Hi all, my son was using my home laptop while I was on vacation and I came back to a computer with a false security application on it, that won't allow me to get onto a browser.

I have an older Acer laptop 7520-5271 with Vista Home Premium. AMD turion 64. 32-bit OS Service Pack 2.

When I boot it up, it comes up with User Account Control stating that an unidentified program wants access: Protector-hrmo.exe. If I say "Cancel" it continues booting. I have been using Microsoft Security Essentials. The screen eventually comes up with a Microsoft security software program, saying it has found 7 viruses and one Trojan. It wants me to run a scan (RIGHT!).

I can't get onto FireFox or IE.

Can you tell me what to do, or am I going to have to do a complete reinstall?

Thanks much, Roberta

bleepingcomputer.com

http://www.bleepingcomputer.com/download/anti-virus/rkill

FixExec if you cannot Execute any Executables works so you can
run things to fix that.

http://www.bleepingcomputer.com/download/windows/utilities/fixexec

If you need more help doing this just Post it. I would run the
FixExec first if you need it.

Thanks so much, but how do I download it if I can't open a browser? Can I put it on a flash drive?

Yes



Dell Studio 540, Windows 7 Ultimate, Intel Core 2 Quad Processor Q8200 (2.33GHz, 1333MHz FSB), w/

4MBcache, 4GB DDR2 SDRAM 800MHZ- 4X1GB DIM M, ATI Radeon HD 3650 256MB supporting HDMI

Once you get it going, remember to clear the restore points out. I have had virius hide in there.
Jim K

Great Suggestion. You can get reinfected very easily.

Sometimes people will use System Restore to get rid of a Virus.
This is not a good Idea either. Using System Restore to get to
point that you can do more to get rid of it is ok.
After your done Make sure you Clear it and make a new Restore Point when it's all clean.

I will do that, thank you!

> I can't open a browser?

You could try renaming "firefox.exe" to "waterfox.exe" & see if that works.


Or something like this:

"Off By One Web Browser"
http://offbyone.com/offbyone/

Tiny & should be enough to allow you download the file.
(It would end up wherever you "installed" OB1 to.)



And I'd also let MalwareBytes Anti-Malware have a go at it.

Doesn't say it's for Vista :(

I've actually thought about wiping the computer for a while now...wish I had a copy of XP so I could install that instead.

I would keep it running Vista. You should be able to restore to factory settings and software by using the recovery manager. Hit Alt + F10 at startup to return the unit back to factory content. You would lose all data that is on the machine now, so try to get anything you want to save, off, before you continue. When it is done, there is no chance of any virus still living. You will have to add all the new Microsoft Updates and put a good antivirus program back on. Allow Updates to install automaticaly. It is usually just a matter of starting and restarting a dozen times to get all the updates for Vista.

Wow. That sounds....drastic. But it also sounds like something that would save me a lot of time.

I use Carbonite, so all of my documents are saved somewhere else. I'm assuming that programs I added myself such as Picasa, Quick Startup, etc. will all be gone - sigh.

I will probably do this on Sunday.

Thanks very much!

I will also try renaming Firefox, great idea!

I did download rkill to a flash drive. I'll need to tackle this when I have time - I still work 40 hours a week, and I'm usually tired when I get home. I can see this little project taking several hours.

So I have been working on this....I downloaded FixExec and rkill, and both have run. They also enabled me to open Firefox and I downloaded AVG, but it only installs 3/4 of the way then returns an error message. I checked to make sure there were no other security programs running and there aren't.

Damn viruses!! Suggestions?

Thanks again, I really appreciate your help. : )

Roberta

First, you have to get rid of AVG. See if it's listed in Programs and Features, if it is, uninstall it. If it's not listed there, or it won't uninstall, go here and download the appropriate 32-bit or 64-bit uninstaller. Then download Combofix and run it. Do not run Combofix with AVG installed, they don't get along. Do not run Combofix with any other real-time antivirus scanner active. This should fix your problems.

Edit - I don't recommend AVG. I do recommend Microsoft Security Essentials, and if you are techie enough not to get bent out of shape about the advertising, I also recommend Avira.

Thanks so much! Running ComboFix right now.

Hey, I need all the help I can get - thanks for the comment on Avira. :)

I like to use ESET's on line scanner. Try it here: http://www.eset.com/us/online-scanner/

Thanks Bobbo, good info! I will bookmark that.

I think Combofix may have done the job. I ran it, then tried to download Avira but it wouldn't work. So I then tried downloading MS SE and it worked! I'm now running a complete scan. I'll let you know what happens. 😃

Bleeping viruses!!!

OK, here are the results of the scan:

Two trojans: Rogue:Win32/fakePAV, alert level severe. I removed that.
Also VirTool:Win32Obfuscator.xg - also severe. It's quarantined.

I'm going to do another full scan, then a reboot. Restore points have been deleted.

Thanks so much everyone! I am now going to go to the donation page and donate some money to PCQ&A. :D

I have an .iso of XP Pro and Home if you want a real copy..Let me know and I'll PM you the link.



Dell Studio 540, Windows 7 Ultimate, Intel Core 2 Quad Processor Q8200 (2.33GHz, 1333MHz FSB), w/

4MBcache, 4GB DDR2 SDRAM 800MHZ- 4X1GB DIM M, ATI Radeon HD 3650 256MB supporting HDMI

YES!! Thank you!!!

readabovewater.... before you wipe your drive and install XP, find and download the mainboard drivers on your manufacturer's website for your computer for XP and Vista. Without those motherboard/chipset drivers you may not be able to access the internet and the unit may run very slow, possibly your USB ports will not work, etc. Don't miss on this, especially if you are wiping your restore partition which contains all those drivers.

OK thanks very much - I will do that. : )

Roberta

Before you wipe your drive, make the reformat disks from the recovery manager. That way you can at least return it to factory contents if needed.

I really think Vista gives you less trouble if that is what the laptop was made for.

Renewing Vista from the built in partition from Acer to me is much easier than installing XP and finding drivers. You may have to go into BIOS an reset the drive for XP.

My opinion would be that if the laptop did not have Vista it would be devalued unless it had Windows 7 or Vista installed.

The only benefit to a new XP installation I see would be that there is no add on extra software that you might not want installed. If you get rid of the User Account Controls, I think Vista manages almost everything better than XP.

Jim K