I was recently infected with some malware which included a rogue anti-spyware software called "Anti-spyware soft"
Though my issues we're not quite as straight forward as other people (from what i've read in other forums)
Using some of the information on this site (http://deletemalware.blogspot.com/2010/01/how-to-remove-antivirus-soft-fake.html)
I was able to remove the malware or atleast solve a lot of the issues caused by the malware.
Unlike other people infected with this rogue software i was unable to boot into safe mode, every time i tried my computer would reboot.
Here are some of the things i did to remove the malware
1. First tried the stop the software from booting in msconfig after rebooting so it wouldn't load up but this didn't quite workout (after having tried to boot safemode)
2. Ran a scan, also found the site mentioned above.
3. Used a Ubuntu LIVE CD and remove enough of the malware to beable to stop the software from running when i booted up my pc.
4. Followed the "Alternative Antivirus Soft removal instructions using HijackThis (in Normal mode):"
The guide is as follows
". Download iexplore.exe (NOTE: iexplore.exe file is renamed HijackThis tool from TrendMicro).
Launch the iexplore.exe and click "Do a system scan only" button.
If you can't open iexplore.exe file then download explorer.scr and run it.
2. Search for similar entries in the scan results:
O4 – HKLM\..\Run: [mxdeorsw] C:\Documents and Settings\User\Local Settings\Application Data\rmqwne\lkwcsysguard.exe
O4 – HKCU\..\Run: [mxdeorsw] C:\Documents and Settings\User\Local Settings\Application Data\rmqwne\lkwcsysguard.exe
O4 – HKCU\..\Run: [wdpayrmq] C:\Users\Owner\AppData\Local\rtpoma\rewqsftav.exe
O4 – HKCU\..\Run: [kgtrlpor] C:\Users\Owner\AppData\Local\mfkrtl\oprgsftav.exeR1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
<----- The only similar entry i was able to find
Select all similar entries and click once on the "Fix checked" button. Close HijackThis tool.
3. Download SUPERAntispyware, MalwareBytes Anti-malware or Spybot - Search & Destroy and run a full system scan. NOTE: before saving the selected program onto your computer, please rename the installer to winlogon.exe or iexplore.exe. Launch the program and follow the prompts. Don't forget to update the installed program before scanning."
But despite constantly deleting them 2 trojan downloaders kept appearing:
C:\System Volume Information\Whisler\svchost.exe , Trojan horse Downloader. Generic9.BUIV
C:\System Volume Information\Whisler\smss.exe , Trojan horse Downloader. Generic9.BUGQ
So in reaction to that i deleted them and then installed "Winparol [Free Edition]
and its seems to have worked but i still have these remaining issues:
1. Google Chrome has stopped working, I can open it but it just sits there saying "loading" without timing out.
2. Every time i turn on my pc, before booting i get a message telling me my CPU fan is failing which it is not.
3. Once in a while i will get "Browser hijacked"
4.Still cannot boot in safe mode
Am I still infected? if so how to I get uninfected? If not how do I solve the remaining issues?