I had fired up my work laptop that had those odd antivirus programs on it i had mentione d awhile back. I was using it at the hospital and the desktop icons including a few porn sites that kept popping up stopped appearing them after windows loaded about 50 updates. the computer was actualy working fine for the next few days.

SO today i fire it up and so far so good but then the windows I was working in suddenly closed and this virus scan popped up. it took me to this webpage for protectep.com and wanted me ot buy their software. I did a google search on my slower but safe puter and saw its some sort of hijack program.

I found several sites describing how to remove the program, but they all say to be careful in removing it as you can crash your system.

Any of you experts have any advice, or should i take itto a pro to fix it. problem withthe vrus protection is its some corporate edition. I tried putting my nortons on it and it wouldnt allow me to upload it. I am hesitant to take it back to work because those porn sites that kept popping up.

If it's a work laptop let them fix it, dude. I don't know how it is there but if I try working on my own work laptop and eff it up I am responsible for the $ to replace the machine.

Boot up in Safe Mode and try to download Norton.

Have you tried restoring to an earlier date? ( and then try Norton )

Is it a work computer that is normally used for work? Have you visited any sites (directly) that you were not supposed to.

Typically companies won't hold you responsible for the pages that these "scareware" bring up.

Most likely (the way that I do it), they will just reload all of the software on the machine from scratch.

Depending on the level of security in place on your machine, and the OS that is loaded; it could make cleaning this up yourself very difficult.

Microsoft security essentials, which is free, and Malwarebytes Anti-Malware are what I use and I never have problems with any of my computers.

Just wipe it and install Linux. Your company will appreciate you taking the initiative to upgrade your machine. ;)

Is it a work computer that is normally used for work? Have you visited any sites (directly) that you were not supposed to.

Typically companies won't hold you responsible for the pages that these "scareware" bring up.

Most likely (the way that I do it), they will just reload all of the software on the machine from scratch.

Depending on the level of security in place on your machine, and the OS that is loaded; it could make cleaning this up yourself very difficult.

Its not used for work, they were "given" to some of us for helping in a research study, so theyre ours but theyre not if you know what I mean.

I am going to be working a shift in the ER tonight and have to see payroll and the benefits people tomorrow, so I may try to go se the tech guys there as well see if they can work their magic.

I have nothing to add but...
Must be the flavor of the month. Erik told me a little bit ago that his laptop has a virus on it.

Boot up in Safe Mode with Networking. Delete everything in your user account's temp directory and in Windows\Temp. Download and install MalwareBytes and Spybot Search and Destroy. Download TDSSKiller from Kaspersky.com.

Run Malwarebytes and perform a full scan. Reboot to Safe Mode when it's done.

Run Spybot. Immunize the system and do a scan. Reboot when done.

Run TDSSKiller. Be aware that once it has finished running, and you've closed it, it might cause a BSoD. I've found this to be normal.

That should do it. If not then you need to reload, because it would take a tech to clean it properly.

I haven't found a whole lot about this particular one on the web, but from what I have found, it doesn't look that bad.

What version of Windows is on the laptop?

Malwarebytes and Spybot are both good programs. You can also run HijackThis and post/attach the log, and we can read through that.

I haven't found a whole lot about this particular one on the web, but from what I have found, it doesn't look that bad.

What version of Windows is on the laptop?

Malwarebytes and Spybot are both good programs. You can also run HijackThis and post/attach the log, and we can read through that.

It's actually pretty bad, because it constantly pops up and blocks you from being able to use your computer. It masquerades as a legitimate virus scanner. Ultimately it takes you to a website in order to download their "virus remover", which is more spyware and viral files, after you've given them your credit card number.

All in all, that's pretty bad. It's also damned tough to remove, once it has gotten to a certain state of infection. I generally use either a Windows PBE boot CD or something like BART PE, in order to boot into the system and start a manual cleaning, before I move on to the utilities that I've mentioned. That gives me about a 95% positive result, but I still occasionally have to reinstall Windows.

I've removed 4 or 5 variants of this type of virus, some of which have been more embedded than others. 1 was really devious and took every skill and utility that I had to remove it.

From what I found on the web, this one consists of a single executable existing in the temp folder, and changes to the proxy settings in IE to block traffic. Removal should be fairly straightforward (kill running exe process or use other boot media; delete the executable from the machine, and correct the proxy settings via regedit or the IE menu itself)

I've removed 4 or 5 variants of this type of virus, some of which have been more embedded than others. 1 was really devious and took every skill and utility that I had to remove it.

From what I found on the web, this one consists of a single executable existing in the temp folder, and changes to the proxy settings in IE to block traffic. Removal should be fairly straightforward (kill running exe process or use other boot media; delete the executable from the machine, and correct the proxy settings via regedit or the IE menu itself)

Depends. The executable can be in the User\Temp, Windows\Temp, Windows\System32. It can set up a proxy. It can set hard coded URL references in the Hosts file. It can embed DNS override entries in the system registry. It can lock the Hosts file, so that it can't be edited. It can drop other infections. This has become the single largest part of my job, over the last 6 months; dealing with this infection and its variants.