get malwarebytes (maybe? .com) get microsoft security essentials, and ccleaner and spybot search and destroy all free, do the scans, and report back


ETA you may need to run in some kinda safe mode

When it pop's up with the "your system may be infected" in the upper left hand corner of the window does it say Antivirus 2010 or something like that?

If so more than likely you've been infected with sypware/malware and not a virus.

Best program that I've seen to remove one of these nasty ones is called Malwareybytes. http://www.malwarebytes.org/ Totally worth the 25 bucks it takes to purchase it. The free edition should get rid of it but if you pay it also provides real time protection something that might be good for your parent's computer if your not there to keep an eye on the computer all the time.

Sounds like the ever-popular Demo 99 virus.
It's evil.
Idiots fix (worked for me).

1. Go to another computer, hit the net and download a free copy of "Superantispyware". (.org???)
Burn it onto a CD.
2. Disconnect the infected PC from the internet.
Put the SAS CD in your infected PC.
The window should pop up, save to C...do it.
The virus will try to trick you and tell you the download failed.
Don't worry, the download worked.
3. Restart computer in safe mode. (Hit F8 during bootup)
Start and run the SAS program.
Wait 45min-1 hour.
SAS will give a report with results.
Worked perfect for me.

However, SAS will now hang around and put itself into your start menu.
It may conflict with other anti-spyware / virus software you have.
I liked the SAS but had to delete it due to conflict problems.
However, that SAS CD is right here at my side, ready to kick butt again.
And I lost nothing!
(They do ask for a donation, please consider it, fair is fair.)
Good luck.

Try system restore and go back to the restore point to when you when it was working. It might fix your issue. The easiest way in my opinion.

its not AVG, avg is legit company, i think ur talking about AV suite.
if u can confirm i can help manually remove it.
1. can u go any sites or does it redirect u to their antivirus site?
If so, go to internet options > connection > lan settings > and uncheck "proxy server", once thats done u can surf the web again.
2. Push ctrl, shift and esc and see if u find a program running as [random characters]tssd.exe, if its running i got the fix for it

PM me if u need help

Wow thanks for all the replies.
Right now the problem is I'm not at my parents house to mess with it. Can you download malwarebytes etc to a thumb drive and run them from there? Its not possible (atleast I can't figure out how to download them to the infected computer and have it run the program) everytime I try it comes up with file infected. not the one I'm downloading, but a "windows" file. abunch of different ones actually.
I'll try the proxy server thing tomarrow and if someone can tell me how to run MWB and the other free programs from a thumb drive. All I have is a netbook. no CDROM to burn to.
Thanks again

try the proxy thing, ill PM u with details

When it comes to my parents' computers, I just have a Ghost image of a freshly installed Windows OS, drivers, and all the applications they use. If they get infected with malware, I just reimage the drive for them from a bootable DVD. Takes all of 5 minutes to do.

Here is my simple fix for this type of fake AV, requires no software to get rid of it.
1) Navigate to c:\Windows\system32
2) copy taskmgr.exe to the desktop
3) rename taskmgr.exe to iexplore.exe
4) kill any suspicious processes
5) once you find the fake AV, delete the file
6) Reboot and check if it's clear
7) Check IE proxy settings and clear if there is one set (most likely 127.0.0.1 port 5555)

Most fake AV's come as a rider to ask.com toolbar's such as "MyWebSearch", Weather Channel Desktop, ALOT toolbar, etc. Be sure to remove all toolbars. "Move networks" will also infect firefox, be sure to disable and remove anything from them.

If you are running 32-bit XP, try combofix after the fake AV is gone.
http://www.bleepingcomputer.com/comb...o-use-combofix This is the most powerful utility available for knocking out the strongest viruses and rootkits. DO NOT use this tool on vista or 7.

Follow up with MalwareBytes and then your AV of preference. I typically will also manually check the registry for shell execute hijacks which may break .exe file associations. HKEY_CLASSES_ROOT\exefile\shell\open\command value should be "%1" %*.

You can also check for open ports on your computer by dropping to the command prompt and running netstat -ao. Have task manager open and add "PID" from view->select columns. Look for socket state "LISTENING" and check each one against task manager to see what process is listening. Google search for "port xxxx" should show you what processes typically use that port, and if suspicious software is known to listen there.

Never should have used Internet Exploder 8. Firefox w/ NoScript Add-on FTW, and you wont get a virus again, unless of coarse you are intentionally downloading crap you shouldn't be.

I don't run an anti-virus and haven't gotten a virus since I switched to Firefox. Anti-virus programs are a waste of money and just slow your computer down.

To the OP, IMO The only way to be 100% sure the computer is virus free is to format the drive and reinstall the software.

Hey! I got the same virus!

It liked to redirect me to porn sites. At least it was normal porn.....

sure

Yes, when I got the Demo99 it linked to and opened porn sites to try and force you to accept their "offer".
I got it when loading pics of my son's birthday party from Photobucket to an email for my Mom.
Yes, I told my wife I was innocent!
The only porn I look at on my PC is gun porn!
She said OK...
Two days later, one of her girlfriends at work was surfing the net for women's clothes at lunch and got the exact same Demo99 virus which started opening up porn on the work PC.
So now my wife does believe I was innocent!
Phew!

So you can get this virus even if you are being good!

There are a lot of smart and savvy PC gurus here who know way more than me.
But as far as manual deletion goes, Demo99 installed itself or parts of itself in 87 different places in my PC according to SAS.
I think this would be tough for me to find them all manually...and if even one is left, it re-installs itself.
I see no reason a thumb drive could not work in place of a CD...as long as you can get around the virus and access the thumb to download.