Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Defense


  • Please log in to reply
6 replies to this topic

#1 LadyIsolde

LadyIsolde

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 18 December 2009 - 03:02 PM

I am having trouble with this fake antimalware program called "Malware Defense". The other day when I was updating Windows I received a prompt to download this program and in that current situation I thought it was maybe part of the upadate or something (the icon of the program is basically the one Windows uses).

This morning I was able to atleast try and run Malware Bytes, AVG and Ad-Aware but to no avail as they were all blocked by the program. The program even went as far as to tell me Malware Bytes was a malicious program and to click "ok" to continue to remove it. I tried reinstalling Malware Bytes and it won't let me run the installer. I tried installing AVG and it let's me run it but at the end of the installation I get an error and it will ask to retry or cancel and if I retry it just keeps doing the same thing. I tried renaming the installer for Malware Bytes and it worked as far as letting me run it but at the end of the install it, too, does not work.

My computer will not start in safe mode and now it will no longer start in normal mode. I get to the member log in screen, put in my password and it just freezes at "loading user settings..."

Can somenoe please help me? :thumbsup:

BC AdBot (Login to Remove)

 


#2 maalim

maalim

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:istanbul
  • Local time:03:49 PM

Posted 18 December 2009 - 11:05 PM

The Best way to Remove all kind of Virus,Trojans,Malware,Spyware,
Worm,Pop Up Advertisements ,Hijack Web browser rootkit and all Rogue Fake
Anti-virus in you Computer is Restart You Computer Safe Mode with Networking

1. Log out and reboot your machine.

2. When the machine starts the reboot sequence, press the F8 key repeatedly.

3. Select Safe Mode with Networking from the resulting menu.

4. Login. If the malware has changed your password, try logging in as
Administrator. By default, Administrator has no password.

5. The machine will continue booting, but the Windows desktop will look different.

Then in The Safe With Networking .Download and Scan By Using Malwarebytes’ Anti-Malware http://www.download.com/Malwarebytes-Anti-...cdlPid=10997763
Download and Scan By Using Super Anti-Spyware Press here http://www.superantispyware.com/

Download and Scan By using Norman Malware Cleaner Press here http://majorgeeks.com/downloadget.php?id=5...0e991265b3250e7

Download ATF is a new, freeware, temporary file cleaner for Windows, IE, Firefox and Opera with a simple, easy-to-use interface.

The main screen allows the user to either clean all temporary files, or select files for cleaning. The program also knows if Firefox and or Opera is being used, and gives the option of cleaning the temporary files associated with those applications.

ATF Cleaner provides the user with a window showing the total bytes freed upon completion. The program is small (36kb), quick to run and no installation required. to Download ATF Cleaner press this link http://majorgeeks.com/ATF_Cleaner_d4949.html

6. When you're finished Remove Virus, Malware, Trojan, Worm,
rogue
virus rootkit and
Spyware log out and reboot back into normal mode

Edited by Orange Blossom, 18 December 2009 - 11:37 PM.
Remove unnecessary quote. ~ OB


#3 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:08:49 AM

Posted 18 December 2009 - 11:16 PM

Please note mbam is best run in normal model, when possible
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#4 aquify

aquify

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 19 December 2009 - 03:52 PM

Hey LadyIsolde, I got the same virus, it is a very clever virus that pretends to be part of windows security but in fact disables all of it. I got it when I was downloading a just purchased program from Digital River. A window popped up and told me that I had been infected and if I wanted to remove the virus. Once I clicked on it, it began installing itself; I think it was small java program. I looked at my Windows security and saw that it was disabled, and then I went into Control Panel > Admin Tools > Startup and found a new startup item called wscsvc32.exe... what gave it away was the fact that it was located in the C:\Users\[your computer name]\AppData\Local\Temp folder which is of course the temp folder for your pc. I looked at all the times the files were made and discovered 7 files, including a java temp file and a file called richtx64.txt; when I opened that file by using edit I noticed that it was a batch file that executed a number of name changes of critical windows/system32 files.
Since my system was compromised, I decided to use system restore to a prior point, and when that was done, I was fine. But I also turned off system restore and then ran windows update to get completely updated and created a brand new fresh restore point.

I don't know if it will work for you, because this virus permanently changes files in windows, and running any sort of countermeasure makes the virus dig in deeper or disable your pc, but if you can, try system restore to an earlier point as I did.

I am having trouble with this fake antimalware program called "Malware Defense". The other day when I was updating Windows I received a prompt to download this program and in that current situation I thought it was maybe part of the upadate or something (the icon of the program is basically the one Windows uses).

This morning I was able to atleast try and run Malware Bytes, AVG and Ad-Aware but to no avail as they were all blocked by the program. The program even went as far as to tell me Malware Bytes was a malicious program and to click "ok" to continue to remove it. I tried reinstalling Malware Bytes and it won't let me run the installer. I tried installing AVG and it let's me run it but at the end of the installation I get an error and it will ask to retry or cancel and if I retry it just keeps doing the same thing. I tried renaming the installer for Malware Bytes and it worked as far as letting me run it but at the end of the install it, too, does not work.

My computer will not start in safe mode and now it will no longer start in normal mode. I get to the member log in screen, put in my password and it just freezes at "loading user settings..."

Can somenoe please help me? :thumbsup:



#5 asharpsilence

asharpsilence

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:49 AM

Posted 13 January 2010 - 01:25 PM

this friggin virus isnt allowing me to run my computer in safe mode, or run malwarebytes.
i am going to put my fist through the wall pretty soon.

#6 rustynissan

rustynissan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 15 January 2010 - 02:14 PM

Windows Defender displayed a pop-up warning me of a "Trojan:Win32/Alureon.DA". In the time it took me to look this up online, the pop-up had disappeared. Soon after, it warned me of "Trojan:Win32/Alureon.BT" but the pop-up disappeared too quickly for me to block it. I quickly opened up Windows Defender and performed a quick scan which revealed the Alureon.BT Trojan. I put it into quarantine.

Meanwhile, I had a window telling me that Windows Defender could not remove malware, etc and that I should get "Malware Defense". Closing the window simply caused it to pop up again immediately. I went to the Task Manager and right-clicked the application and selected "Go To Process" and ended the process responsible for the pop-ups.

In Control Panel > Admin Tools > Startup I found that a new program had been installed around the same time I started experiencing issues called "Rich Text" (cls_pack.exe). I removed the program from the Startup Programs.

In Windows Security Center, it displayed "The Security Center service is turned off.", and clicking the "Turn on now" button tells you that it cannot be started at this time. Looking at my System Restore points, I noticed that Windows Defender created a restore point around the same time I was having issues due to an uninstall of some sort. I chose the restore point prior to that one and now Windows Security Center is running as normal. :thumbsup:

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:49 AM

Posted 15 January 2010 - 04:27 PM

Hello , both rustynissan and asharpsilence
Please run these next. If you have Spybot installed temporarily disable it.
Next run ATF:
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Please download ATF Cleaner by Atribune & save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.

Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.

alternate download link

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users