Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Remote Fix of Win 7 Antispyware 2012


  • Please log in to reply
2 replies to this topic

#1 gdurkee

gdurkee

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 11 December 2011 - 04:10 PM

Hi:

I thought I'd post this for others. A friend called with the dreaded "Windows 7 Antispyware 2012" malware that had totally taken over his Windows 7 system. He said he was unable to access anywhere on the Internet from his browser without those annoying pop-ups coming up.

I've got LogMeIn installed on his computer (he's had other problems before...). I figured -- aha! I'll just put MalwareBytes on my ftp site, then go there from Windows Explorer. But, aha!, this &*^*&%@%^$ malware totally takes over the keyboard. You can't run an exe or type anything in anywhere (run, search, nothing worked) without the popups stopping you.

So I next had him reboot to Safe Mode with Networking. Unfortunately, I couldn't use LogMeIn. The good news is he was able to access his browser and the Internet when it booted up. So I had him go to TeamViewer and install it for a quick connect. About halfway through the process, the malware was back -- but it seemed to take about a minute or so to establish itself in Safe Mode. It didn't allow access to TeamViewer after the install (which was successful, even though the malware said it stopped installation). So we tried one more boot to Safe Mode then immediately started TeamViewer. I was able to get access to his computer before the malware started up. Then did a file transfer from my machine to his of malwaebytes. I then right clicked on the program and Run As Administrator and it successfully installed, updated and came up to run the scan. I did a full system scan (with the usual warnings from the malware -- but it didn't stop the program from running).

Took about 30 minutes and removed 8 programs scattered around. I rebooted yet again and ran Malwarebytes one more time. No viruses. So it seems to be OK.

Took two hours. What a pain. But the take home message, I guess, is that you can do this for friends' & relatives' machines from your machine. One slight worry is that I'm unable to install AdAware (it hangs during install), but all seems well otherwise. I also ran rkill (?) and it didn't show any hostile processes running.

Good luck.

George

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:35 AM

Posted 11 December 2011 - 04:17 PM

Same here,my work is cleaning malwares via remote support.You should know that we are not authorized to use tools like rkill.In those cases Run as administrator helps a lot

#3 gdurkee

gdurkee
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 17 December 2011 - 03:15 PM

Hi again: more questions for you guys. My friend just called (5 days later) to tell me that his wife's computer is infected. I just got rid of it running Malwarebytes. Then, an hour later, my friend calls again to say that HIS computer is infected AGAIN! Auuughhhh!

Both told me they were on some sort of "Chat" just before the 'computer infected' messages started coming up. I'm clearing Friend 1's right now. So several questions. Could anyone tell me, or direct me to the information:

1) how does this malware spread? Ads? Chat?? Email or everything?
2) Does Malwarebytes clear it entirely? I'm kinda suspicious it stays resident in IE or something.
3) What's a sure way of truly cleaning the computer of it if malwareb doesn't clear it all?
4) Finally, what's the best preventative? Friend #1 has AVG, but obviously that didn't work. What's Plan 2??
5) Oh, and could it also be not updating Java or other programs? Neither are very good at that, I suspect.

Many thanks for any help offered!

George




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users