Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WindowsAntiBreachSuite Virus Removal Failed-Problem with tutorial


  • Please log in to reply
58 replies to this topic

#1 tnance292

tnance292

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 21 July 2014 - 11:18 AM

Hello! I am attempting to remove a virus from my mother's computer. It runs Windows Vista. I have followed the instructions from a  tutorial I found here on this site:

 

http://www.bleepingcomputer.com/virus-removal/remove-windows-antibreach-suite

 

I followed the instructions and I put a file on a disc and transferred it to the infected computer in safe mode, merged, removed the disc, and restarted the computer.

 

STEP 9 in the tutorial states to log on to a website. I attempted to and received the same error message depicted in the beginning of the tutorial stating that WindowsAnti Breach Suite is 'protecting' me from the file.

 

I went back and shutdown the computer and tried to merge the file again and restarted the computer with the same result. I went back and followed the instructions again word-for-word.

 

Please someone instruct me how to continue to with the removal process.

 

Thank you in advance for your time!



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:03 PM

Posted 21 July 2014 - 11:24 AM

Hi tnance292,

 

Can you continue writing to that disc? If so, we will download the tool onto the disc instead.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 tnance292

tnance292
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 21 July 2014 - 11:29 AM

Good Afternoon xXToffeeXx!

 

Yes I can continue to write to that disc.



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:03 PM

Posted 21 July 2014 - 12:11 PM

Hi tnance292,

 

Good to know, we will use the disc to transfer a file which should remove this rogue.

 

  • On the clean computer download the file from here onto your desktop and then transfer it onto the disc.
  • Boot your infected computer into Safe Mode with Command Prompt and bring the desktop up as showed in the tutorial.
  • Then insert the disc and double-click on the EmsisoftAntiMalwareSetup.exe to start the program. If the setup program displays an alert about safe mode, please click on the Yes button to continue.
  • You should now see a dialog asking you to agree to a license agreement. Please access the agreement and click on the Install button to continue with the installation.
  • Select the Freeware or Test for 30 days, free option. If you receive an alert after clicking this button that your trial has expired, just click on the Yes button to enter freeware mode, which still allows the cleaning of infections.
  • You will now be at a screen asking if you wish to join Emsisoft's Anti-Malware network. Read the descriptions and select your choice to continue.
  • Emsisoft Anti-Malware will now begin to update it's virus detections. 
  • When the updates are completed, you will be at a screen asking if you wish to enable PUPs detection. It is strongly suggested that you select Enable PUPs Detection to remove nuisance programs such as toolbars and adware.
  • You will be presented with a screen to select the type of scan you want; select the Full Scan option to begin scanning your computer for infections. 
  • When the scan has finished, the program will display the scan results that shows what infections were found. Click on the Quarantine Selected button, which will remove the infections and place them in the program's quarantine.
  • You will now be at the last screen of the Emsisoft Anti-Malware setup program, which you can close. If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so.

 

Reboot into normal mode and tell me if WindowsAntiBreachSuite still appears.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 tnance292

tnance292
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 21 July 2014 - 01:35 PM

Thank you so much! I have completed the scan successfully but cannot click the Quarantined Selected button. I am stuck here.

2aka98h.jpg

 

I cannot see the rest of the screen. I move my cursor to the top right and bottom and after a few minutes managed to drag the corner to resize and it just flashed back to the current state. I cannot scroll down because there is no sidebar and cannot Move the screen in any direction by clicking and pulling. Any ideas?



#6 tnance292

tnance292
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 21 July 2014 - 01:38 PM

I also cannot right-click anywhere on the screen except the actual suspicious files



#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:03 PM

Posted 21 July 2014 - 01:44 PM

Hi tnance292,

 

Do you see three icons on the right hand side of the screen? If so, press the middle one and see if that will change the screen (you may need to press it more than once).

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 tnance292

tnance292
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 21 July 2014 - 01:47 PM

The minimize, expand, and exit options are not available to me. The screen is zoomed in to this one section and will not allow me to move it or change it.



#9 tnance292

tnance292
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 21 July 2014 - 01:52 PM

I'm going to play around with it and I will let you know where I get (if anywhere) :)

 

Thank you Toffee!



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:03 PM

Posted 21 July 2014 - 02:13 PM

Hi tnance292,
 
If you press enter does anything happen?

 

If you cannot get it to work then we can use another version of the program which does not have the problem with the resolution:

  • On the clean computer download the file from here onto your desktop and then transfer it onto the disc.
  • Then insert the disc and double-click on the EmsisoftEmergencyKit.exe and click on the the Accept & Extract button to install the emergency kit to the C:\EEK folder. When the program has finished extracting, the program will automatically start.
  • Please click on the Emergency Kit Scanner option. When you click on this option, if you see a Windows message asking if you would like EmergencyScanner.bat to run, please allow it to do so by clicking on the Run or Yes buttons.
  • You will now be shown an update screen prompting you to check for an update, select no as you will not able to due to no internet connection in this mode.
  • You will now be at the main screen for the Emsisoft Emergency Kit, click on the Scan PC option in the left hand navigation menu.
  • Select the Deep Scan option if it is not selected and then click on the Scan button to start scanning your computer.
  • When the Emsisoft Emergency Kit is finished scanning your computer, you may be presented with an alert box stating that you have a high-risk infection. If you see this alert, please click on the Close button.
  • Click on the Quarantine Selected Objects button, which will remove the infections and place them in the program's quarantine. You can now close the Emsisoft Emergency Kit program.
  • Then reboot back into normal mode.

xXToffeeXx~


Edited by xXToffeeXx, 21 July 2014 - 02:13 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 tnance292

tnance292
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 21 July 2014 - 02:16 PM

Okay, xxtoffeexx, I restarted the computer in safe mode again and this time when I started the program Emsisoft prompted me saying my resolution was too low/high? and would I allow it to fix it. I pressed yes and the entire screen is visible now. So I've started scanning again :)



#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:03 PM

Posted 21 July 2014 - 02:24 PM

Hi tnance292,

 

Ah, yes. That's how it should be, and it seems like you are set now :)

 

If you don't mind, I would like to have a look at the log once you are back in normal mode (re-open Emsisoft Anti-Malware -> Logs -> Scan -> double click on the log, and copy and paste it into your reply).

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 tnance292

tnance292
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 21 July 2014 - 02:48 PM

Toffee I am still experiencing some issues and have (poorly) photographed my predicament again.

2pq3te8.jpg

 

This file gets the scanner stuck. I have exited the program twice and this is the third time I have encountered this ugly little issue. I stopped the scanner after a while when it hadn't progressed and attempted to quarantine it. The progress bar pops up and seems to load but nothing happens. I clicked it several times after to no avail. I also selected to delete the file (i realize that was probably super stupid but i'm frustrated at this point) and nothing happened. I tried about three times. The bar comes up and pretends to start doing something and just goes away.

 

I'm stepping away from this and hopefully tomorrow morning i'll wake up and it will have fixed itself ;) -haha I wish.

 

Hopefully you will be available to hold my hand through this then. Thank you SO MUCH for your help and patience with this issue. I will be more than happy to send you whatever logs you wish if I can sludge through this predicament.



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,043 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:12:03 PM

Posted 21 July 2014 - 04:15 PM

Hi,

If you can take a screenshot of the keys (or better get a log), I can probably make a script to remove them.

xXToffeeXx~

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 tnance292

tnance292
  • Topic Starter

  • Members
  • 34 posts
  • OFFLINE
  •  
  • Local time:07:03 AM

Posted 22 July 2014 - 09:04 AM

Good Day!

 

I let the scan run last night and woke to a completed scan. I quaratined the files and then exited the program and shutdown the computer and turned it back on. The original viral program did not appear, only an odd installer that i closed immediately when it popped up and an error message wanting to restart the computer that my mother tells me is 'normal'.

 

The computer has had problems for almost a year now so there are probably a million things going on besides the one problem we are addressing.

 

I did want to get the logs you asked for, because you've been amazing(!), but when I tried to open Emsisoft I got an error message. I closed the message and tried again only to get a different error message. I also could not open any other program. Again, I'm not sure if this is a separate problem or has anything to do with the problem we are addressing.

 

I have images of the error messages-or I can type them out for you- if you think this is an issue related to our current problem. If not I understand that this is not your problem. Just let me know :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users