![]() |
|
|
|
Student of the obvious
Join Date: May 2000
Location: Phoenix
Posts: 7,714
|
Anyone here had do deal with "Antispyware Soft" virus?
I'm not a violent person by nature, but I could do some damage to whoever created this piece of work. I've spent two full days running various anti-malware programs. Thought MS Security Essentials knocked it out... I was able to work all day with no issues, but then it just popped up again. This thing is relentless.
And no, it wasn't the result of visiting a porn site. I'm 99% sure it was from a song lyric site. At some point I had a window pop up that said I should update my Java. It looked real enough that I took the bait. ![]()
__________________
Lee Last edited by LeeH; 05-29-2010 at 09:42 AM.. |
||
![]() |
|
Zink Racer
Join Date: Aug 2005
Location: Spokane WA
Posts: 3,996
|
I've had it twice. Google it and you'll get some results. I'm not computer guy but I shut the computer down, booted it up in safe mode by hitting F8 while it was booting up, download malwarebytes and do a scan, it should find it and then clean it.
I got it visiting facebook the last time.
__________________
Jerry 1964 356, 1983 911 SC/Carrera Franken car, 1974 914 Bumblebee, a couple of other 914's in various states of repair |
||
![]() |
|
Registered
|
+1 Malwarebytes.
__________________
A nose heavy airplane flies poorly, a tail heavy plane flies once. |
||
![]() |
|
Bollweevil
Join Date: Dec 2003
Location: Fulshear, Texanistan
Posts: 3,361
|
One thing to remember re: Malwarebytes. If you are running the free version, it is not self-updating. I picked up another trojan anti-spyware virus a couple of days ago. When I ran Malwarebytes to kill it, Malwarebytes (which I had last updated aout 6 months ago) did not find anything. After updating to the current version, it picked up 8 infected objects.
__________________
Jack 74 911 Coupe 2.7L - K21 Option - S suspension |
||
![]() |
|
Registered
|
I'm battling this now.
How can i download Malwarebytes when in the safe mode. I tried but can't get on line in the safe mode. I'm logged on to the same computer that's infected, but i'm in a limited access and can't download anything from here. I've tried Adaware se,AVG,Cclean Registration mechanic nothing will deal with it. Any help would be appreciated.
__________________
Pete 79 911SC RoW "Tornadoes come out of frikkin nowhere. One minute everything is all sunshine and puppies the next thing you know you've got flying cows".- Stomachmonkey |
||
![]() |
|
one of gods prototypes
|
I too am dealing with the same issue......first time fb has bit me.....
__________________
Brought to you by Carl's Jr. |
||
![]() |
|
![]() |
Registered
Join Date: Dec 1969
Location: chula vista ca usa
Posts: 5,700
|
We covered getting rid of software like this in the computer class I teach last week and we did this:
- Run MSCONFIG by clicking "start" then "Run" and type that in and press enter. - Disable ALL the non Microsoft programs that run at startup and reboot. This will still let you have internet access. - Use Regedit to find the offending software entries and delete them and also the software from your drive(s). - Use MSCONFIG again and turn on each program to make sure you deleted it. This will require multiple restarts to make sure it is gone and you did not miss a registry entry somewhere. I am against a program that is used to get rid of specific software as that generally means that something fishy is going on and the cure can end up being as bad as the malware. Try to remember where you were connected when the software showed up and stay away from that site in the future if possible. |
||
![]() |
|
Stay away from my Member
Join Date: Aug 1999
Location: Agoura, CA
Posts: 5,773
|
One of my guys at work got this the other day -- shockingly it got past our multiple layers of scanners and filters. It seems isolated to a specific user's profile. I found the offending exe under the "local data" folder within his profile (on the c:\ drive) and deleted it, while logged-on as the local admin. Problem immediately gone.
__________________
Chris C. 1973 914 "R" (914-6) | track toy 2009 911 Turbo 6-speed (997.1TT) | street weapon 2021 Tesla Model 3 Performance | daily driver 2001 F150 Supercrew 4x4 | hauler |
||
![]() |
|
Student of the obvious
Join Date: May 2000
Location: Phoenix
Posts: 7,714
|
This video (legit from youtube) is ultimately the procedure I followed and what seems to have worked. The ComboFix program is pretty much a sledge hammer. You may lose some things you wanted to keep. I lost a lot of photos, but I had them backed up elsewhere. You have no control over ComboFix once it's running. Also, it takes a lot longer to run than what is shown in the video.
I'm rerunning Malwarebytes and it's picked up three items. Hopefully they're minor and not a sign I'm not done fighting this thing. I can't believe that the FBI hasn't tracked down the folks responsible for this virus. Seems like all they'd have to do is pay the money to the fake spyware company then follow it to the criminals.
__________________
Lee Last edited by LeeH; 05-29-2010 at 08:28 AM.. |
||
![]() |
|
Registered
Join Date: Jan 2002
Location: Long Beach CA, the sewer by the sea.
Posts: 37,781
|
Quote:
Quote:
|
||
![]() |
|
coulda, woulda, shoulda
Join Date: Nov 2001
Location: Louisiana
Posts: 2,659
|
had it a few days ago. found that if I coud start Malwarebytes before the antispyware thing loaded, I could get it removed. if I waited too long, once it started, none of my avg/malware/spybot programs would run.
__________________
John 74 911s They laugh at me because I am different. I laugh at them because they are all the same. |
||
![]() |
|
Banned
Join Date: Jan 2005
Location: cutler bay
Posts: 15,141
|
Quote:
if it willnot shutdown ie protected by MS windoz popups leave it be trick is do the cont-alt-delete as soon as you can at start up to get into task manager and kill everything you can quickly then run malwarebites before the fake virus chit loads be ready to keep deleting programs in task manager as the fake chit will try to reload FBI and or CIA need to do something about these jerks I would favor a cruse missile or predator strike |
||
![]() |
|
![]() |
1980 911 SC
|
Got it. On my lap top at home. Still trying to get rid of it.
__________________
Life's a Beach |
||
![]() |
|
Slackerous Maximus
Join Date: Apr 2005
Location: Columbus, OH
Posts: 18,185
|
Quote:
You have to work in safe mode, and you need to kill off the processes it kicks off manually using task manager when it tries to run. I had a hell of time with it, but managed to destroy its registry entrys manually, then get malwarebytes on board to clean up the mess. It can be done, but just be patient.
__________________
2022 Royal Enfield Interceptor. 2012 Harley Davidson Road King 2014 Triumph Bonneville T100. 2014 Cayman S, PDK. Mercedes E350 family truckster. |
||
![]() |
|
one of gods prototypes
|
I brought up the task manager while it was booting me up (I use xp still), closed a few things, installed malwarebyte.....scanned......found 9 things.....
Seems to be working normal again.....
__________________
Brought to you by Carl's Jr. |
||
![]() |
|
Registered
Join Date: Dec 1969
Location: chula vista ca usa
Posts: 5,700
|
Oh Milt, what am I going to do with you??? After starting MSCONFIG select the "Services" tab then check the box to "Hide All Microsoft Services" and then disable all that are left.
In the "Startup" tab uncheck all to disable all the stuff listed as they are usually NOT Microsoft. Then do a reboot to see what happens. The post about the malware being in a certain user's profile or area such as Documents and Settings is usually correct and most will get out to the network if the user saves anything to the network servers and then everyone gets it. |
||
![]() |
|
Fast Acting, Long Lasting
Join Date: Aug 2007
Location: Eastern Chatham co. NC.
Posts: 1,171
|
Quote:
No problems since then.
__________________
Eighteen ways to burn fuel. |
||
![]() |
|
Zink Racer
Join Date: Aug 2005
Location: Spokane WA
Posts: 3,996
|
I just updated malwarebytes and noticed in my log that I got infected on 4/27 and 5/27. Coincidence? Have others got infected on those same dates?
__________________
Jerry 1964 356, 1983 911 SC/Carrera Franken car, 1974 914 Bumblebee, a couple of other 914's in various states of repair |
||
![]() |
|
Student of the obvious
Join Date: May 2000
Location: Phoenix
Posts: 7,714
|
How can you tell the date from your log? I don't see that info.
__________________
Lee |
||
![]() |
|
Zink Racer
Join Date: Aug 2005
Location: Spokane WA
Posts: 3,996
|
Also, has anyone found a protection program that will stop this? I am running the free version of AVG and it obviously didn't catch it. Is it worth upgrading and buying the full version of anything like malwarebytes?
__________________
Jerry 1964 356, 1983 911 SC/Carrera Franken car, 1974 914 Bumblebee, a couple of other 914's in various states of repair |
||
![]() |
|