"XP Home Security" malware just ruined my fucking day...Malwarebytes blocked

Who are the fucking pigs who write these evil, satanic goddamn programs? Do they have any idea how much aggravation they cause?

I was minding my own business when all of a sudden all this bullshit about “XP Home Security” pops up. It’s a fake malware program pretending to be a real anti-virus program, though I don’t know what kind of person would actually fall for it.

I try to start up Malwarebytes to remove it. I can’t. Malwarebytes has apparently been blocked.

Does anyone know how to get Malwarebytes running again after an attack by this evil program?

Go into Safe Mode if you can (though they have managed to block that too, when I try it now).

If not, when you startup in regular mode hit Ctrl-Alt-Del to get to the list of programs starting up and find the one that is a bunch of random numbers and letters and delete it. If you’re quick enough, that prevents it from beginning and you can attack it at your leisure.

It will create a folder in your “Documents and Settings” somewhere, named with the same random numbers and letters. Shift-Delete it (bypassing the Trash) and then use Malwarebytes, making sure it searches your Registry. You can also do a manual search of your Registry for that letter/number string.

I had the same problem with my netbook lately. I had spybot S&D as well as malwarebytes loaded, but both of them were blocked. IIRC, malwarebytes didn’t work in Safe Mode, but Spybot did. Then I was able to run spybot in normal mode, then malwarebytes. Several times.

So, once you’re able to boot up and get online, download and install Spybot S&D.

See if you can use System Restore. The viruses have been leaving that alone lately (though I have seen a few cases where they’re going back to messing with it).

Does anyone have any idea how these malwares get installed to begin with? I have anti-malware stuff, but the bad guys seem to keep finding ways around it. And I try really hard to click only on places that I’m familiar with, but I still worry about getting infected.

I managed to get rid of the program using Spybot Search and Destroy, actually. Thank God. Who are the evil pig-men who create these sadistic malware programs? Is there any law in place to punish them for it?

On malwarebytes change the name of the executable file from .exe to .com. Most malware blocks are file name specific and this will get around it and still execute the file.

Wow, I had almost the exact same problem today. It was called, IIRC, Antivirus Protection Trial. Brand new computer, no idea where it came from. I booted into safe mode, but McAfee found nothing. Turns out that we didn’t get the actual program, just a few registry entries. I googled the name, and there were several sites telling me how to fix it. I just had to delete some registry entries. Weirdly, it only affected my wife’s account - on her “side” of the comp, she had fake popups, all icons disabled, etc. On my side, zero problems, and no registry errors.

Joe

And if that re-naming doesn’t work, rename the .exe to .scr instead of .com. Malwarebytes throws an error if you do so, but it will still execute, and clean up this shit.

Use Firefox with the NoScript and AdBlock+ addons and you should be near immune. I say “near” immune because if you wind-up “trusting” the wrong site or disabling the protection for whatever reason, you might get hijacked. But just be judicious with which sites you “trust” and you should be alright.

You may want to check out SpywareBlaster by Javacool software. It blocks the installation of known active x based malware and spyware. It doesn’t consume system resources and works especially well with Internet Explorer and Firefox to block browser hijacks too. You can use it free, but if you want the auto update feature you have to pay.

Seems to be a nice little piece of software for plugging up some holes in the wall so to speak.

You get this from infected websites. They’ve been hacked to hand this out. I’m surprised that whatever hole it uses to infect PCs has not yet been blocked; I’ve seen variants for over a year.

right clic on the taskbar clock (lower right) and bring up task manager. Click on the top title of the process owner column, and kill any processes running under your username that don’t look familiar (if you don’t knw much about windows internals, skip this step.)

BTW, you may need to create REG files from a computer with the same operating system; export the hives under Hkey_classes_root for “.exe” and “exefile”. This creates .reg files you can take over to the infected computer and double-click to run, repair your exe settings. This virus hooks into how exe files run so it can monitor what you run and ensure no programs are run that threaten it. Removing the virus will sometimes make it impossible for you to run EXE files, and not every program will run as .COM file.

Good luck!

One thing that I’ve never really understood is why they put so much effort into circumventing removal efforts. I can understand why they try to knobble existing antiviruses, but surely you are very quickly going to be going beyond a point where the user is going to have enough savvy that they are never going to actually put their credit card number in like the software is telling them too, and worst case will go for the nuclear wipe.

Given that the home computer user base seems to be so utterly dominated by the low hanging fruit, I don’t see why it’s worth spending so much effort on the harder targets when all that can likely achieve is to increase their visibility to the antivirus people.

Or are they just trying to be as jerkish as possible?

The last time I got infected I was downloading a … how do I say it? … a photo that was pornographic in nature. Took me a week (and a phone call to McAfee) to fix the problem.

It could have been a file you download. However, it could have been from a legitimate site. I came across one of those scareware pop-up ads while browsing the New York Times. This part of what is know as drive by downloads.

In addition to my AV and firewall, I also use AdBlock Plus, CCleaner to clean my caches and temp files and Malwarebyte’s Anti-Malware and Super AntiSpyware Free Editions to quick scan prior to shutdown.

Let that be a lesson to you. Surf porn only on a Mac.

I have a small .exe that I keep on a flash drive that when installed and executed, will temporarily kill efforts to stop anti virus and other programs. Just do a search for rkill.exe.

It’s not safe anymore

Scareware Gives Mac Users the Heebie-Jeebies

I’ve encountered this one. IIRC, you can rename the malwarebytes executable and run it to get around this particular piece of malware.

Slee

Rename the malwarebytes main exe to iexplore.exe.

Several bits of malware lock out everything else.