Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Antispyware 2010 - Can't boot in safe mode - Can't run taskmgr or Combofix or MBAM


  • Please log in to reply
6 replies to this topic

#1 gloeck

gloeck

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:58 PM

Posted 27 August 2009 - 10:33 AM

Hi,
I really hope someone can help. My computer gets infected all the time and I can usually get it fixed, but not with this one. I have PC_Antispyware 2010 (somehow it automatically installed itself on my computer). I cannot boot in any form of safe mode. I can't run task manager. I can't run combofix, or any program for that matter. I've searched for the files that most sites say to delete, but come up with no results. Does anyone have any idea how to do anything about this? Any help would be greatly appreciated! Thanks!

BC AdBot (Login to Remove)

 


#2 Guest_oldmill_*

Guest_oldmill_*

  • Guests
  • OFFLINE
  •  

Posted 27 August 2009 - 12:21 PM

You have gotten one of a series of Trojan.FakeAlert virus/spyware combos that have been around a couple of years now, morphing slightly from time to time. I've observed several delivery vehicles, but the one most seen has been the download of a small virus upon visiting an infected website (which may not know it is a host) followed by the uploading of the main package, in your case named PC Antispyware 2010. It comes out of Russia and invariably asks for money to fix the problem. It gets by every major antivirus program (that I've seen) and Malwarebytes Anti-Malware is the only solution I've found. When it first came out I was able to remove it manually but they've gotten better at hiding themselves. Be sure to turn off System Restore or you could simply reinfect yourself on reboot - turn System Restore back on after the infection is cleaned. In some cases you cannot install and run MBAM, and then it is necessary to remove your hard drive and run it as a secondary drive in another computer while scanning it with MBAM for the virus files. Once that scan is complete, return the drive to your computer and run MBAM again to remove Registry entries. If you keep catching this you need to carefully observe which site seems to be related and stop going there. You might also consider subscribing to MBAM's paid version, which will run in the background. Good luck.

#3 gloeck

gloeck
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 27 August 2009 - 12:39 PM

bleep. I guess I should trash the laptop then? It doesn't seem like anyone knows how to fix this one. I've been to a couple of other sites, and no one knows what to do.

#4 Straythe

Straythe

  • Members
  • 124 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:58 PM

Posted 27 August 2009 - 04:44 PM

Hello and welcome. Note I'm not a staff member here, just another member who reads a lot of threads, so take with a grain of salt.

The staff here have wrestled with some of these cases where no program will run, usually with a combination of MBAM plus other tools and alternate process manager programs instead of Task Manager. They often get passed on to the high-end team in the specialized HijackThis forum. Whether they can be fixed or not really depends on exactly what is in there.

However, it's generally safer and less time-consuming to wipe the computer and start clean. If you decide to go that way, there's some tips on using Flash-Disinfector to protect your backup drives (from Blade):

http://www.bleepingcomputer.com/forums/ind...t&p=1397900

Oh - if you subscribe to this topic, in Options at top right, it will email you as soon as someone replies.

Good luck - Straythe
***"When you surround an enemy, leave an outlet free [...] to make him believe there is a road to safety, and thus prevent his fighting with the courage of despair." Sun Tzu ***

#5 gloeck

gloeck
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:58 PM

Posted 27 August 2009 - 05:06 PM

Thanks for replying, Straythe. Yeah, I pretty much resigned to the fact that I'm going to have to reformat the hard drive. Its crazy how fast (and severely) this one got me. Hopefully I can find my XP disk tonight...

#6 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:58 PM

Posted 27 August 2009 - 05:43 PM

Good luck with the reformat. If you need any help, with reformatting, just post a topic in the appropriate Windows forum of our site, and people would be glad to help you : ).
Computer Pro

#7 Guest_oldmill_*

Guest_oldmill_*

  • Guests
  • OFFLINE
  •  

Posted 27 August 2009 - 06:25 PM

I've never had to reformat a hard drive for this particular infection, and I've removed it on more than fifty computers. MBAM will really address it. If you can put a current MBAM installation file on a flash memory device, you can plug it in and install MBAM despite the interference (disconnect your machine from the Internet if you haven't already done so). Do not update MBAM, just run the quick scan and follow the directions to remove all items found. A restart will be required at the end of the scan, then reconnect to the Internet, immediately update MBAM, and do a complete scan. I only need to resort to pulling the drive and attaching it to a different computer perhaps once every twenty times. This is a lot less painful than reformat/rebuild, which I have done thousands of times (literally).

The last time I used MBAM to remove this virus was two days ago, and the next one will be this evening. No, I don't work for them and they don't pay me anything.

You cannot remove this virus manually. If you find the Registry entries and remove them, by the time you exit Regedit the entries are already back in place. You cannot delete the files because they are in use and are protected by Windows. MBAM makes a list of the files to delete and loads first during the reboot to remove them before they can load.

If you have other issues, and don't believe what PC AntiSpyware 2010 tells you (it lies), then perhaps reformatting the drive is your best approach - it will allow you to clean up any number of issues at the same time. Good luck to you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users