Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC Antispyware 2010 need help


  • Please log in to reply
4 replies to this topic

#1 awb

awb

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 02 September 2009 - 12:32 PM

Okay, I'm having all the same issues with this machine everyone else seem to have. Could not get Malwarebytes to run, so I renamed the .exe. Once it started scanning, it was shutdown and Antispyware 2010 locked me out of it. Tried again, same thing.

I can login in safe mode as admin and get to regedit. Deleted the entries I found on this forum. Also deleted the .exe of 2010 and associated files.

Sys Restore does not work. Locked out of that too. I ran OTL and have a log, about to run GMER as well.

Any help is very much appreciated.

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,112 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:50 PM

Posted 02 September 2009 - 05:21 PM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 awb

awb
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 03 September 2009 - 11:07 AM

I understand. Just waiting on instructions now.

#4 MkFly1

MkFly1

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 03 September 2009 - 02:15 PM

I had an infection occur two days ago. I clicked a link on tweakyourpage dot com (dont go there) while looking at page layouts. The browser locked up and the system spontaneously rebooted. PC_Antispyware2010 was installed and madly alerting to bogus threats. Firefox and IE were both hijacked and redirecting. System Restore was disabled by group policy, Task Manager Applications tab was blank, and PC Tools AV was generating errors while trying to start. Downloaded all the usual tools, but could not run Combofix, MBAM or HJT. Was unable to rename MBAM, but managed to rename and start Combofix, which stopped responding. Was able to get Combofix to start in Safe Mode, but it shut down at about stage 33. Kept restarting in safe mode and running Combofix, and managed to get it to complete on the third or fourth try. Combofix killed PC_Antispyware2010, but after rebooting, Total Security was now providing the bogus spyware alerts instead, 75% of all Windows services were disabled, a new desktop background appeared with ominous spyware warnings over a blue background textured with tiny binary text. I was able to download and run a fresh copy of MBAM at this point (after enabling and restarting necessary network services), and a quick scan appeared to resolve the problem, identifying and cleaning Trojan.Vundo.H and Rogue.Multiple.H. A subsequent full scan found only a few old remnants in a quarantine from last year. I've listed the major symptoms for comparison purposes, and the main point I'm trying to make here is that if the Combofix or MBAM scans start but fail, keep trying! Combofix is almost always my first weapon, and while it many times does not completely fix the problem (as in this case), it usually breaks something and allows functionality that was lost (like the ability to run MBAM). This infection was particularly good at crippling efforts to run scans with popular anti-malware apps, but perseverance paid off. Hope this helps. I can post logs if anyone wants to see them.

Edited by MkFly1, 03 September 2009 - 03:18 PM.


#5 awb

awb
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 05 September 2009 - 08:33 AM

I had an infection occur two days ago. I clicked a link on tweakyourpage dot com (dont go there) while looking at page layouts.

[...]

Downloaded all the usual tools, but could not run Combofix, MBAM or HJT. Was unable to rename MBAM, but managed to rename and start Combofix, which stopped responding. Was able to get Combofix to start in Safe Mode, but it shut down at about stage 33. Kept restarting in safe mode and running Combofix, and managed to get it to complete on the third or fourth try. Combofix killed PC_Antispyware2010, but after rebooting, Total Security was now providing the bogus spyware alerts instead, 75% of all Windows services were disabled, a new desktop background appeared with ominous spyware warnings over a blue background textured with tiny binary text. I was able to download and run a fresh copy of MBAM at this point (after enabling and restarting necessary network services), and a quick scan appeared to resolve the problem, identifying and cleaning Trojan.Vundo.H and Rogue.Multiple.H. A subsequent full scan found only a few old remnants in a quarantine from last year.


Since no one but you responded I gave it a shot. I had successfully cleaned up most of it in the registry already as well as deleted most associated file. I ran ComboFix after renaming it. Also had to install the recovery panel. Did a clean re-boot, ran Mbam, which I also renamed to be safe.

Problem solved!

Thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users