Results 1 to 13 of 13
  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Adelaide, South Australia, Australia
    Posts
    15
    Thanks
    0
    Thanked 1 Time in 1 Post

    antimalware Go virus, Latest version

    Hi Guys,
    I have had to clean out 3 machines this week, with the new antiMalware GO virus, but the last one is the one of interest.
    An ACER Z5610 AIO running Win7 H/Prem. was infected with this virus and after 12 hours of trying everything I knew with no luck, I contacted Malwarebytes by e.mail for some help. The machine would not run any sort of boot disk and the only program I could get to run was Malwarebytes in safe mode. Unfortunately it did not remove the virus. Malwarebytes replied to my e.mail promptly and gave me the tip on how to update the database files so that running Malwarebytes in safe mode would remove the virus. The tip is to copy the file at C\Program Data\Malwarebytes\Malwarebytes anti-Malware\rules.ref to the infected machine from a machine that has Malwarebytes installed and updated to the latest database. The program will now run in safe mode and remove the virus. The malwarebytes files downloaded from their site were 72 days behind and of course the machine could not connect to the net to update the files as it was only able to run in safe mode therefore no internet connection, no drivers.
    I hope this will help anyone that is having trouble with this insidious virus, it appears to be changing variants at a very fast pace as it is not the same as it was 2 months ago.
    Cheers
    Allan

  2. The Following User Says Thank You to aljatrad For This Useful Post:

    Dick-Y (2011-03-03)

  3. #2
    Super Moderator CLiNT's Avatar
    Join Date
    Dec 2009
    Location
    California & Arizona
    Posts
    6,121
    Thanks
    160
    Thanked 609 Times in 557 Posts
    From bleepingcompter.com...
    Remove AntiMalware Go (Uninstall Guide)
    Posted by Grinler on February 26, 2011 @ 09:18 PM Views: 38,921

  4. #3
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Quote Originally Posted by aljatrad View Post
    Hi Guys,
    I have had to clean out 3 machines this week, with the new antiMalware GO virus, but the last one is the one of interest.
    An ACER Z5610 AIO running Win7 H/Prem. was infected with this virus and after 12 hours of trying everything I knew with no luck, I contacted Malwarebytes by e.mail for some help. The machine would not run any sort of boot disk and the only program I could get to run was Malwarebytes in safe mode. Unfortunately it did not remove the virus. Malwarebytes replied to my e.mail promptly and gave me the tip on how to update the database files so that running Malwarebytes in safe mode would remove the virus. The tip is to copy the file at C\Program Data\Malwarebytes\Malwarebytes anti-Malware\rules.ref to the infected machine from a machine that has Malwarebytes installed and updated to the latest database. The program will now run in safe mode and remove the virus. The malwarebytes files downloaded from their site were 72 days behind and of course the machine could not connect to the net to update the files as it was only able to run in safe mode therefore no internet connection, no drivers.
    I hope this will help anyone that is having trouble with this insidious virus, it appears to be changing variants at a very fast pace as it is not the same as it was 2 months ago.
    Cheers
    Allan
    Did you try safe mode with networking? If the malware does not run in safe mode, it most likely won't run in safe mode with networking and, with internet access, you can simply update or download whatever you need to update or download.

  5. #4
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts
    I would like to know HOW the machines got infected...
    "If You Are Reading This In English, Thank A VET"

  6. #5
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Sydney, Australia
    Posts
    254
    Thanks
    0
    Thanked 5 Times in 5 Posts
    Quote Originally Posted by Banyarola View Post
    I would like to know HOW the machines got infected...
    Insufficient security in place and or user action (no offence to the original poster intended).

    Sometimes unknowingly a computer user can allow a piece of malware into their system or the malware itself is proactive in the sense that it exploits open doors on your system.

  7. #6
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts
    I would like to know which method caused the problem 'Proactive or self inflicted'
    "If You Are Reading This In English, Thank A VET"

  8. #7
    New Lounger
    Join Date
    Dec 2009
    Location
    Adelaide, South Australia, Australia
    Posts
    15
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Banyarola View Post
    I would like to know HOW the machines got infected...
    The owner is not too computer savvy unfortunately.
    He tells me that a pop up offering him protection from Malware appeared on his screen. he accepted the offer (Why)and therefore was infected. He ran the scan that is part of the scam and was told he had many virus's and could get it cleaned by sending them $49.95, which he did ( I have told hem repeatedly to contact me before he does anything if he gets an infection, he did not).
    Of course he did not get anything for his contribution to the scammers and after a frustrating day or two of not being able to do anything, contacted me.
    He had Microsoft Security essentials loaded and updated, firewall was turned on and has been running Advanced windows care (Pro) and Malwarebytes monthly to help keep the system running well.
    As I have already said, he is not too computer savvy and basically invited the scammers in by clicking something other than exit/delete/stop/no or what ever (nor did he phone me as he has been encouraged to do when he is presented with something he does not understand) to get rid of the first part of the attack. He has been a friend for years and this is not his first attack.
    Cheers
    Allan

  9. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Adelaide, South Australia, Australia
    Posts
    15
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Banyarola View Post
    I would like to know which method caused the problem 'Proactive or self inflicted'
    Self inflicted

  10. #9
    New Lounger
    Join Date
    Dec 2009
    Location
    Adelaide, South Australia, Australia
    Posts
    15
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by ruirib View Post
    Did you try safe mode with networking? If the malware does not run in safe mode, it most likely won't run in safe mode with networking and, with internet access, you can simply update or download whatever you need to update or download.
    Yes, no go there either. Malwarebytes would run in safe mode, but I could not get it updated till I contacted Malwarebytes.

  11. #10
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts
    Yes, usually it's the user that causes infection...

    Like I always say, when getting a popup close using Task Manager only..
    "If You Are Reading This In English, Thank A VET"

  12. #11
    New Lounger
    Join Date
    Dec 2009
    Location
    Adelaide, South Australia, Australia
    Posts
    15
    Thanks
    0
    Thanked 1 Time in 1 Post
    Quote Originally Posted by ruirib View Post
    Did you try safe mode with networking? If the malware does not run in safe mode, it most likely won't run in safe mode with networking and, with internet access, you can simply update or download whatever you need to update or download.
    Just a quick follow up.
    I had another problem with the same virus on another machine about a week ago and tried "Safe Mode with networking" and on that machine it worked OK. The Malwarebytes database updated and removed the virus in a very short time. The total time on the machine was less than an hour and only that long because I ran another 2 scans, MES and Spybot, just to be sure.
    Allan

  13. #12
    Silver Lounger Banyarola's Avatar
    Join Date
    Dec 2009
    Location
    Big Indian, New York
    Posts
    1,900
    Thanks
    19
    Thanked 65 Times in 54 Posts
    When you d/l the RULES.REF file where do you put it so Malewarebytes can update ?
    "If You Are Reading This In English, Thank A VET"

  14. #13
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Sydney, Australia
    Posts
    254
    Thanks
    0
    Thanked 5 Times in 5 Posts
    Quote Originally Posted by Banyarola View Post
    When you d/l the RULES.REF file where do you put it so Malewarebytes can update ?
    XP/2003

    "%ALLUSERSPROFILE%\Application Data\Malwarebytes\Malwarebytes' Anti-Malware"

    Vista/7/2008

    "%ALLUSERSPROFILE%\Malwarebytes\Malwarebytes' Anti-Malware\"

    Note: You can use %PROGRAMDATA% system variable instead when using Vista and upwards but the %ALLUSERSPROFILE% links correctly too.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •