I detest Viruses...

[Roadking]

Even with AVG, this thing got thru again. Any suggestions?

COMPUTER QUESTION: It happened again, "XP Internet Security 2010" garbage infected the other machine agian. Spybot search and destroy, MalewareBytes, AVG and Microsoft Male all "claimed to have found and removed it (several times), yet after reboot, rescan, over and over, it keeps coming back, while NOT on internet...
Any other options besides wiping machine and re-installing original software? Links and suggestions appreciated. Last time had to do full re-install, and would just prefer to not have do, if possible.
Thanks all.
And yes, AVG is always running, yet this bugger keeps getting in (last time was 2009, October. Oh, and after having claimed to remove the virus, the virus disables MalewareBytes...And, please, if the answer is Norton, I will simply reinstall...can't stand Norton and Symantic.
Matt

[How Do I]

I always use Bleeping Computer removal instructions first whenever one sneaks in. Me personally, I would try it exactly how they describe for removing "XP Internet Security 2010" if that's the one you're dealing with and see if that helps first.

I just had an issue last week with Antivirus Soft. Used their directions for removal and it took care of it. GL!

[mikellmikell]

Avast is free and seems to work real well it's the only thing that I could download wile infected. Just don't log off or youll never get back on except porno

[Roadking]

Thanks for the info, I'll give 'em a try this evening after the boys are put in bed. I'll post results.
Thanks again!
Matt

[Kung]

Bleepingcomputer's instructions are good to follow. I'd agree with that.

[Mechanic Intern]

Have you tried having Malewarebytes remove the infection while you're booted into safe-mode? You access safe-mode by tapping the F8 key while the computer is powering up, but before it gives you the splash screen that tells you that windows is loading. I'd try that before you go doing anything else. (assuming, of course, that you haven't already tried it)

[lharvey]

You HAVE to boot to safe mode.

You HAVE to turn off system restore.

Then you run malwarebytes.

Quick scan first, the reboot to safe mode with networking, download MWB definitions,

Run full scan.

After the final cleaning and restart, go back and turn on system restore,

You should be good to go.

L

[Birchbark]

Quote:

You HAVE to boot to safe mode.

You HAVE to turn off system restore.

Then you run malwarebytes.

Quick scan first, the reboot to safe mode with networking, download MWB definitions,

Run full scan.

After the final cleaning and restart, go back and turn on system restore,

You should be good to go.

L

I had the same problem with this malware. It disables Malwarebytes and you cant uninstall and go online to get a non infected reinstall.

That was just my experience with it. I wiped everything clean and started over.

I believe that if you have access to another computer, you can download Malwarebytes and install the program on a cd(or flash drive). Then run it from the CD. Don't just download and save the zipped file, it needs to be opened on the CD.
I've also taken out a hard drive, put it on a second computer as a second hard drive, and ran the malwarebytes in that manner.

[lharvey]

Usually I boot to safe mode and move the MWB onto that machine. I rename the exe file to something like felix.exe and then do the install

Then I rename the installed exe file to felix and run that.

That way if it is looking for the standard MWB exe file it won't see it and it allows it to run.

Few extra steps but really saves time in the long run

Nuke and Load? OMG that is not the answer unless you don't care about what you or your customer has on his/her machine.

L

[Roadking]

Well, so far coming up empty with Malwarebytes and the steps above and from bleepingcomputer.
AVG 9.0 not cutting it either. I have downloaded Avast to a flash drive and will try that tonight.
Thanks again for the info and ideas, any others are welcome as well.
Matt

[Roadking]

Nothing with Avast, even on the boot scan. Trying SUPERAntispyware from a friend.
As I am typing this, 2 trojans have been detected...the others found zip...might get lucky???
Matt

[Kung]

[QUOTE=Roadking;4306793]Well, so far coming up empty with Malwarebytes and the steps above and from bleepingcomputer.
AVG 9.0 not cutting it either. I have downloaded Avast to a flash drive and will try that tonight.
Thanks again for the info and ideas, any others are welcome as welly

'Coming up empty' - do you just mean it doesn't find anything?

If you want my HONEST opinion, I would say that IF you have your driver and application discs and your reload disc, and IF you can and have backed up your stuff, reload the PC. The 2010 Antivirus thing is NOT easy to remove. I've seen it on some computers where it took maybe an hour to remove; and I've been on other computers where I finally reloaded it after working on it for SEVERAL hours.

My normal rule of thumb - reloading an OS, reloading the drivers, and such (I normally don't count updates because they can be done when you're not around) takes about 4 hours, tops. If you spend more time on this problem than that, or figure you'll need to spend that much time, it's better to just reload.

BUT if you do that, download antispyware and antivirus software first.

[Roadking]

Yeah, looks like thats what I'm going to wind up doing. The virus is supposedly removed, however, anything I try to run pops up a "open with which program" window. Luckily, it,s a backup machine, and not detrimental, just annoying as all heck.
Oh, and for software, I think my library of that now outnumbers my blueprints...LOL!
Thanks all, I'll mess with it tommorow.
Matt

[Roadking]

Well, back up and running...shadow re-install off the original HD.Unfortunately, now have to update IE, Adobe, etc...At least it's back and (several scans) safe.
Thanks
Matt

[PrettyPaisley]

I got that same virus on both of my computers over the past 2 weeks. I also use Avast and it did nothing to stop them. I tried on the laptop to do the boot scan to remove the virus and it wouldn't let me. I had to wipe both computers clean.

I put Avira on the desktop and put Avast on the laptop. Avira has caught something trying to get on the desktop 3 times, and the laptop has been hit AGAIN with this keylogger virus. It let the skynet virus through on the desktop. I'm finished with Avast.

Does anyone know if these viruses are associate with having a Hotmail account? That is what I've heard ...

[||Downhome||]

update and lock your host file with spybot, make a copy of your registry, install cc cleaner and use regularly to delete the regular garbage,and make sure you keep avg and malwarebytes up dated. it seems to me not anyone virus scanner will pickup all virus.

after I did my post on IS 2010, my kid came over and infected my moms pc but i had malwarebytes upto date and it fixed everthing great. I think the longer that IS2010 is on your system the more registry changes it makes taking control of your system.

[Roadking]

That seems to be the case Downhome. When it hit in 09, I left the machine off for 2 days and it booted just perfect and let me clean it out...probably timed out by not using. This time, however, every reboot (even after trying the 2 day wait) got worse and worse.
MalwareBytes, Spybot and AVG 9.0 are usually a very good combo, but I am unfamiliar with cc cleaner...please elaborate.
Matt
Oh, and apparently, from my research, becoming a fan of facebook opens up a huge backdoor (makes sense; my wife just "fanned" a thing from her friend and 2 days later is when it hit). Apparently, the really fine print says, that by fanninf, you allow 3rd parties to install tracking software (or a virus, intentionally or not) on your machine. So far, that seems to make the most sense to me...her machine get viruses, mine doesn't since I am not a fan of diddly...

[||Downhome||]

cc cleaner is a program that emptys alot of the places malware hides, it will also check the rgistry for issues.

[Roadking]

Thanks, I'll check into it.
Matt