So, my computer’s been FUBAR’ed by one of those antivirus programs that takes over everything until you buy their product.
I keep trying to run Malwarebytes Anti-malware (which I already have installed), but it can’t finish scanning before the blue screen of death comes up. Also, if I try to start up in safe mode, it just goes straight to the BSOD. Starting in “last known good configuration” is the same as starting regularly.
So, is there a way to stop the virus for long enough to run the anti-malware scan? Is there anything else I can do? I suppose the ultimate solution is to re-install windows, but I’d like to try everyrthing before doing that. Thanks.
It can be tricky. The second option is to download Super AntiSpyware and see if that’s any better. The malware often doesn’t affect it.
I’ve also had some good last ditch help from Norman Malware Cleaner, which flies even further under the radar of the spyware.
Next level is to use Rootkit Revealer to find rootkits. You’ll then need to book from a CD-based OS like Bart PE or Windows PE, find the rootkit files then and delete them. Your cleaning software will work if the rootkits are deleted.
You can try re-naming MBAM (the .exe file) and see if that works. It’s likely you have a rootkit as well. MBAM can help clear the parts, but you need remove the rootkits(s) first. A month ago, I was infected by System Security 2009 and it took several steps to remove it. Since you’re using MBAM, here’s the page for what do to begin the process of saving your computer:
Unfortunately, some rootkits, such as the one I encountered, disabled msconfig, as well as regedit and task manager, in normal mode. However, misconfig can, hopefully, be accessed in safe mode.
But he can not reach the safe mode screen, that is why I advise to try this before following all the other recommendations.
What is the AV in question? This is a very long shot: Some scumware makers still try to “follow the law” and their uninstaller will remove the program so I should try that too. (it could be in the start menu or the “add remove programs” in the control panel) Even if that works, I would advice using the previously recommended removal tools.
The MSConfig is so limited that it is rarely useful. It’s very easy for malware to hide from it (or not display on the task manager).
Hijackthis used to be a great tool for finding startup programs that didn’t show up on the task manager, and may be useful, but it has gone from the #1 essential tool to an afterthought. Still, it couldn’t hurt to try it.
Can you boot to a command prompt? Either from your XP / Vista CD or from the startup menu?
If so, you can do a manual rollback / System Restore of your registry. There’s a MS KB article on how to do this. Basically, you copy files from c:\System Volume Information to c:\Windows\system32\config. Both are hidden directories. Rename the originals first!
Edit: Just use it to scan. You’ll need to disable your AV to get it to run. Don’t use it to remove items without showing the log to someone experienced in malware removal.
If the computer is BSOD’ing then I really doubt this thing is removable. It has probably already corrupted some system files. If the MSRT doesnt work, I would do a wipe and reinstall of windows.
With respect to the programs to download and run, could I possibly put the program on a thumb drive and install it on my computer that way? I’m just thinking that I may not have enough time to download and run it before the BSOD, but maybe it’s faster to install from a thumb drive.
Also, any suggestions for software to use for protection going forward? I aparently let my PC-cillin prescription lapse, so I guess I’ll go ahead and re-up on that.
If you make a bootable USB drive and boot from there without even looking at the hard drive, then the nasties on your HD should just sit quietly waiting for you to find and destroy them. If that doesn’t work, you can boot from a USB drive, back up any important data, and then nuke the whole hard drive and do a re-install. You will likely have to get into the BIOS and change the boot order in order to boot straight from a thumbdrive.
I had the same friggin’ problem about 4 months ago…
I looked online, and tried to download EVERYTHING suggested on various messageboards reagrding this virus (2008 Spyware Guard was the bastards name??).
The problem was everytime I tried to download something the ‘virus’ blocked it, saying I was infecting my computer further or some horse-shit.
I had finally resigned myself to go ahead and re-format my computer to get rid of it. I told the IT guy at my company, and he created an Avast! boot disc (?) to preload before the OS (and the virus) took over…
I loaded it and watched the fireworks! It was kind of cool! Multilple pop-ups between Avast and the virus as they seemingly battled one another!
But then…
When it looked like Avast had won I rebooted…and the f@cking virus was still there…imploring me to pay $57 to eliminate a virus on my computer
Sooooo, I ran the Avast boot disc again…same thing with the virus battle…I figured I was screwed…
But when I rebooted, IT WAS GONE!
Phew
It was quite the emotional rollercoaster I tell ya
Awesome. So do I just need tell my IT guy at work that I need an Avast boot disk? Or is there more info he needs, or is Avast short for something? Thanks.
As mentioned Avast! is a free online anti-virus program.
The disc the IT guy gave me was a copy (maybe not Kosher ) copied from…somewhere…sorry I can’t be more help, but I will ask him if you want.
He got info on this from a computer shop he uses for purchases for the company. The shopowner relayed a story about one of his customers who had the same virus and opted to PAY the $50+ for the remedy.
The ‘remedy’ involved downloading MORE crap on his PC, only to have the program he downloaded to fix the problem tell him the virus was ‘too powerful’ and he needed to purchase ADDITIONAL software from the virus makers…
He did that too (I think it was $100+ this time!!!:eek:).
Of course that failed, and the guy finally decided to have someone look at it. I wonder how many people are actually suckered by these things.
My IT guy told me a lot of these anti-virus scams originate out of Russia…
Several months ago, one of my wife’s friends brought me a PC that her husband had mangled in exactly the way you described. I didn’t think these viruses actually worked well enough to get someone to fork over money, especially more than once.
) copied from…somewhere…sorry I can’t be more help, but I will ask him if you want.