try is to do a system restore from a previous state. Unless they have disabled/deleted the past restore points. Once you get your laptop back up and running, it's a very good idea to invest in a portable hard drive and keep a backup of your system so that if this happens again you can recover.

MT Shooter Loc: Montana

harryh813 wrote:

One thing you can try is to do a system restore from a previous state. Unless they have disabled/deleted the past restore points. Once you get your laptop back up and running, it's a very good idea to invest in a portable hard drive and keep a backup of your system so that if this happens again you can recover.

Does not work, message "unable to continue" will come up every time. Only a reboot from disk and complete reinstall will work. I had two computer repair experts try to get rid of the hijacker and neither had seen such a program before.

harryh813 Loc: Riverview, Florida

MT Shooter wrote:

Does not work, message "unable to continue" will come up every time. Only a reboot from disk and complete reinstall will work. I had two computer repair experts try to get rid of the hijacker and neither had seen such a program before.

I've had luck with a Linux live CD before. Booting into Linux and then deleteing offending files from Linux instead of the windows install and then once rebooting into Windows was able to finish removing the virus, but you would need to know someone with some Linux skills to do this. Otherwise it looks like you are stuck with the re-install.

GENorkus Loc: Washington Twp, Michigan

Microsoft offers a cleanup for their programs. Don't remember the name but do a search under Microsoft (dot) com.

PaulR01 Loc: West Texas

Download Kaspersky's virus removal tool and run it. When it is finished it will remove itself. This is my first go to tool for removing viruses at the office.
http://www.kaspersky.com/antivirus-removal-tool?form=1

MT Shooter Loc: Montana

GENorkus wrote:

Microsoft offers a cleanup for their programs. Don't remember the name but do a search under Microsoft (dot) com.

Windows firewalls do not detect it as it does not attack Windows, it hijacks your browsers, ALL of them including, Chrome and Firefox.

MT Shooter Loc: Montana

PaulR01 wrote:

Download Kaspersky's virus removal tool and run it. When it is finished it will remove itself. This is my first go to tool for removing viruses at the office.
http://www.kaspersky.com/antivirus-removal-tool?form=1

It's NOT a virus and anti virus software will not help at all. It's malware, but it's new and self-protecting, even programs like Malwarebytes cannot remove it, although it will detect and show what needs removing.
Once you locate it, you still cannot remove it even in the cmd prompt window. The only solution is re-installing Windows.

harryh813 Loc: Riverview, Florida

MT Shooter wrote:

It's NOT a virus and anti virus software will not help at all. It's malware, but it's new and self-protecting, even programs like Malwarebytes cannot remove it, although it will detect and show what needs removing.
Once you locate it, you still cannot remove it even in the cmd prompt window. The only solution is re-installing Windows.

If Malwarebytes can identify and show what needs removing then booting into a version of Linux, on a live cd, should allow you to go in and remove the files since those files would not be protected from the Linux point of view.

PaulR01 Loc: West Texas

MT Shooter wrote:

It's NOT a virus and anti virus software will not help at all. It's malware, but it's new and self-protecting, even programs like Malwarebytes cannot remove it, although it will detect and show what needs removing.
Once you locate it, you still cannot remove it even in the cmd prompt window. The only solution is re-installing Windows.

It gets most Malware also. Spybot Search & Destroy is my next move if the removal doesn't get it all.

MT Shooter Loc: Montana

harryh813 wrote:

If Malwarebytes can identify and show what needs removing then booting into a version of Linux, on a live cd, should allow you to go in and remove the files since those files would not be protected from the Linux point of view.

Maybe. If you have a Linux disk available. Not many do. My local tech tried unsuccessfully to remove it for three days as he had "several" methods he wanted to try. In the end a total reinstall was all that worked. I has since cloned my drive so I have a complete clean system if I ever get it again, all I have to do is swap out the date drive and I am back in business.

MT Shooter Loc: Montana

PaulR01 wrote:

It gets most Malware also. Spybot Search & Destroy is my next move if the removal doesn't get it all.

Spybot finds it, but cannot remove it.

harryh813 Loc: Riverview, Florida

MT Shooter wrote:

Maybe. If you have a Linux disk available. Not many do. My local tech tried unsuccessfully to remove it for three days as he had "several" methods he wanted to try. In the end a total reinstall was all that worked. I has since cloned my drive so I have a complete clean system if I ever get it again, all I have to do is swap out the date drive and I am back in business.

That really is probably the best solution/defense against this.

GC likes NIKON Loc: East Greenwich, Rhode Island

Thanks for all your help and advice gentlemen. I stopped at Best Buy where I bought the computer for her this morning. I talked to one of their Geeks who said to make an appointment to bring it in and they would straighten it out. $150.00 with a 30 day warranty or $200 with a one year warranty and full tech support for a year. After he finished and turned away another guy who heard the conversation came over and suggested that she delete all temporary files and cookies and see what happens before bringing it in to them. MT Shooter you were right I was told it was a browser Hack !!!

I'll keep you all appraised of the progress. Her computer, she downloaded the game with the Malware, BUT you all know who will pay to get it fixed !! (And it will be my pleasure !!)