Posted 26 June 2011 - 05:56 PM
The following will be an incomplete report on removing "Malware Protection" aka "Best Malware Protection". I'm posting because I found little help on this scareware infection, and most of it was inaccurate.
1) This malware completely locks out the normal user environment. One can not access Task manager to kill the process.
2) You CAN however safe-mode boot, but:
a) there is no networking, b)there are no folders anywhere, including the contents of Control Panel. It's empty. Also, you can not change keybd or mouse, nor plug the original working units into different ports. PNP is not working!!
1) Get mouse and keyboard working by trying usb ports until they work (I took the pc home for shop-repair, but could not work on it because even in safe mode, no kbd or mouse would work)
2) Log into "safe mode with networking".
Used the "run" command from the start menu to open a command window. found no network, and that no NIC was available...
Used services.msc to find that nearly all were disabled! Enabled network required services and got networking / internet access.
launched iexplore from the cmd window, downloaded and installed Malwarebytes.
Pc is now clean, but, all hard disks appear empty, all menu folders are empty, "programs" is empty except for the just installed MBAM...
... Found that ALL files and folders had the "hidden" attrib. set. Reset them all. Now "programs" was populated, and control panel was populated. Contents of C drive now visible.
Login normaly, all appears clean, but the desktop is "dead"...can't place anything on it, can't right-click and get properties, all user icons are missing. Not sure about this yet.
Hope this helps someone. Hope others will add the stuff I've left out. Sorry, working on the fly and under pressure for the client who, of course, had no backup!!
(My personal feeling on this one, is that if there is a good secure backup, wipe and re-install).