I know these forums ain't the virus doctor forums, but there are too many tech heads in here not to give it a shot. AVG shield has detected an Adware Generic5.PFR virus in a particular file (browser manager folder) as per the attached screenshot. Even though I heal it, it still pops up and multiplies. My laptop became extremely slow, I have powered it off until I can get some solid method of how to eliminate it. m fearful of all my music stuff, sod everything else! Safe Mode a good start.... 

http://imageshack.us/phot...mages/202/virusgu.jpg/



Windows 7 running


Help appreciated,

Cian

A google search for Generic5.PFR virus doesn't come up with anything. 

If the Antivirus won't get rid of it, maybe Malwarebytes will.  Download and run Malwarebytes, you may have to download that to another PC, copy it to a USB flash drive or CD and load it on the affected PC with Windows in Safe Mode. 

http://www.malwarebytes.org/

MS has a free virus protection (security essentials) that nailed a nasty bug for me.  Same problem - it seemed to dead but zombie-like, kept coming back and infecting the same files.  Also, you need to update the protection and run on the enitre HD(s) to get rid of them.

@

Do you have another computer you can use to download some stuff and non infected thumb drive?

If so go to CNET and download the following as well as their update definitions where applicable:

CCleaner
Malwarebytes
Spybot Search and Destroy
Hijack This
Avast

I've also seen a lot of people talk about bitdefender but I've never used it but if this other stuff doesn't work then maybe try that.

So download all those onto the thumbdrive

Restart the infected computer in Safe Mode (without networking)

Install the programs and update their definitions using the definition files (where applicable). Some of these programs may give you a hard time installing/updating properly in safe mode but I forget which ones so if you encounter one just move onto the next program and try the ones that didn't work in regular mode after you've scanned with everything else.

You want to use these fresh downloads because even if you already have these programs on your system they may have been corrupted by the virus so you may have to remove the original installs.

Open CCleaner and run the CCleaner following the included instructions.

Run a full scan with Avast using the updated virus definitions (I think this one gave me a hard time updating with the definition file, if so just scan without the update for now. It'll still check for a bunch of stuff).

Then run Spybot Search and Destroy (full scan) following the instructions

Then Malwarebytes

Unless it is a particularly stubborn virus these programs should be able to deal with it. If not you can go back to CCleaner and see if you can remove it manually. Same thing with HiJackThis.

HiJackThis gives you a little description of each entry which is helpful but sometimes confusing. Usually any major problems should be apparent but you may want to take the report it generates and post it the HiJackThis forums and those dudes will help you figure out what needs to go. Do NOT remove things on a guess because you can screw up your system.

Then do it all over again in regular mode.

All of that will usually take care of even the nastiest viruses. If not unfortunately you may have to use your recovery disc. Hope you've backed everything up.

Good luck.

BTW because you know the name of the file it makes things a lot easier. If you are CERTAIN that is indeed the virus find it with HiJackThis and remove it manually. You should still do all that other stuff too to be safe.

Once the system is clean dump AVG. It's garbage these days and it's a resource hog. Cheers.

Do what Beepster says

I pull viruses off of people's computers all the time.  In fact, I just fixed one last night.

What I found to be quicker than trying to get them off the computer that has the viruses is to physically remove the infected drive/drives from the computer and plug the drives into a second computer.

What this does is it allows the infected drives to be scrubbed by the anti-virus software on the second computer as the drives are not seen as boot drives on the second machine - they are only seen as data drives.  This means that none of the viruses get loaded up into memory, and it is far quicker to scrub infected drives this way.

My primary computer has a hot slot on the top of the tower for quickly plugging SATA drives into it without even having to restart.  Once in, I just start a custom virus scan with my Avast antivirus software on the infected drive, and it cleans the infected drives in roughly 30 minutes or so, while I am watching TV.

Bob Bone

Oh, I forgot to agree that AVG blows.  I happen to like Avast - it's free, and I believe it is ranked pretty well, certainly on par with MS Security Essentials and other top ones.

Bob Bone

fireberd, it appears to be a form of the adware generic5 type, which according to some google searches is an adware that hides within your files. Any solutions to this seems to be to start in safemode, delete certainfiles using regedit. But I will defo install malware bytes as suggested by you and beepster.

Thanks AT, I too will engage MS security essentials. Can you point me exactly to where I turn this on in windows 7, my computer----> control panel?

Beepster, thanks for your lenghty reply, I am currently at work so I cant tackle this yet. What is a thumbdrive? like a usb drive? and no I havent backed up in a good while.

Thanks djtrailmixxx

One more thing I'll add is once you get the system cleaned I HIGHLY recommend using Firefox to surf with. Install the add ons NoScript and AdBlock + and learn how to use them.

Adblock is pretty straightforward. Just pick the appropriate block list (I think the one I'm using is Fanboy's or something like that... it's at the top of the available lists) and from there it'll just do it's thing in the background. Ads are a vector for a lot of nasty stuff so it's a lot safer and if your system is relatively modern it shouldn't slow things down. 

NoScript takes a little more effort. It essentially blocks ALL scripts coming into the browser. Some sites will work fine like this but many won't. The first thing you do is "Allow" the main domain to see if that makes things work (for example on this site you would "Allow" cakewalk.com). You do this by clicking the "Options" button in the lower right corner of the browser and select from the list. Here you'll see all the crazy stuff being blocked. Much of it is tracking and ad software which is completely unnecessary to view a site and is a security risk. If allowing just the main domain doesn't allow access to all the content on the page then you have to pick through the list to see what script is needed to show the content. For example on Photobucket you have to Allow photobucket.com as well as pbsrc.com (or something like that). You will never need to allow stuff like google analytics or adservices. If you are unsure what's what you can just google those URLs and see what that is trying to load on your system. It takes a little getting used to but once you have it figured out it's pretty simple.

If you choose to use another browser like Chrome or Opera again add Adblock+ but you may have to use an Add On called Ghostery to do what NoScript does because those browser don't support NoScript as well as FF.

By doing all this in conjunction with a good AV like Avast you are going to pretty much guarantee you are not going to pick up any viruses unless you a really being irresponsible with your system (like download porn or torrents from sketchy sites).

Cheers.