Virus??
Page 1 of 2 12 LastLast
Results 1 to 15 of 23

Thread: Virus??

  1. #1
    Join Date
    Aug 1999
    Location
    Carson City, NV
    Posts
    603

    Virus??

    I need urgent help and would appreciate a quick response. Thank you all.

    This morning I started my Windows 8.1 PC as normal. Went smooth w/o any problem. Checked my email, but there was no problem, did not even open the mail, then closed the client. Then I checked the normal websites which I do every morning. Nothing unusual there. Then left and the PC activated the screensaver. Coming back I just started again by entering my password. Then the screen went blank and a message came back saying that some startup files are missing or corrupt. Then to continue a message box came up that "The program is able to resolve Windows startup issue is already installed". The thing is called Advanced PC Care 5.0. In the Eula is a website http:\craft-soft.com but it does not exist resp. the domain expired 4/16/2015. Once I ran Fix Now it showed some failures like registry etc. Continuing you are shown a box where I had to enter my email, complete address a credit card number, incl. security code. The payment was $39.90. Of course, I did not fill it out. I tried to start the PC in Safe Mode, which caused the same problem.

    Has any one seen this before. What can I do to get rid of it since I cannot startup the PC.

  2. #2
    Join Date
    Feb 2000
    Location
    Idaho Falls, Idaho, USA
    Posts
    18,063
    You may need a bootable CD or USB flash drive with some malware removel tools to get rid of that nasty.

  3. #3
    Join Date
    Apr 2000
    Location
    Sheboygan, WI
    Posts
    53,392
    Here are 15
    http://pcsupport.about.com/od/system...s-software.htm
    #7 is what I would try.

  4. #4
    Join Date
    Aug 1999
    Location
    Carson City, NV
    Posts
    603
    OK. This is more than serious, therefore this update. I sent my post from my laptop. A few minutes later I had to restart the laptop and BAM... the same issue appeared on it. No way to enter any of the two. I want to warn everyone of this which I think is a scam! Can happen to anyone, and there is no way to get rid of it because it is apparently not known as I said above. How it came on my computers is unclear to me because that morning I visited only four well known websites and this one only on the laptop.

    I called MS Help but after six hours and three people I talked to (in India)they told me that I have to reinstall W 8 which I am now working on my laptop. I have to set up all my applications. I have a back-up of all my files on OneDrive (thank God).

    I have not yet started the reinstallation of the Desktop keeping it powered of in order to avoid a reinfection of the laptop. Once I finish with the laptop, I will power it off and start with desktop. I plan to document what happens with taking pictures and then write a documentation with pictures which I will send to Microsoft. There must be an easier way to resolve the issue and MS has to research it and protect users from getting into the same thing.

  5. #5
    Join Date
    Mar 2009
    Location
    Arkham Asylum, Cell 13
    Posts
    11,686
    Next time, post to the ICU instead. Broni might have been able to help you out. He would probably have you run some boot disc utilities.
    http://discussions.virtualdr.com/sho...d.php?t=167915

  6. #6
    Join Date
    May 2015
    Posts
    3
    ok, so I just encountered the same issue on my work computer. I have absolutely no idea where it came from. I had installed some verified legitimate drivers for a Wacom graphics tablet and at the end of the install my machine needed to restart. After restart I typed in my username and pw and it began to enter the desktop, before anything loaded a progress bar appeared with text stating windows files are corrupt or missing and the Adv PC care from craftsoft needed to be installed to handle the problem. It gave me no other options, even though I knew i was sealing my fate I continued. I tried starting in safe mode with no luck. I then realized the apcc.exe was located in an %appdata% folder so its tied to local users. I logged in under another local user and it bypassed the "windows file currupt" screen and went to the desktop. I then ran hitman pro to locate the files, the .exe was located in the appdata dir and in c:/windows/temp. I deleted the executabled and replaced them with blank files that I called apcc.exe (so any supporting files wouldnt catch on to its removal...not sure if this ultimately fixed it or not). Then i went to run->regedit and searched for and references to apcc.exe to verify its locations again. I then used ccleaner to fix any registry issues and other suspicious activity (again, im not sure if this was directly linked to success or not). After all this, I was able to log back into the main windows user account. The virus is still located somewhere on the computer as it was just picked up by a windows defender full scan, but its not able to prevent login like before. Once the full scan is finished im hoping WD will be able to completely remove it. I hope some of this helps. Let me know how your process goes.

  7. #7
    Join Date
    Aug 1999
    Location
    Carson City, NV
    Posts
    603
    BrucieBC, thank you for your contribution, really interesting. It is exactly the same that happened to me.
    My question to you is: I can access my desktop as Administrator. Could I use the method you described and solved your issue with this be used in the way you described it? If this is so, it would save me from reinstalling etc. Irrespective, I will prepare a documentation and send it to MS. I had trouble with their help, because they did not know anything about this "virus" or scam - whatever one may want to call it.

  8. #8
    Join Date
    May 2015
    Posts
    3
    I was able to get ahold of Norton Internet Security through comcast and did a full scan last night. The scan turned up nothing related to the apcc.exe ransomware virus. I think the most important points to follow are to first get a copy of ccleaner and scan and fix all issues (this will more than likely erase any browser caches, history, temp files, etc). Second is to use Hitman Pro. If you have never used it before it will let you use its full functionality for 30 days which is great. Run the scan and then have it delete all threats found. If you arent able to get the 30 day trial, just run the scan - it will then give u the location of all threats on ur pc. Manually go and delete the infected files if hitman wont do it for you. After HM pro, go to Start button -> Run -> regedit. Then once registry editor comes up, go to edit -> "find" and search the entire registry for "apcc.exe". If regedit returns any search results, inspect these results one by one. If it is a file path for apcc.exe like for ex. "c:\windows\temp\apcc.exe" then go to that path on your computer, delete the file if its there and right click in the directory, click create new text file and change the name of the text file to apcc and change the file extension from .txt to .exe. This might not be necessary, but the reason I did this is because most virus's are split into multiple modules. One module will monitor your system to check if the infected file still exists. If you delete it, one module will reinstalled the deleted one. Most of the time its done using file hashes, but luckily apcc doesnt seem very smart as far as that goes. After completing all of that, I was able to log back into the initial user account. I then ran SEVERAL FULL virus scans with multiple scanners, including another scan with hitman pro which I know for a fact very quickly identified apcc and a few related components. My system came up virus free with every scan I did after all this soooo if you want to follow my steps I can say for sure it worked for me.

  9. #9
    Join Date
    Aug 1999
    Location
    Carson City, NV
    Posts
    603
    My situation is as such: I have reinstalled W8 from my MS DVD on my laptop, and then got all the updates which allows then to download and install W8.1. I am now ok with the laptop (had the side effect that it killed some annoyances). However, I cannot get into my desktop as the normal user but as the Administrator (hidden). With this I cannot scan my normal account. Searching for apcc.exe did not yield a result. Running any other program like Ccleaner did not help either. So, under this scenario, I am forced to reinstall W8 as I did with the laptop. Any other suggestion?

  10. #10
    Join Date
    Feb 2000
    Location
    Idaho Falls, Idaho, USA
    Posts
    18,063
    As an Administrator, you should be able to scan all files on the desktop computer. However, my original suggestion still applys. See Train's link for free bootable antimalware software, and try scanning with those.

  11. #11
    Join Date
    May 2015
    Posts
    3
    I did this on a windows 7 machine so my removal could be vastly different from your own. Have you searched for apcc.exe in the registry at all? By going to the start button and searching for regedit, then going to edit, then search, the searching for apcc.exe...

  12. #12
    Join Date
    Aug 1999
    Location
    Carson City, NV
    Posts
    603
    jdc2000

    it appears that going in as Admin. does not show all I have on the desktop. Additionally, each time logging in, one or two longer (error) messages appear that the c:\windows \config\profile is wrong. I will try the suggestion to create trains' suggestion.

    Hower, a reinstallation could have the side effect to get rid of one or two annoyances (whatever they are) and have a clean installation after 2 years of running W8. I'll keep you updated.

  13. #13
    Join Date
    Feb 2000
    Location
    Idaho Falls, Idaho, USA
    Posts
    18,063
    Each user has their own desktop and profile settings. The Desktop of the problem user is almost certainly different than the hidden Admin user's Desktop. You should still be able to run antimalware software on all files however.

    You could post the complete error messages that you are getting, then we could tell you what they mean.

    Another option is to connect the hard drive of the desktop system to an uninfeted system as a slave drive and then scan it for malware.

  14. #14
    Join Date
    Aug 1999
    Location
    Carson City, NV
    Posts
    603
    The message I get after entering my pw is in a small box titled "System repair", and it has a running green bar iike in Windows Update when you check for updates. All looks typical as for MS. The text is short: your startup files are missing or corrupt. That's all. After a few seconds a new small box comes up and it says ADVANCED PC CARE, then below: Craftsoft International, LLC, then below: ENGLISH, and finally C:\Users\ \All users\AppData...\apcc50.tmp.

    I would have submitted pictures I took, but they are with 3MB to big to use as attachments.

  15. #15
    Join Date
    Feb 2000
    Location
    Idaho Falls, Idaho, USA
    Posts
    18,063
    Those messages are bogus, and are from your malware. They can safely be ignored.

    The malware still needs to be removed though. Broni might be able to assist you with that.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •