This is the first time I've visited this site and seems like you are all able to fix this problem, which I was about to give up upon and force a reformat, but you might give me hope in resolving this.
I'll organize this since it's long. I went to another forum asking for help since this Saturday Morning, and they tried to troubleshoot with me all day (literally) using different programs and tools, didn't work. Here's a summary of what I've done (10 hours later):
---------------------------------------
post 1:
I got hit with this yesterday, I don't know how, whether it was through surfing around, but it popped up as a security alert and when I thought it was the windows security alert, I clicked on "enable protection" and it pops up a browser that has me try to buy some antivirus software, which I know is a fake then. I had ESET Antivirus enabled before then but for some reason, it did not catch this virus
I ran full scan with Malwarebytes Antivirus, and it detected 2 problems, but none of them had the title of win32.zafi.b, they were related to svchost and something else. I rebooted into safe mode and did that full scan again and did a full scan of ESET, which after hours, found nothing.
I tried using hijackthis, but it did not catch anything suspicious when I analyzed the file.
but every time I log in to my normal boot login, it pops up and when I use any browser like IE 7 or Mozilla, it pops up as well. it slows now anything that I load as an app, and my browsing, even as simple as opening up a saved txt file.
I downloaded PC Spyware Doctor full version and ran a full scan last night, it was able to find some spyware, but not anything related to this virus. After cleaning a few dozen of what it found in the browsers, I rebooted and the same problems are happening again. Take a look at this screenshot
I'm currently installing and trying to update symantec endpoint protection, but it seems that virus seems to have disabled some options or something isn't right. If none of these work, are there manual ways that I can get some help in looking around in the registry or any hidden folders?
Symantec keeps catching things as you can see from how thin that scroll bar is. it's not taking out the source, something is replicating these files.
---------------------------------------
Post 2:
I'm using another computer I have around the house to reply right now. I was unable to revert back to a system restore point using windows. I had three listed when I booted in safe mode before the time of this incident yesterday spread throughout the week, but each time I used it, had it shut down, reboot, and got back to windows, it kept popping up that the thing was incomplete and could not restore. Is that because of the virus or just how crummy the windows automated scheduled restore points are?
msconfig caught nothing fishy. I tried peeking through each one. Not to my surprise. If HiJacker didn't catch this than MSCONFIG wouldn't have anything found on this either.
I even noticed when I was working in safe mode for some time that the damn virus was able to get into that mode, but symantec got something of a different "name" caught and removed it.
I've been using Mozilla Firefox 3 over IE 7 for quite some time now and this hit when i was using Mozilla.
---------------------------------------
Post 3:
this is frustrating...I'm going to try the rogue remover now
---------------------------------------
I'll organize this since it's long. I went to another forum asking for help since this Saturday Morning, and they tried to troubleshoot with me all day (literally) using different programs and tools, didn't work. Here's a summary of what I've done (10 hours later):
---------------------------------------
post 1:
I got hit with this yesterday, I don't know how, whether it was through surfing around, but it popped up as a security alert and when I thought it was the windows security alert, I clicked on "enable protection" and it pops up a browser that has me try to buy some antivirus software, which I know is a fake then. I had ESET Antivirus enabled before then but for some reason, it did not catch this virus
I ran full scan with Malwarebytes Antivirus, and it detected 2 problems, but none of them had the title of win32.zafi.b, they were related to svchost and something else. I rebooted into safe mode and did that full scan again and did a full scan of ESET, which after hours, found nothing.
I tried using hijackthis, but it did not catch anything suspicious when I analyzed the file.
but every time I log in to my normal boot login, it pops up and when I use any browser like IE 7 or Mozilla, it pops up as well. it slows now anything that I load as an app, and my browsing, even as simple as opening up a saved txt file.
I downloaded PC Spyware Doctor full version and ran a full scan last night, it was able to find some spyware, but not anything related to this virus. After cleaning a few dozen of what it found in the browsers, I rebooted and the same problems are happening again. Take a look at this screenshot
I'm currently installing and trying to update symantec endpoint protection, but it seems that virus seems to have disabled some options or something isn't right. If none of these work, are there manual ways that I can get some help in looking around in the registry or any hidden folders?
Symantec keeps catching things as you can see from how thin that scroll bar is. it's not taking out the source, something is replicating these files.
---------------------------------------
Post 2:
I'm using another computer I have around the house to reply right now. I was unable to revert back to a system restore point using windows. I had three listed when I booted in safe mode before the time of this incident yesterday spread throughout the week, but each time I used it, had it shut down, reboot, and got back to windows, it kept popping up that the thing was incomplete and could not restore. Is that because of the virus or just how crummy the windows automated scheduled restore points are?
msconfig caught nothing fishy. I tried peeking through each one. Not to my surprise. If HiJacker didn't catch this than MSCONFIG wouldn't have anything found on this either.
I even noticed when I was working in safe mode for some time that the damn virus was able to get into that mode, but symantec got something of a different "name" caught and removed it.
I've been using Mozilla Firefox 3 over IE 7 for quite some time now and this hit when i was using Mozilla.
---------------------------------------
Post 3:
this is frustrating...I'm going to try the rogue remover now
---------------------------------------