virus [SERIOUS] Windows 7 virus, can't modify an .exe on desktop

[Rob.S]

Hi,

 

My cousin accidentally downloaded this on his PC. It has some bank details on it... I realised it was a virus and ran a mbam scan, and a mbam chameleon scan. I downloaded VibranceGUI and extracted the .exe, I launched it, and it worked... then it quit and the exe lost its icon and changed to zero kb. I got some of these errors when trying to move or delete it

 

• This program is in use by  (blank space)
• You need permission from (admin account name) to modify this folder
• File access denied, you need permission from the administrator to remove this.

Does an antivirus cause this or a virus? Pretty sure its a virus because he had not changed anything before then, and mbam only detected a registry entry with a backdoor, removed that. Really need help, this is scary for the bank files!!! There is only one account on the PC, full admin.

 

Also, whats the best antivirus for free that I can use NOW? MBAM seems like shit and never detects anything even though I can see the malware in front of me.

[Enderman]

avast or avg is a good antivirus

 

but you should do a clean install

[Tieox]

Another vote for Avast! or AVG.  

 

I would also give Spybot S&D a look, I've found a few times it really compliments MalwareBytes.  

 

https://www.safer-networking.org/dl/

 

I would also ensure I've done a full run with CCleaner to remove any cookies, even if you remove the virus ( assuming it is a virus ) I would do a clean setup to be sure.

 

https://www.piriform.com/ccleaner/download

[Omon_Ra]

6 minutes ago, Rob.S said:

Also, whats the best antivirus for free that I can use NOW? MBAM seems like shit and never detects anything even though I can see the malware in front of me.

MBAM is anti-malware, same with Spybot. They are NOT anti-virus. While MBAM and Spybot will pick up some viruses, it's really not meant for that. Microsoft Security Essentials (I think it's still called that for Win7) has always done well for me. Make sure you have everything updated and run the scans/cleaners in safe mode. But your safest bet is to reformat and reinstall.

[Rob.S]

Can't reformat, lets just hope you all understand. 

 

IS IT SAFE TO RUN CSGO ON WITHOUT GETTING A VAC BAN FROM A POTENTIAL VIRUS. IF POSSIBLE COULD AN ADVANCED USER SCAN THE CODE. 

[Rob.S]

Bump

[Jonathantje]

1 hour ago, Rob.S said:

Can't reformat, lets just hope you all understand. 

 

IS IT SAFE TO RUN CSGO ON WITHOUT GETTING A VAC BAN FROM A POTENTIAL VIRUS. IF POSSIBLE COULD AN ADVANCED USER SCAN THE CODE. 

Bunnyhopping can get you banned, it doesnt matter which kind of script you are using. People will just report you for "Other Hacking", and you will get overwatch banned.

 

Use cccleaner and tell us your results.

[Rob.S]

1 hour ago, Jonathantje said:

Bunnyhopping can get you banned, it doesnt matter which kind of script you are using. People will just report you for "Other Hacking", and you will get overwatch banned.

 

Use cccleaner and tell us your results.

Haha man, this is not the place to ask. I'm not some filthy hacker - I know bunnyhopping is pretty unfair. What I meant is that there could still be a disguised windows process left behind that might trigger me a VAC ban. Tell me if you think it's likely - in bed now, will post results asap with ccleaner.

[Jasoman]

You could just look through the process list to see if anything is left behind. You could run Rkill before playing CSGO to make sure or just run if before doing a virus scan from Malware-bytes/JRT. I would also run adwarecleaner.

[Jonathantje]

12 hours ago, Rob.S said:

Haha man, this is not the place to ask. I'm not some filthy hacker - I know bunnyhopping is pretty unfair. What I meant is that there could still be a disguised windows process left behind that might trigger me a VAC ban. Tell me if you think it's likely - in bed now, will post results asap with ccleaner.

After using ccleaner, probarly not. 

Just make sure to validate your game files as it might have changed something. 

[Rob.S]

@Jonathantje Here are the results, if anything is abnormal please tell me. As for remote desktop, we access school and office often from the pc

[Jasoman]

well you got 4+GB of more storage now, but you can't see anything suspicious with that. 

 

[Rob.S]

1. All fine now, no problems thabks for the help guys. Hopefully he learnt his lesson!!