Last week, I got hit by ‘security suite’ malware. Yuck. I whined about it on facebook and got lots of great responses telling me to stay off the porn sites. I had to ask the SO to borrow his netbook so I could download all the anti malware programs and put them on a thumb drive to load onto my laptop to get this crap off my computer.
It sucked, but malwarebytes took care of it.
I haven’t launched Chrome since I got hit with it. I guess I’m too paranoid.
Yes, I don’t know how to get rid of it. Sometimes it will screw things up and every time I try to click on a regular link it takes me to a commercial site.
He didn’t get it here, but my dad did pick up a fake antivirus. Fortunately, he was running in a limited account, as I’ve always preached, and cutting power, logging in as a separate administrator in safe mode, and a quick run of Malwarebytes killed it.
But here’s what might be helpful to the OP: I then Googled the malware itself, and found out how you could know if you were infected, and made sure to delete any registry keys associated with it. After that, I knew I was clean. I ran HijackThis after I went back.
Now I run ProcessGuard. I know every single program that runs on my system. If a program I have not already allowed tries to run, it will fail. It may be old, but it does work.
If you have Malwarebytes, reboot in Safe Mode by tapping F8 during the reboot cycle. Run Malwarebytes. Let it fix the problem.
If you don’t have Malwarebytes, reboot in safe mode and be sure to select the option “with networking” when the reboot is nearing completion. Go online from there and get Malwarebytes. Run it.
Otherwise, use Firefox as your browser. Search Google and download the Firefox plug-in for adblock plus.
This worked for me. (I had adblock inadvertently disabled is why I got the malware in the first place.)
My laptop got infected and I restored a backup to get rid of it. Tried Malwarebytes, first but not in safe mode and it failed, quicker to do a bare metal restore than to fuss further.
Now I browse the board on a VM just for the purpose so I can blow the whole machine away and make a new one if it happens again.
Yup, more than once. (We have multiple computers, and my wife, for reasons known only to her, won’t use anything but IE).
I just do what Bearflag70 outlined above; power down immediately. Disconnect from the internet. reboot in safe mode and nuke it from orbit (run Malwarebytes.) I did have to boot in safe mode with networking once, on one old computer that didn’t have Malwarebytes, and that worked fine too.
Oddly enough, all our computers had/have AVG, Spybot S&D, and Adaware on them, and none of those programs initially noticed a thing. :eek: although Spybot did find and destroy some of the crap the malware loaded onto one of our computers.
Now I have all 4 programs on everything and keep them updated.
I got hit by something similar. I was able to remove the fake security suite stuff by running Windows in Safe mode and using a program called SpyHunter. I still had a virus that would redirect my search results in Google and Yahoo.
Posts generic, smug, Mac based comment and slinks away…
What? somebody had to, right
On a side note, if you (the hypothetical you) have a second windows computer with a current, updated antivirus program (a virus scan station, for lack of a better term), wouldn’t it be more effective to shut down the infected box, pull the drive, install it in the VST, boot up the VST off it’s own drive and then scan/repair the infected drive, that way the antivirus app can have full, unrestricted access to the infected drive, giving the malware essentialy “nowhere to hide”?
Warning about Combofix: there is a non-zero chance that it will render your computer un-bootable. It is not a risk free scanner to be used casually by inexperienced users. Caveat lector.
I restored a back-up multiple times over the course of three weeks until I found out it was coming from this site. Then I stayed off it until I could go out and buy a whole hell of a lot more protection.
I saw those warnings as well. While I don’t consider myself an “inexperienced user”, I didn’t see a lot of options with Combofix that requred extensive knowledge.
Anyhow, it seemed to have solved my particular issue with few side affects other than reinstalling some minor programs.
It is not the options once it is running, it is knowing whether your system needs to be prepared beforehand to run it successsfully, like disabling your antivirus and CD emulation drivers to reduce the liklihood of turning your computer into a doorstop. Certainly, the risk is relatively low; I’ve run it on scores of computers, and only had one go tits-up. But it is a word to the wise, if only to get people to back up their data before attempting to do any kind of spyware/virus removal.