Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Malware Protection" is Malicious Malware


  • Please log in to reply
No replies to this topic

#1 Captn-Dwt

Captn-Dwt

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:05 PM

Posted 26 June 2011 - 05:56 PM

The following will be an incomplete report on removing "Malware Protection" aka "Best Malware Protection". I'm posting because I found little help on this scareware infection, and most of it was inaccurate.
1) This malware completely locks out the normal user environment. One can not access Task manager to kill the process.
2) You CAN however safe-mode boot, but:
a) there is no networking, b)there are no folders anywhere, including the contents of Control Panel. It's empty. Also, you can not change keybd or mouse, nor plug the original working units into different ports. PNP is not working!!
What worked:
1) Get mouse and keyboard working by trying usb ports until they work (I took the pc home for shop-repair, but could not work on it because even in safe mode, no kbd or mouse would work)
2) Log into "safe mode with networking".
Used the "run" command from the start menu to open a command window. found no network, and that no NIC was available...
Used services.msc to find that nearly all were disabled! Enabled network required services and got networking / internet access.
launched iexplore from the cmd window, downloaded and installed Malwarebytes.
Pc is now clean, but, all hard disks appear empty, all menu folders are empty, "programs" is empty except for the just installed MBAM...
... Found that ALL files and folders had the "hidden" attrib. set. Reset them all. Now "programs" was populated, and control panel was populated. Contents of C drive now visible.
Login normaly, all appears clean, but the desktop is "dead"...can't place anything on it, can't right-click and get properties, all user icons are missing. Not sure about this yet.

Hope this helps someone. Hope others will add the stuff I've left out. Sorry, working on the fly and under pressure for the client who, of course, had no backup!!
(My personal feeling on this one, is that if there is a good secure backup, wipe and re-install).

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users