I keep getting a popup with the title 'antivirus software' as well as a fake antivirus app getting run called 'AV Security Suite'.

But the most crazy thing is, I can't start or run any app. Trying to navigate to any website gets me

Internet Explorer Warning
Visiting this site may harm your computer!

If I try to run a program, any program, it says

Application cannot be executed, the file (filename.exe) is infected, do you want to activate your antivirus software now?

I can't even download mbam or anything like that.

  • Regarding the web access problem - if you can, check your network connection settings, particularly the location of the DNS server. Make sure it's either the value you expect it to be or set to obtain the address automatically. Doing this should mean you can access sites like malwarebytes.
    – ChrisF
    Commented Jun 20, 2010 at 17:30

It does sound like your computer is well and truly compromised.

What to do if my computer is infected by a virus or a malware? has some standard steps you can try, but ultimately it might be simpler to reformat your hard-drive and re-install Vista.

When you do make sure that the first thing you do is install some anti virus software.

  • 1
    There are a million of these malware apps. They basically try to sucker you into buying the full version of a fake security application. They don't do any long-term damage and I haven't yet come across one that couldn't be properly fixed by Malwarebytes' app, a re-install is a bit excessive for this. Commented Jun 20, 2010 at 17:24
  • 1
    @Graeme - the OP states he can't run any executable. Taking that at face value (rather than exaggeration) a reinstall may be the only solution. Also I did suggest that the steps from the "reference" question were tried first.
    – ChrisF
    Commented Jun 20, 2010 at 17:27
  • Maybe booting into safe mode or something might work? In any case I definitely need a good way to get my data out. Commented Jun 20, 2010 at 17:36
  • @My Computer is DYING - If you can't boot with a Live CD then another solution would be to remove the drive and put it into an enclosure and read the data from there. The risk of infecting the other machine is minimal, but do a virus scan of the drive first.
    – ChrisF
    Commented Jun 20, 2010 at 18:06
  • 1
    What I can't understand is how these companies can operate and actually receive payments by credit card without being caught. I mean, I tried to sign up for an online poker network once and my bank refused to process the charge on the basis that it was an offshore gambling company. Why are these malware companies allowed to operate with impunity? You don't see crack dealers accepting credit cards or taking orders online... Commented Jun 20, 2010 at 19:39

Follow these removal instructions and it should be fine.

Once that is done, install an anti-virus application and make sure you keep it updated. Most will automatically update themselves periodically by default.

Some suggestions:

  • I can't navigate to any website to download anything. Secondly, I cannot run any exe. Commented Jun 20, 2010 at 17:25
  • Secondly, on a different computer (the one i'm using now), I have MS Security Essentials. Should I bother with any of the others if I'm using this one? Commented Jun 20, 2010 at 17:27
  • @My Computer is DYING - MS Security Essentials should be OK.
    – ChrisF
    Commented Jun 20, 2010 at 17:31
  • You should be able to boot in safe mode with networking to download and run the tool. To select the safe mode option, press F8 after the BIOS POST screen, just before Windows is about to start. Commented Jun 20, 2010 at 18:53

First of all, do a backup of all your important files. Grab a Linux Live CD, burn it and boot your machine from it. With a flash or external disk drive, copy everything you need to save to another computer that has an antivirus installed.

IMHO, saving the files is the most important thing. I wouldn't trust in the machine anymore. If you don't have "esoteric" software on your machine that you couldn't live without and can't install it anymore, I suggest to format it, install your OS and an antivirus and copy the backuped files. After formatting, create an image from your hard disk using an utility like Norton Ghost and keep it with you if you need to format again.

I'm not saying that it's not possible to clean your machine, I just don't think it's worth to do it because you lose a lot of time cleaning everything and you can never be sure that you completely desinfected your machine.

(Remember that favorites, personal configurations in applications will be lost when formatting if you don't backup them)


You may use a rescue live-CD virus scanner. As a boot CD it's autonomous and doesn't use your Windows system.

I suggest using Avira AntiVir Rescue System because it gets updated several times a day and so the download CD is up-to-date.


a program called mcaffe stinger is made specially for these cases when virus removal software will not run because of hostage-ware.

you may need to get it on another computer and put it on a flashdrive.

also some of them do not block other extensions, i have forgotten some of these extensions, but lifehacker had an entire post on these viruses.


I have manually removed this from three four macines by chasing the "random" filename keys and filnames in the registry and in the %TEMP% folder. In fact the first thing I do from a command prompt is to delete all .exe files from the %TEMP% folder, making a note of the filenames. Searching for these .EXEs with random names in the registry and deleting the entries cleans it up.

Also while the face AV screen is being displayed although it looks like a "regular application window" if you start the task manager and terminate iexplore.exe , the fake "you are infected" screen will close.

It's tedious but do-able. You might have to switch to safe mode to get it done. As suggested earlier, if there is cleaner tool, it should be faster than chasing registry entries of random names :)

What i'd really like to know is if IE is more likely to "pick those up" than Firefox. So far the occurences I cleaned up took place on machines that IE was being used as the browser.

