EPTI was lurking around reading posts about 1 month ago when today my father was clicking on some link he claims he does everyday from a blog to some "UK newspaper" site about "How to buy gold" <--- my spider sense detects inconsistency at this point. But no point arguing with him.
----------------------------------------------------------------------------------------------------------------------------
EDIT: Later he came back and offered to show me what he did earlier and it was a life feed link from a blog and looking legit, I clicked it (knowing how to solve the problem) and got here (just in case you're worried, it really is): http://www.telegraph.co.uk/finance/personalfinance/investing/gold/8635523/How-to-invest-in-gold.html . Showing him the article, he said he didn't see this page earlier. Based on how he spoke and knowing his .. routines, I have some confidence that that's what happened. If it's true than it's really scary.
On second thought, it could be due to some link he clicked earlier since programs take some time to finish installing. That makes more sense.
----------------------------------------------------------------------------------------------------------------------------
The program "Security protection" had all the pictures used by Win7, the firewall and the shield thing and for moment I thought it was from windows, until I saw the shortcut icon on the desktop which meant that a program was installed. Moreover I couldn't close it and any program I execute just dies after 2 seconds so I can't use the task manager to kill the process or restore it to and earlier state.
And it scanned my pc automatically and detected some win32Gen-Child-Porn which made me panic a while. This was before I saw the shortcut icon on my desktop.
So at first I tried to out maneuver it by trying to kill the process with the task manager faster than it could kill the task manager.
Didn't work.
Next, after trying to alt f4 and right click it from the task bar in vain, I went to the 'settings' tab and saw options to "Start Security Protection on startup" and "Scan PC on startup". Seeing a glimmer of hope, I pounced on both the checkboxes and promtly restarted my computer.
Only to be greeted by the the same scareware again.
After staring and thinking for a few minutes, I suddenly recalled reading something about safe mode and hoped that it will allow me to restore my backup. Sure enough, in safe mode, the "Security Protection" scareware didn't startup and neither did MsnMessenger or anything else. Without anything stopping me, I was able to restore my computer to an earlier state.
And sure it did :D
After restoring, I quickly loaded the thread I bookmarked and couldn't be more grateful.
Download Combofix ( http://www.bleepingcomputer.com/combofix/how-to-use-combofix )
Also download hijackthis ( http://free.antivirus.com/hijackthis/ )
What you want to do is boot into safe-mode and run hijackthis first, after that run combofix. Once combofix finishes its going to reboot your computer. Running both of them should do quite the trick to speed up your computer.
After that I would run malwarebytes ( http://www.malwarebytes.org/ )
I used to work at a PC repair shop and those 3 programs solved 95+% of our issues.
Also download hijackthis ( http://free.antivirus.com/hijackthis/ )
What you want to do is boot into safe-mode and run hijackthis first, after that run combofix. Once combofix finishes its going to reboot your computer. Running both of them should do quite the trick to speed up your computer.
After that I would run malwarebytes ( http://www.malwarebytes.org/ )
I used to work at a PC repair shop and those 3 programs solved 95+% of our issues.
Thank you so very very much Halfwarr!!!!!
