Page 1 of 5 123 ... LastLast
Results 1 to 15 of 61
  1. #1
    2 Star Lounger
    Join Date
    May 2009
    Posts
    178
    Thanks
    1
    Thanked 0 Times in 0 Posts

    Malware removal (Doh!)

    Yesterday, in an extreme act of stupidity, I did something which left me stuck with XP Antivirus 2012.
    Basic question: How do I get rid of it? I uploaded Avast, which seemed to help a little, but seems to be causing problems of its own. I tried to install MalwareBytes Anti-Malware free program but ran into difficulties. I found that rkill and exehelper are supposed to make installation easier but there are five versions of the former and three versions of the latter. Which version of each works best with Win XP Service Pack 3? Which do I install first? Finally, are there any other programs that can clear out this pest? I'd hate to have to go for the nuke option, which I could talk about later.

    Help?

  2. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Both Malwarebytes and SuperAntispyware should be able to remove that. Boot in Safe Mode with networking, download each of them and let them run.

  3. #3

  4. #4
    2 Star Lounger
    Join Date
    May 2009
    Posts
    178
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Question: since I've never worked in safe mode, how do I do it? Steps? Procedures? And I still have those questions regarding rkill and exehelper. Plus someone told me about another program called Combofix which is suppose to be better than Malwarebytes. Anyone know anything about it?

    Quote Originally Posted by ruirib View Post
    Both Malwarebytes and SuperAntispyware should be able to remove that. Boot in Safe Mode with networking, download each of them and let them run.

  5. #5
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    S.F. Bay Area, California, USA
    Posts
    735
    Thanks
    15
    Thanked 80 Times in 78 Posts
    Tiger,
    Reboot your computer; as soon as it starts, press F8 repeatedly, untill you are given the choice of how to boot - pick safe mode with networking, download & install the abovementioned programs, and run them while still in safe mode.

    I understand that Combofix is not for the faint of heart, nor the unexperienced.

    Zig

  6. #6
    Plutonium Lounger Medico's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    12,631
    Thanks
    161
    Thanked 936 Times in 856 Posts
    I've never heard of combofix, but perhaps that's because MalwareBytes works well for me, although with my multi-layered approach to security I have never had a successful attack against my PC's. As you have found out, the hard way, the best security in the world doesn't help against "an extreme act of stupidity" as you put it. We all sometimes have these moments. In my case I call them "senior Moments". LOL
    BACKUP...BACKUP...BACKUP
    Have a Great Day! Ted


    Sony Vaio Laptop, 2.53 GHz Duo Core Intel CPU, 8 GB RAM, 320 GB HD
    Win 8 Pro (64 Bit), IE 10 (64 Bit)


    Complete PC Specs: By Speccy

  7. #7
    Lounger Super Sarge's Avatar
    Join Date
    Oct 2011
    Location
    Jordan Minnesota
    Posts
    45
    Thanks
    1
    Thanked 0 Times in 0 Posts
    This is why I have full image backups going back 3 weeks. It only takes me less than a half hour to restore a full image backup to time when OS was clean if ever needed.

  8. #8
    2 Star Lounger
    Join Date
    May 2009
    Posts
    178
    Thanks
    1
    Thanked 0 Times in 0 Posts
    I downloaded MalwareBytes and ran the scan twice. The first time it found a whole bunch of crap. They're gone apparently. I was very happy to see my PC return to normal. The second time it found another pest. That's gone too, I think. I ran Avast after that. It apparently didn't find a virus but "Some files could not be scanned." I'm going to run MalwareBytes again before bed. Now I'm thinking of adding SuperAntispyware but, with MalwareBytes and Avast on board, does anyone know of problems with three virus killers in the system? Plus, what's the deal with Combofix? It sounds like MalwareBytes on steroids. Why the caution?

    Quote Originally Posted by Zig View Post
    Tiger,
    Reboot your computer; as soon as it starts, press F8 repeatedly, untill you are given the choice of how to boot - pick safe mode with networking, download & install the abovementioned programs, and run them while still in safe mode.

    I understand that Combofix is not for the faint of heart, nor the unexperienced.

    Zig

  9. #9
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    SuperAntispyware can be installed and run when you feel like it because I understand it executes only when you order it to scan, same as with the free Malwarebytes. If they provided real time protection, that might be different.

  10. #10
    5 Star Lounger
    Join Date
    Dec 2009
    Location
    S.F. Bay Area, California, USA
    Posts
    735
    Thanks
    15
    Thanked 80 Times in 78 Posts
    what's the deal with Combofix? It sounds like MalwareBytes on steroids. Why the caution?
    From the description on Majorgeeks.com:
    ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program.

    You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

    It is also understood that the use of ComboFix is done at your own risk.
    Reading between the lines, if you're asking questions about how many antispyware programs you can have on your computer at any one time, you probably shouldn't be running this program without some direction. Please don't take this as a slam, just my 2 cents' worth.

    Zig

  11. #11
    2 Star Lounger
    Join Date
    May 2009
    Posts
    178
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Well, I uploaded SuperAntiSpyware and used it. It found a lot of stuff. Pretty shocking, much of it adware. It removed it, but geez! The crap I had....whoa! Anyway, from the info on Combofix, I guess it's one of those last resort, "do-not-use-unless-absolutely-necessary" programs. I guess Ted Myers' multilayered approach seems the best way to go. I do have a question, several actually: Now that I have MalwareBytes, SuperAntiSpyware, Avast, and Microsoft Security Essentials, is this good for a multilayered approach or are there better programs to cover all the bases? I have this annoying red shield in my lower-right corner labeled Windows Security Alerts, is this a reminant of the virus or legit? Either way, how do I get rid of it? Plus my computer takes too long to shut down and a little long to log on to the internet. Are these a consequence of constant activity running the antivirus progs or is something still interfering with my PC functions? Anyway, thanks for the help and advice people, I really appreciate it.

  12. #12
    Gold Lounger
    Join Date
    Oct 2007
    Location
    Johnson City, Tennessee, USA
    Posts
    3,202
    Thanks
    37
    Thanked 215 Times in 202 Posts
    Quote Originally Posted by tiger4 View Post
    Now that I have MalwareBytes, SuperAntiSpyware, Avast, and Microsoft Security Essentials, is this good for a multilayered approach or are there better programs to cover all the bases? I have this annoying red shield in my lower-right corner labeled Windows Security Alerts, is this a reminant of the virus or legit? Either way, how do I get rid of it?
    "Tiger"

    Hello... Just keep in mind that "Malwarebytes" Free does not run in real time (Background) you have to run it manually to scan and update... If you move to their "Pro" version it runs and updates automatically and can be set to remove the "Bad's" on it's own ... As "Super blah,blah"... I don't trust it since i tried it when it came out and it wanted to remove the "Virus" it found after purchasing the pay for version...As far as the Windows "Red Shield" i get that because i have "Windows Update" set to "Never Check for Updates" Have a look at your settings...Regards Fred
    PlainFred

    None are so hopelessly enslaved as those who falsely believe they are free (J. W. Von Goethe)

  13. #13
    2 Star Lounger
    Join Date
    May 2009
    Posts
    178
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by tiger4 View Post
    Plus my computer takes too long to shut down and a little long to log on to the internet. Are these a consequence of constant activity running the antivirus progs or is something still interfering with my PC functions?
    I'd like to amend that: My computer won't shut down at all and it takes a bit too long to connect to the internet. Something's interfering. Any ideas? Missed virus perhaps?

  14. #14
    Lounge VIP
    Join Date
    Apr 2011
    Location
    Scotland
    Posts
    1,168
    Thanks
    44
    Thanked 134 Times in 115 Posts
    Tiger4, Hello.

    It's quite likely that your "scare-ware" XP antivirus 2012 infection has been dropped onto the system via a rootkit installing a trojan-dropper. It's quite a common infection route.

    If correct, running Malwarebytes / SuperAntispyware and all the others will not remove the root casue infection and it will come back time and time again as you are only removing the visible element dropped onto the system by the trojan which is now hiding.

    A technique that, so far has not let me down for these types of scare-ware, is to boot into Safe mode (without networking) and run a System Restore. When re-booting from the System Restore make sure to return to Safe Mode (without networking) to complete the Restore. Double check to ensure you do not have a DNS Hijack or a proxy set in the adapter settings. Verify the Hosts (C:\Windows\System32\Drivers\Etc\) file has not been changed and consider running Kaspersky TDSS Killer and the Sophos Rootkit tools too. Then run Malwarebytes and the others to verify you are clear.

    After running Malwarebytes, re-run your favourite tools, but also check using autoruns for any leftovers.

    To help prevent future outbreaks, make sure Java, Adobe Flash Player and Adobe Reader are fully patched (these are very common infection points). Also, install adblocking add-ons to you favourite browser - many of these nasties get in through poisoned animated adverts that exploit holes in flash or java and do not require user interaction.

    Look into running a HIPs based OS firewall such as Comodo or Online Armor which will intercept suspicious program activity and allow you to nip it in the bud.

    Finally, consider running the machine from a Standard User account rather than admin as this makes it much harder for the malware to install - it requires either an second attack to elevate privileges or for the user to manually allow installation.

    BTW, I agree with the caution about ComboFix. It is almost certainly not needed to clean up this type of infection .

  15. #15
    2 Star Lounger
    Join Date
    May 2009
    Posts
    178
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Tinto Tech, Hello Back

    Thanks for the advice but thanks to that advice I now have a whole bunch of questions. You see, I'm not PC savvy, so a lot of the terms you mention in your post are Egyptian hieroglyphics to me. So here are the questions:

    DNS Hijack or proxies set in adapter settings: What are they and how do I get rid of them?

    How do I verify the hosts and what do I do if the file has been changed?

    Kaspersky TDSS Killer: What's that and how do I get it?

    Sophos Rootkit Tools: see above

    Autoruns: what are they? What do I do to activate them?

    Java, Adobe Flash Player, and Adobe Reader: how do I check the patches? (No forget that. I don't have Java or Flash Player [I think]. I do have Adobe Reader X)

    Ad-blocking add-ons: the browser offers those, right?

    HIPS based OS firewall: what's that? How do I get it?

    Standard User account: I think I already use it. In reference to manual allowance of malware, how do you think I got into this mess?

    Furthermore, how do I turn off my computer when it won't shut down? Other than switching off the surge protector, I mean?

Page 1 of 5 123 ... LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •