| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 123696 | 2012-03-11 23:50:00 | Rogue security program - Internet Security - need to remove | Tukapa (62) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1264386 | 2012-03-11 23:50:00 | Hi all A mates father has been having issues with his PC. I said I would take a look. Microsoft Security Essentials has been disabled and won't run, there is browser hijacking and numerous other issues. After a while of running the PC a rogue security program, Internet Security, popped up and started doing it's fake scan thing. I had initially installed and updated Malwarebytes, Superantispyware and Spyware Terminator. I rebooted into safe mode and ran all these programs which found nothing. I did some research and found some pages with instructions on removal; www.spywarevoid.com deletemalware.blogspot.co.nz It appears that this program also gets around as Internet Security 2010, 2011 and 2012 as well as the plain Internet Security which this PC has. I followed the instructions and downloaded, updated and installed TDSSKiller but that found nothing. I ran Trojan Remover which apart from removing a rogue link to Internet Explorer rendering that program unusable it also found nothing else. I have tried the manual delete method but after all the above I am still having issues. I am just trying a couple of other security programs but otherwise am thinking I am going to be doing a format and reinstall. Unless one of you helpful mob can point me in any new direction? Thanks. |
Tukapa (62) | ||
| 1264387 | 2012-03-12 00:32:00 | Follow this. (www.bleepingcomputer.com) | Speedy Gonzales (78) | ||
| 1264388 | 2012-03-12 00:37:00 | ..... am thinking I am going to be doing a format and reinstall. It sounds like a cop-out, but thats sometimes the quickest & best fix. Even after you remove the malware completely you may find that Win is left in a bit of a mess (eg . system files missing, services wont run, cant connect to internet etc etc) Have you run these AV scanners/malwarebytes in full mode ?? , ie NOT quick scan. Set them to scan all files They need to be updated before running the scan. This is a must do. You may need to remove the Hard Drive & scan it via a Clean PC. Or download Kasperky's boot CD & scan with that . these fake programs change often , even though they have the same names so the write up's on removal may not be relevant in cleaning out the last remains of infection |
1101 (13337) | ||
| 1264389 | 2012-03-12 01:08:00 | This is going from memory. You have not said what OS it is, XP, Vista, W7 so the start of the path may differ. The little buggers hide :) Download and run Rkill rkill (www.bleepingcomputer.com) Look at where it finds a random named exe file. Go to My Computer / Computer open the tools, folder options under the view tab "show hidden files and folders" Navigate to the folder Rkill found the infection --- It may be something like this ---C:\Documents and settings\User Name\Local Settings\Temp or some other location. Once found it will be a random named .exe - delete it, thats the main "infection", then run Super Antispyware & spybot S&D to locate the rest of the left overs. Depending on which version it was, there may be other things to do. |
wainuitech (129) | ||
| 1264390 | 2012-03-12 01:31:00 | I removed it for a friend using instructions similar to what speedy linked. It worked except MSE would no longer function and I ran out of time so I just put avast on as a stopgap. That was 6 months ago, she's still running avast and I still mean to get around to having another crack at it :) It's a losing battle though, some people are just prime targets for malware. | dugimodo (138) | ||
| 1264391 | 2012-03-12 02:22:00 | Thanks all Speedy - looks like a different malware and those files that the instructions identify aren't on this system. All security programs were updated and scanned in their full modes. Wainui - about to try your suggestion - OS is Windows XP Home SP3. Thanks again. |
Tukapa (62) | ||
| 1264392 | 2012-03-12 02:26:00 | Put teamviewer on it and I'll have a look. If it wont let you do it in normal windows. Boot into safe mode / networkling. Then install it | Speedy Gonzales (78) | ||
| 1264393 | 2012-03-12 07:58:00 | There is also another program that kills those fake Antivirus programs from Macafee. Haven't used it yet but the original Stinger program was a great program a couple of years ago. www.mcafee.com |
pheonix (36) | ||
| 1264394 | 2012-03-12 08:01:00 | There is another one I have come across and haven't tried yet as well. majorgeeks.com |
pheonix (36) | ||
| 1264395 | 2012-03-17 23:50:00 | Hi everyone. Thanks for all your suggestions - I actually found PC Tools Spyware Doctor which did the trick and the PC seems to be virus and malware free now. It was a nasty bugger to get rid of - the usual programs just didn't cut the mustard. Cheers. |
Tukapa (62) | ||
| 1 | |||||