BleepingComputer.com: AntiSpy Protector 2009 + Rootkit = Big Trouble!

OMG, OMG!! I almost downloaded this from Download.com not 20 min. ago! WOW! Am I ever glad I came here 1st & saw this. Whew! (Wipes sweat from forehead).

MagickalPotion, on Aug 27 2009, 08:44 PM, said:

You were lucky ;)

I think the rootkit you encountered is a different variant than the one discussed in this topic.

So youre saying this is diffrent virus? Not part of any hidden installed rouge ant-spyware?

Kenji The Helpful, on Aug 28 2009, 04:30 PM, said:

Kenji, without seeing what was loaded to your machine it is impossible to qualify the virus you might have. If you believe you are still infected you can post a request for help in one of our malware sections.

Rest assured, work is continuing on the analysis of these rootkits and removal methods will be developed. As progress is made there will be information posted here on the site.

Grinler, on Aug 18 2009, 06:59 AM, said:

Hi Grinler,
THANKS so much for all you and your BleepingComputer team do and continue to do for us every day!

I posted in the "Am I infected? What do I do?" forum and didn't want to break any site rules my posting again somewhere else.

I have 3 major problems:

-I'm not very tech savvy, just a basic end-user

-my laptop infected with Anti Spyware 2010 and braviax.exe is a ThinkPad XP Pro SP2 has no installation discs. Everything is done thru ThinkVantage Productivity Center. But, this "rootkit" has disabled it and denied me access to all my laptop system functions "based on group policy, administrators denied access"

-Malware has blocked my Normal Mode internet access by redirecting or blocking all my google searches via Firefox. It has blocked all my efforts to run MalwareByte, SuperAntispyware, Stopzilla, ComboFix. HiJackThis - even after renaming each one - when I did get Malwarebyte to open, it would run for 3 seconds and then disappear. At one point Mbam.exe gave me "error code 707 (3,0) Now the malware has stopped me from editing the Registry "administrator denied access".

Every attempt to fix this infection on my part is matched by blocking/denying access on the part of this nasty malware. My Safe-Mode access keeps freezing up, but I will try to run RootRepeal again - if I'm successful will post log asap!.

The malware installed a fake MS logo shield in my taskbar, then a big red circle with white X. After numerous attempts and not without a fight, I was able to remove PC Antispyware 2010, then Protection System, then CoreGuard via the Control Panel. On 8/22 Norman Malware Cleaner found W32/Obfuscated.P2!genr

Thanks again.

harrythook, on Aug 29 2009, 08:17 AM, said:

Well it wasint "My" computer, it was my friends computer. And until i can try to figure out what virus it is, i can try to tell what might happen further.

This post has been edited by Kenji The Helpful: 29 August 2009 - 10:24 PM

fab4life4ever, on Aug 18 2009, 05:29 AM, said:

I have this on my computer I deleted the program from poping up but it wont let me run any programs and when I do a search on something using yahoo the links changes to google

I know that superanti spyware free edition has a program that keeps your homepage from being hijacked don't know if it will help the search engine. maybe you can disable all other search engines but yahoo
just a thought good luck

This post has been edited by doctorphibes: 30 August 2009 - 03:24 PM

hi im new at this n im trying to get rid of a personal antivirus that keeps popin up sayin that i have trojan viruses and worms on my pc n i just tried everything to get rid of it n it just keeps poppin up everywhere inturupting my internet please let me no wat else to try i tried to uninstall it removing it from the control panel and nothings working.

have you tried any anti malware programs?

Please remember that this thread is for news, as in information that is coming out related to new infections and the methods to remove them. Feel free to look around the site for more specific information related to your problems, there is a malware section with the information you need to get started on the path to removing this infection.