Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

XP AntiSpyware 2010 - Malwarebyte's unable to remove


  • Please log in to reply
2 replies to this topic

#1 sdw2222

sdw2222

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 05 February 2010 - 05:07 PM

We have a machine that is infected with PC Antispyware 2010. The machines operating System is XP Professional and is up to date as far as I know via auto update.

I read a variety of entrys here and elsewhere. I then proceeded to remove it using Malwarebytes in safe mode for networking. I installed Mawarebytes after downloading from another machine and copying the file to a jump drive. The program installed, ran and appeared to remove the malware. 10 days later PC Antispyware 2010 appears to have reinfected the machine. I'm not sure if this is a new infection or the same under a new name. My suspicion is it is the same infection. This machine is not a gaming machine and is generally only used for some gmail, reading google news, several newspaper and weather service sites - internet access. Not typical sites one might expect to get malware from.

Now that PC Antispyware 2010 is running, Malwarebytes will not remove the infection. I've tried a variety of ways both in and out of safe mode and in truth have been away from the issue for several days so I'm not entirely sure where we are in the process anymore. The infection has diabled internet access and at one point I got a Malwarebyte error code: 732(12007,0) I also found the program apparently disabled the XP firewall. Internet access is through Qwest (DSL) via wired DSL modem and router.

PC Antispyware 2010 does not show up as a C:\Program Files\PC Antispyware 2010 directory. It also does not show as an application running.

When I quit working on this before, if I installed Malwarebytes from a jump drive, the program appeared to run but did not find the infection. The malware does put up a variety of screens that I suspect are trying to launch the malware in other ways.

Today I read the preparation guide for before using HijackThis and other malware removal tools. I could not download DeFogger from the download link. The link appears to be broken.

I've downloaded a fresh installation file and installed Malwarebytes fresh on another computer. Scanned the jump drive for infection and found no issues. At this point I'm ready to start fresh on removing the infection from the infected computer. Any suggestions or advice would be appreciated. Thanks for your help

BC AdBot (Login to Remove)

 


#2 Darthy

Darthy

    The red side of the Force


  • Members
  • 1,217 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Solar System of Ors
  • Local time:08:08 AM

Posted 05 February 2010 - 06:15 PM

Follow these instructions.
Εν οίδα οτι ουδέν οίδα - Socrates
Thanks John

#3 sdw2222

sdw2222
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 06 February 2010 - 02:33 PM

Following up on what I have done today. Before I got your reply I started the machine. Selected the administrator user. Ran FixExe.reg from a jump drive. I then went opened Internet Explorer and from Tools, Internet Options, Connections, I clicked on LAN Settings to open the next window for Local Area Network Settings. I then unchecked the box to Use Proxy Server for LAN. This allowed the internect connection to work. I then installed and updated MalWare Bytes. Ran a complete scan on the machine and found no infection.

I then switched users and repeated the process from the other users profile. This time when I ran the MalWare Bytes scan I got a mid-scan warning. The warning was probably a fake alert from the malware. It appeared to be a warning from AVG Free - virus detection. It had the 4 square AVG symbol and then Resident Shield Alert. It did not actually say AVG... The alert listed 3 trojan horse files. I decided to click on the button to remove the files, thinking this may actually start the infection so that it could be detected. The scan eventually finished and reported no infections.

I then repeated the process of running FixExe.reg and reinstalling Malware Bytes from the same user (not the administrator profile). It was the user that was initially infected. Rescanned the computer and Malware Bytes reported a found registry key: HKEY_CURRENTUSER\SOFTWARE\AVSCAN - I allowed Malware Bytes to remove this entry.

I've gone on to clean the registry with CC Cleaner and RegSeeker. Had AVG run a full scan. The registry cleaners found minor issues as is typical but nothing suspicious. The virus scan found no issues. At this point the machine seems to be free of the infection - time will tell. We now need to use it for a while and see what happens.

Thank you for your assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users