Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recent infection my Antimalware GO, symptoms still present.


  • Please log in to reply
1 reply to this topic

#1 Patrick300

Patrick300

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 26 February 2011 - 12:48 PM

Hello,

(typo in title)

I'm probably going to be a pain in the butt because I don't know enough to fix my problems but I probably know just enough that the things I've already done may just complicate your solutions.

I'm very thankful for any help you can provide me.

That being said:

I recently was hit with something that shows up as "AntiMalware GO". It's basically a pop-up fake antivirus program that tries to get the user to purchase it. Based on forum browsing (probably a mistake on my part), I killed it by finding the process (called cutpsqohmof.exe) in task manager and then removing registry keys associated with it. (Malwarebytes, AVG, and Spybot SnD were not able to find it).

Symptoms that have occurred but are no longer present:

Sound turned off and Sound driver was removed (I have since reinstalled it)
AntiMalware GO popup
Cannot access internet (proxy settings were changed/hijacked)
Cannot use any antivirus programs or Malware programs (rebooted in safe mode and regained access to these, they killed a few things and I can now use them in standard mode)
Windows Icons were not showing up on login and explorer.exe was hanging. (This was corrected by another registry key change HKEY_LOCAL_MACHINE-->SYSTEM-->Rcps and changing ObjectName to LocalSystem). <--again, something I forum searched for and it corrected the issue.

Symptoms that are still present:

I have to repair my internet connection on every login and it takes a long time to renew IP.
PC and internet browsing are slow.
Occasional popups but I am not sure if these are due to my PC or not. EDIT: Pretty sure the popups are due to virus/malware/etc.

Overall, I'm not confident that I've successfully cleaned this machine.

Thank you for any help you can provide. I have an updated AVG, HJT, Malwarebytes, GMER, Defogger but wont post/run anything until told.

Edited by Patrick300, 26 February 2011 - 01:11 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • BC Advisor
  • 12,875 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:10 PM

Posted 26 February 2011 - 03:10 PM

This appears to be a newer type of rogue. That would explain why MBAM is not completely removing it.
Suggest you also give Super Antispyware Free a crack at it. You may need to boot into safe mode with networking to be
able to download, install and update SAS before running a scan with it.
SUPERAntiSpyware.com - AntiAdware, AntiSpyware, AntiMalware!

It is very important to get the latest updates for both MBAM and SAS. They update frequently throughout the day.

Post the scan/ removal logs for both MBAM and SAS in your next reply.

EDIT: You may need to use Rkill before attempting the above. Below is a description of Rkill and
links to download.

RKill-What It Does and What It Doesn't
For some reason I am unable to create the link. It is a pinned post in this forum.
Here is the url.
http://www.bleepingcomputer.com/forums/topic308364.html


EDIT 2: Grinler posted this afternoon:
Remove AntiMalware Go (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-antimalware-go

Edited by buddy215, 26 February 2011 - 05:35 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users