Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "AntiMalware"


  • Please log in to reply
3 replies to this topic

#1 Aolsen

Aolsen

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 11 December 2009 - 02:42 AM

My secondary computer has been used by a computer-newbie, and somehow she has managed to get it infected with foistware. The program calls itself "Antimalware" and makes constant pop-ups on the screen, claiming an infection.

I'm running XP professional and I have tried the following:

1. I tried to identify the bad processes and kill them with the task manager. That stops the irritating pop-ups, but on reboot, they start again. And who knows what else they're doing? Just offing them manually at every start-up is hardly a solution.

2. Then I tried to identify the bad file. I found a directory called "AntiMalware" and a file within it called amext.dll.

3. Then I tried to delete it. Whether I do so normally or via the command prompt, I get the same message: Access denied. It won't allow me to delete it.

4. Then I tried to enter safe mode. That is denied, too. I get a blue screen with an error message no matter which safe mode I try to enter.

5. Then I tried to target the file with "Pocket KillBox". I enter the path and name of the critical file: c:\programmer\antimalware\amext.dll and click "Remove on reboot". I get the reboot message, reboot, and when the machine starts up, the bad processes are still running.

6. Then I tried to target all the files in the bad directory with "Pocket KillBox" and finally it seems that I did manage to kill the bad amext.dll AND the bad antimalware.exe that didn't allow me to delete them - they no longer show up on my control panel or in the command prompt dir. BUT when I boot up, the bad processes are STILL running. The files must have copied themselves into another directory, or there is a hidden copy somewhere.

Dammit!

I'm running out of tries. Is there any way to get rid of this SOB, or should I just throw the computer in the trash?

Is there any way to locate where these files are hiding?

Any advice?

Edited by Aolsen, 11 December 2009 - 03:31 AM.


BC AdBot (Login to Remove)

 


#2 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:06:41 PM

Posted 11 December 2009 - 03:15 AM

Don't even bother with it's "uninstall" option; it won't do you any good. Don't try to "purchase" it either.

I usually try running Malwarebytes first. You can get it HERE . Install, update and run it. If you have problems installing it then try renaming the file before saving it to your desktop. I like renaming it to bgmama.

Remove what MBAM finds and then install and run ATF Cleaner (for WINdows XP and 2000 only!). Check the box for select all and then click the button Empty Selected. This will help clear out temp files, cookies and other junk that clutters up Windows.

Next install, update and run SUPERAntiSpyware. Get rid of what it finds. Finally update and run your antivirus program and get rid of anything that it finds.
DJ Digital Gem

I gave up on computers and now I just DJ!

#3 Aolsen

Aolsen
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:41 AM

Posted 11 December 2009 - 04:20 AM

I tried downloading Malwarebytes. It downloads and I get an icon on my desktop. When I click the icon, nothing happens. If I right click on any file or folder, I now get a drop-down menu with the option: "Scan with malwarebytes". But if I click it nothing happens.

I'm thinking that this might be due to the fact that the machine is second hand. A computer cafe closed a couple of years ago, and I got one of the computers cheaply. When I start it up, I automatically get logged on as normal user, not as an administrator. There is an admin account, but I can't log into it, since I don't have the password. :thumbsup:

Could this be the reason why nothing happens? Is there any way to bypass the admin password? Or any way to somehow get the machine to reveal what it is? The BIOS is password protected too, by the way.

Edited by Aolsen, 11 December 2009 - 04:21 AM.


#4 azfreetech

azfreetech

  • Members
  • 182 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Mesa, AZ
  • Local time:06:41 PM

Posted 11 December 2009 - 05:08 AM

Check your messages for an answer to the admin pwd thing. I think you may have ht the nail on the head. WIth a limited user account you are restricted in what you can install.
DJ Digital Gem

I gave up on computers and now I just DJ!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users