Anyone here had do deal with "Antispyware Soft" virus?

[LeeH]

I'm not a violent person by nature, but I could do some damage to whoever created this piece of work. I've spent two full days running various anti-malware programs. Thought MS Security Essentials knocked it out... I was able to work all day with no issues, but then it just popped up again. This thing is relentless.

And no, it wasn't the result of visiting a porn site. I'm 99% sure it was from a song lyric site. At some point I had a window pop up that said I should update my Java. It looked real enough that I took the bait.

[jhynesrockmtn]

I've had it twice. Google it and you'll get some results. I'm not computer guy but I shut the computer down, booted it up in safe mode by hitting F8 while it was booting up, download malwarebytes and do a scan, it should find it and then clean it.

I got it visiting facebook the last time.

[crustychief]

+1 Malwarebytes.

[74-911]

Quote:

Originally Posted by crustychief

+1 Malwarebytes.

One thing to remember re: Malwarebytes. If you are running the free version, it is not self-updating. I picked up another trojan anti-spyware virus a couple of days ago. When I ran Malwarebytes to kill it, Malwarebytes (which I had last updated aout 6 months ago) did not find anything. After updating to the current version, it picked up 8 infected objects.

[pete3799]

I'm battling this now.
How can i download Malwarebytes when in the safe mode.
I tried but can't get on line in the safe mode.
I'm logged on to the same computer that's infected, but i'm in a limited access
and can't download anything from here.
I've tried Adaware se,AVG,Cclean Registration mechanic nothing will deal with it.
Any help would be appreciated.

[bell]

I too am dealing with the same issue......first time fb has bit me.....

[John Rogers]

We covered getting rid of software like this in the computer class I teach last week and we did this:

- Run MSCONFIG by clicking "start" then "Run" and type that in and press enter.
- Disable ALL the non Microsoft programs that run at startup and reboot. This will still let you have internet access.
- Use Regedit to find the offending software entries and delete them and also the software from your drive(s).
- Use MSCONFIG again and turn on each program to make sure you deleted it. This will require multiple restarts to make sure it is gone and you did not miss a registry entry somewhere.

I am against a program that is used to get rid of specific software as that generally means that something fishy is going on and the cure can end up being as bad as the malware. Try to remember where you were connected when the software showed up and stay away from that site in the future if possible.

[campbellcj]

One of my guys at work got this the other day -- shockingly it got past our multiple layers of scanners and filters. It seems isolated to a specific user's profile. I found the offending exe under the "local data" folder within his profile (on the c:\ drive) and deleted it, while logged-on as the local admin. Problem immediately gone.

[LeeH]

This video (legit from youtube) is ultimately the procedure I followed and what seems to have worked. The ComboFix program is pretty much a sledge hammer. You may lose some things you wanted to keep. I lost a lot of photos, but I had them backed up elsewhere. You have no control over ComboFix once it's running. Also, it takes a lot longer to run than what is shown in the video.

I'm rerunning Malwarebytes and it's picked up three items. Hopefully they're minor and not a sign I'm not done fighting this thing. I can't believe that the FBI hasn't tracked down the folks responsible for this virus. Seems like all they'd have to do is pay the money to the fake spyware company then follow it to the criminals.

[Zeke]

Quote:

Originally Posted by bell

I too am dealing with the same issue......first time fb has bit me.....

I got it from FB earlier this year.

Quote:

Originally Posted by john rogers

We covered getting rid of software like this in the computer class I teach last week and we did this:

- Run MSCONFIG by clicking "start" then "Run" and type that in and press enter.
- Disable ALL the non Microsoft programs that run at startup and reboot. This will still let you have internet access.
- Use Regedit to find the offending software entries and delete them and also the software from your drive(s).
- Use MSCONFIG again and turn on each program to make sure you deleted it. This will require multiple restarts to make sure it is gone and you did not miss a registry entry somewhere.

I am against a program that is used to get rid of specific software as that generally means that something fishy is going on and the cure can end up being as bad as the malware. Try to remember where you were connected when the software showed up and stay away from that site in the future if possible.

How do you know what the non MS programs are? All that stuff in Task Manager is Greek to me.

[johnco]

had it a few days ago. found that if I coud start Malwarebytes before the antispyware thing loaded, I could get it removed. if I waited too long, once it started, none of my avg/malware/spybot programs would run.

[nota]

Quote:

Originally Posted by milt

I got it from FB earlier this year.


How do you know what the non MS programs are? All that stuff in Task Manager is Greek to me.

I just kill everything by cont-alt-delete = task manager
if it willnot shutdown ie protected by MS windoz popups leave it be
trick is do the cont-alt-delete as soon as you can at start up
to get into task manager and kill everything you can quickly
then run malwarebites before the fake virus chit loads

be ready to keep deleting programs in task manager as the fake chit will try to reload

FBI and or CIA need to do something about these jerks
I would favor a cruse missile or predator strike

[sailchef]

Got it. On my lap top at home. Still trying to get rid of it.

[HardDrive]

Quote:

Originally Posted by jhynesrockmtn

I've had it twice. Google it and you'll get some results. I'm not computer guy but I shut the computer down, booted it up in safe mode by hitting F8 while it was booting up, download malwarebytes and do a scan, it should find it and then clean it.

I got it visiting facebook the last time.

Spot on. I got it a few months back. SUCKS.

You have to work in safe mode, and you need to kill off the processes it kicks off manually using task manager when it tries to run. I had a hell of time with it, but managed to destroy its registry entrys manually, then get malwarebytes on board to clean up the mess.

It can be done, but just be patient.

[bell]

I brought up the task manager while it was booting me up (I use xp still), closed a few things, installed malwarebyte.....scanned......found 9 things.....
Seems to be working normal again.....

[John Rogers]

Oh Milt, what am I going to do with you??? After starting MSCONFIG select the "Services" tab then check the box to "Hide All Microsoft Services" and then disable all that are left.

In the "Startup" tab uncheck all to disable all the stuff listed as they are usually NOT Microsoft.

Then do a reboot to see what happens. The post about the malware being in a certain user's profile or area such as Documents and Settings is usually correct and most will get out to the network if the user saves anything to the network servers and then everyone gets it.

[yetibone]

Quote:

Originally Posted by bell

I brought up the task manager while it was booting me up (I use xp still), closed a few things, installed malwarebyte.....scanned......found 9 things.....
Seems to be working normal again.....

I too got it on my computer about three weeks ago. I had to use my wife's laptop to research the problem, and it seemed that most folks had good success with Malwarebytes, so I downloaded it onto a memory stick. After I started the big machine in safe mode, I copied MWB to the C:/ drive, and ran it, which found most of the Antispyware Soft files, and registry entries. That got me to where I could run exe files again without safe mode, so I ran MWB again in regular operating mode, and it found 2 more files.

No problems since then.

[jhynesrockmtn]

I just updated malwarebytes and noticed in my log that I got infected on 4/27 and 5/27. Coincidence? Have others got infected on those same dates?

[LeeH]

How can you tell the date from your log? I don't see that info.

[jhynesrockmtn]

Also, has anyone found a protection program that will stop this? I am running the free version of AVG and it obviously didn't catch it. Is it worth upgrading and buying the full version of anything like malwarebytes?