Please see the self-help guide: Security Tool/SecurityTool
The Image File Execution Options (IFEO) key can be used to block any legitimate .exe with a static file name and execute a malicious executable instead. To do this, the malware will create a value with the name "debugger" so the valuedata ponts to the malicious .exe instead of the legitimate file. Malware uses these keys to keep security tools from running and to trigger reinfection whenever certain executables are run. For more specific information as to how this works, please refer to Image File Execution Options - How to Hijack a Program
Malwarebytes' and SUPERAntiSpyware both detect and remove these types of registry entries.
Please download Malwarebytes' Anti-Malware
(v1.50) and follow these instructions
for doing a Quick Scan
in normal mode.Malwarebytes' may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
Note: If Malwarebytes' encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes' from removing all the malware.
- After completing the scan, a log report will open in Notepad.
- The log is automatically saved and can be viewed by clicking the Logs tab .
- Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
- Exit Malwarebytes' when done.
-- Some types of malware will target Malwarebytes Anti-Malware and other security tools to keep them from running properly. If that's the case, please refer to the suggestions provided in For those having trouble running Malwarebytes Anti-Malware
as you may need to rename it or use RKill
Please download SUPERAntiSpyware Free
and follow these instructions
for performing a scan.
- Double-click SUPERAntiSypware.exe and use the default settings for installation.
- To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
- Click Close to exit the program.
-- If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner
or performing the SUPERAntiSpyware Online Safe Scan (both listed under Popular Links) instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.