Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

variation of I-Q Manager Antipiracy foundation scanner


  • Please log in to reply
1 reply to this topic

#1 gnube

gnube

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 26 April 2010 - 04:54 PM

I have encontered a client's computer infected with "I-Q Manager Antipiracy foundation scanner", but am unable to follow the guide in http://www.bleepingcomputer.com/virus-remo...ove-i-q-manager
I booted to Safe Mode to see if I could run rkill and Malwarebytes, but the monitor caused an 'incompatible display mode' message on boot.
I am currently running an Avira Live CD on the computer with definitions a few days old, and so far it has found 11 things. I am hoping to get to be able to boot to the desktop for further cleaning with Malwarebytes, but thought you might be interested in this new variation of the offender (compared to that described in your post).
Ron

BC AdBot (Login to Remove)

 


#2 gnube

gnube
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 27 April 2010 - 01:57 AM

Well, I have it under control.
Because I was under time pressure to get it resolved, I didn't keep detailed notes, but here is what I did (from memory):
Essentially listing that which led me forward. Some attempts to use Live CD forms of scanners were unsuccessful. (Avira, ESET).
Booted using UBCD4win -
My current CD was a week old, so wasn't sure of definitions, but attempted Malwarebytes and Avira - both had errors (not sure why - have used Avira before from this CD)
Used EZPCFix to delete all temporary files, System Restore, Prefetch
Used Remote Registry editer to make TaskManager available
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current\Version\Policies\System\DisableTaskMgr (edited Dword to change from 0 to 1)
Restarted in Safe Mode, used Ctrl_Alt-Del to launch TaskManager, then used the 'start a process' to:
Launch (from USB key - could have dropped these on the C: drive while in UBCD4win)
Rkill
Explorer
Used Explorer to run
Malwarebytes installer (auto update)
Ran Mbam to scan and clean
(these steps first done after booting in regular mode, but even after rkill, mbam ran to the point of finding +/- 115 items. Clicking OK to see results killed the program)
Rebooted in Safe Mode)
Ran SuperAntiSpyware portable edition, removed found items

SAS is still running and has found a number of items mbam seems to have missed
Client was running AVG, but it looks like I am going to be recommending SuperAntiSpyware!
Ron




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users