Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Privacy Protection" malware with all exe.s disabled


  • This topic is locked This topic is locked
3 replies to this topic

#1 David B B

David B B

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 04 December 2011 - 01:09 AM

My system is infected with "Privacy Protection" malware, and .exe's have become disabled, along with downloading apps in IE in safe mode with networking.

I've been trying to follow the instructions to remove in: http://www.bleepingcomputer.com/virus-removal/remove-privacy-protection

Booted in safe mode w/networking, and am attempting to do step 3 or there
abouts, trying to run TDSSKiller. Unfortunately, all exe files are failing
to be able to run by the fact that they are all now type EXE. I can't even
take the work around to rename TDSSKiller.exe on my desktop to something else
like randomname.com and this still fails to reset the type of the file from
being EXE. Can't make it execute...

At my wit's end!!! help!!!!

Edited by Orange Blossom, 04 December 2011 - 03:01 AM.
Moved to AII. ~ OB


BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • BC Advisor
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:12:56 PM

Posted 04 December 2011 - 01:27 AM

I'll get this topic moved to the Am I Infected? forum.

In the meantime, re-name the intended download (tdsskiller.exe) before you actually download/save it to your computer. Your browser would need to be configured to always ask what you want to do before downloading (if it is not already configured this way). You can then save as <file renamed to 132.com> to your Desktop.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 David B B

David B B
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:06:56 PM

Posted 04 December 2011 - 11:29 AM

First let me say...

Thank you, thank you, thank you...

oh, and, thank you!!!!

Ok, I was still not getting anywhere with getting either TDSSKiller (now 1234.com)
or rkill.com to work until I thought back to 1980 and ran them from the command
window as F:1234.com and F:rkill.com. Well, some combination of cross linking the
executables may have confused the darn malware enough to sneak by... not certain
which was the final key but unarchiving my DOS memorybank was useful.

I never thought that there would be quite such an endorphine rush from seeing Malwarebytes
begin to execute properly with little gleeful giggles as "Objects Infected" starts to
increment.

More back when I complete running MBAM...

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,848 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:56 PM

Posted 05 December 2011 - 02:20 AM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic430784.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users