Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello and thank you!


  • Please log in to reply
7 replies to this topic

#1 Alliecat

Alliecat

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:East of Everywhere, Canada
  • Local time:07:14 PM

Posted 23 September 2012 - 06:54 PM

I'd seen Bleeping Computer before, & had it bookmarked in case of future glitches. I forget what I was looking for when I came across the site before. Anyway, last night I got broadsided by "Live Security Platinum" on my precious laptop. PANIC!!!!!!!
Immediately went to Google on the old desktop & looked up, what the **** is this thing, & one of the first results was this, on how to remove it.
It took me almost 5 hours, & I had to run the whole thing twice, but at the moment Precious appears to be running normally again. So I "think" it worked, & my first post is to say a humungous thank you to Lawrence Abrams & whoever else contributed to that article, because you saved me a lot worse mess, & the expense & inconvenience of dealing with some computer fixit guy (or gal!). It was easy to follow & didn't leave me going "whaaatt...?" with a lot of technobabble. Thank you for writing it simply for those who are not programmers! (And for making it easy to find on Google :wink: )
I'd just like to add one comment for a possible edit or clarification, on step 15 in that article... it says "When removing the files, MBAM may require a reboot in order to remove some of them... please allow it to do so.". So I did, & it started up in normal instead of safe mode, & the virus icon was still in the bar in the bottom right corner, & things still didn't work. So, to clarify, are you supposed to do that reboot in safe mode? Because I had to start over, run it all again, & when allowing it to reboot the 2nd time I used safe mode, & that appeared to work.

Anyway, the only time I'm into computer techy stuff is when I have to fix things, so I likely won't post much here, but wanted to say hello & let you know that your resources are much appreciated.

Cheers :thumbsup:

Edited by Alliecat, 23 September 2012 - 06:57 PM.


BC AdBot (Login to Remove)

 


#2 Platypus

Platypus

  • Moderator
  • 14,710 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:09:14 AM

Posted 24 September 2012 - 06:56 AM

Thank you for joining up, we're glad to have you as a member, and pleased you've had good a result.

I'll call your point of query to the attention of malware staff and see what they say.

Top 5 things that never get done:

1.


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:14 AM

Posted 24 September 2012 - 07:52 AM

Hi and thank you for the report.

When you say "& the virus icon was still in the bar in the bottom right corner, & things still didn't work", could you please expand on which things didn't work? Besides the icon did you see any further sign of the malware?

In theory it does not make a difference whether you boot in normal or in safe mode, as the removal process will be done before this starts playing a role. Hence it would not matter which on you chose. In practice, though, it seems that it did and I would like to understand what happened.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 Alliecat

Alliecat
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:East of Everywhere, Canada
  • Local time:07:14 PM

Posted 25 September 2012 - 03:37 PM

Hi, if I recall properly, and it was going on for 4:30 a.m. at this point... :crazy:
The computer restarted in normal mode. I know the shortcut-icon to Live Platinum was gone from the desktop, but the little icon was still there in the "quick launch" bar (is that what it's called?) down in the bottom right corner. I couldn't open any programs, nor connect to the internet. (I "think" (but my memory was a little fried by lack of sleep & stress!) that the virus program window popped up again; it was still running.) So I did another hard reboot into safe mode & ran iexplore.exe and MBAM again, & while I don't think iexplore found anything that time (can't recall for sure), MBAM gave me the same list of stuff it found the first time around. Which suggested a scenario like the author mentioned further up the instructions page, where he said, don't reboot your computer during this process otherwise the malware will just restart itself. So it looked like it restarted in spite of having run MBAM etc. as directed. (And yes, I followed all his instructions extremely carefully! :killcomp:
Does that help?

Edited by Alliecat, 25 September 2012 - 03:47 PM.


#5 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:14 AM

Posted 25 September 2012 - 03:44 PM

Hi,

that does indeed sound as if deleting didn't work. Do you remember if you logged into the same account in normal mode that you used in safe mode? This may have had an effect.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#6 Alliecat

Alliecat
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:East of Everywhere, Canada
  • Local time:07:14 PM

Posted 25 September 2012 - 03:50 PM

Hi, yes, there is only one account -- me.
Was just going to go back & edit that what I meant was I restarted in safe mode, ran the programs again, then when MBAM asked to reboot, I did THAT in safe mode too. Wasn't sure if that was clear. Anyway, after doing the MBAM-requested reboot in safe mode, it appeared to be ok.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:14 AM

Posted 25 September 2012 - 04:09 PM

Hi,

yes that was clear to me. I only thought that maybe in safe mode you had used the administrator login and then your normal account when rebooting into normal mode.

I can't tell you what happened on your machine, I have not been able to reproduce it here. What I can tell you that the way you describe it it shouldn't have happened and that there must've been something that blocked MBAM from correctly deleting these things. I'll pass it down to the author of the guides, however normally rebooting into normal mode should really not be a problem.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 Alliecat

Alliecat
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:East of Everywhere, Canada
  • Local time:07:14 PM

Posted 26 September 2012 - 02:08 PM

Hmmm... well, at least in the end it appears to have worked. I think on the list of things it found, among other jargon, was something that said, "backdoor"... maybe the virus has been altered to subvert first attempts at removal?
And does deleting send things to the recycle bin?, because at one point when I tried to see what was in it, I got a message that my recycle bin was "corrupted". I emptied it & that seemed to take care of that.
I dunno. Anyway... One more thought on the instruction page... When MBAM asks to reboot, the window which comes up says "URGENT!" with the little exclamation-in-triangle. This gave me pause for a few minutes wondering if this was really MBAM, or the virus screwing around, because the "urgent" window sort of smacked of those stupid virus warnings "urgent! your computer is infected!" etc., & looked a bit like the virus windows I was trying to remove. Even though I knew it might ask to restart. Maybe I was being overly cautious, but my thought was, maybe a screencap of that window could be added to the instructions, so that when it comes up, cautious panicky people would know that's really MBAM & it's supposed to look like that -- "urgent".
I hope I won't need to look here for more help, but I'm glad your resources are here. Thanks again to the hard-working people creating them :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users