cmonkedo Posted September 3, 2009 Share Posted September 3, 2009 I have run into several varieties of this demon of a virus all of which have defeated my attempts at removal forcing me to do a clean install of windows. I have tried several different methods found online and all with some success but never complete. my first step is to remove the drive from the offending system and run a scan with NOD32 then to run a scan with Malwarebytes then to go through all temp files and application data folders to manually remove any files I can determine are a part of the virus. Any tips would be great or any methods found to work as of recent. Link to comment Share on other sites More sharing options...
macgyvr Posted September 3, 2009 Share Posted September 3, 2009 Malwarebyte's will remove it completely with no other intervention needed. I've done about 40 of them in the last 6 months. I run a computer repair shop. Link to comment Share on other sites More sharing options...
cmonkedo Posted September 3, 2009 Author Share Posted September 3, 2009 Are you running malwarebytes on your pc scanning via ide/sata to usb or are you running it locally on the infected pc? if local safe mode or normal mode? Link to comment Share on other sites More sharing options...
PC_LOAD_LETTER Posted September 3, 2009 Share Posted September 3, 2009 Ive cleaned tons of these fake AVs including PAV and here is my process:Install MBAMif install fails to run show up but is showing as running in the processes tab of taskmgr, the window is being hidden from you. end task on all mbam-setup.exe in process tab of taskmgrrename the installer to calc.exe, notepad.exe, iexplore.exe, etcexecute the renamed installerStart MBAM and Update its definitions (if possible -sometimes by the time our machines have been reported to me, our networks ASA has blocked their network access and Ii have to call and have them removed from the blacklist before i can update )if MBAM fails to run show up but is showing as running in the processes tab of taskmgr, the window is being hidden from you. end task on all mbam.exe in process tab of taskmgrmake a copy of mbam.exe and call it calc.exe, notepad.exe, iexplore.exe, etc (usually anything that does not start with mbam will work. On XP usually "Copy of mbam.exe" will run fine but on Vista, "mbam - Copy.exe" will not)execute the renamed mbam.exe[*]Run quick scan. Abort if it finds something right away (within 2-3 minutes), remove all that it finds and reboot if prompted. (the reason for this is mbam scans active processes first and then scans a bunch of stuff thats likely dormant)[*]Run quick scan again.if something was not found in the first half of the scan, abort and skip to step 6.if something was found in the first half of the scan, let the scan finish & use msconfig/autoruns/regedit/HJT/whatever to clean startup group before rebooting this time[*]Delete the contents of %TEMP%, c:\windows\temp, and IEs Temp Internet files. 90% of the time IE was the start of the infection but thats not why you clear it -it speeds up the MBAM Full scan[*]Run full scan with MBAM[*]Run full scan with a real AV (precationary) Link to comment Share on other sites More sharing options...
macgyvr Posted September 3, 2009 Share Posted September 3, 2009 I think what the OP is saying is that he took the drive out of the computer and attached it to a different computer to run MBAM. On systems where MBAM will not run, this is a great solution, but it only takes you so far. It will usually take off a chunk of the offending material, but then you MUST put the drive back in the original system and run MBAM again natively. Otherwise, you are not removing everything. Link to comment Share on other sites More sharing options...
cmonkedo Posted September 3, 2009 Author Share Posted September 3, 2009 Thanks for the great tips Mac/PC_ this will prove very useful. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now