Member Avatar for chess77

The Best Way to Remove Viruses, Spyware and other Malware

Much of today’s malicious software features very technically sophisticated defenses against detection.

The method for you remove virus: boot the infected computer using a CD, DVD or USB flash drive and run another operating system off the bootable media.

Crunchie, Hi I've got a really Nasty Virus on my Brother-in-laws Computer. In normal mode it keeps popping up with Windows Defense not allowing anything to run. I uninstalled Windows defense in safe mode, but it's not allowing me to run system restore to a previous date, or allowing me to read any media so I can't load antivirus or malwalebytes to his system. He has mcafee installed on his system but it doesn't start up. Won't start manually either. In safe mode I downloaded malwarebytes, but when I click on it , it doesn't run.

Should I start a new Thread?
Steve

  • 3 Contributors
  • 10 Replies
  • 152 Views
  • 5 Days Discussion Span
  • Latest Post Latest Post by PhilliePhan

Recommended Answers

All 10 Replies

Member Avatar for caperjack

Crunchie, In safe mode I downloaded malwarebytes, but when I click on it , it doesn't run.?

hi did you try changing malbytes.exe to fix.exe and try running it

Member Avatar for chess77

hi did you try changing malbytes.exe to fix.exe and try running it

That was a good Idea, it allowed me to install Malwarebytes but it won't start. As I said this is a nasty one. I'm even trying this in safe mode.

I don't know how he picked it up, System restore doesn't work.

I also tried changing the name of combofix to spider and and it hangs says it has corrupted files.

I'm presently running symantec trojan.ramvicrype which I copied a tetris Its scanning but there are a lot of documents, 4 years worth it seems.

Member Avatar for chess77

symantec trojan.ramvicrype didn't find the virus/malware. I believe this is a new improved bug, and it looks like it can prove disasterous. Whoever did this should be hung by his/her Toes. "Windows Defense" is the website it wants to go to for the fix. This computer can't boot from USB so I need a bootable CD, with antivirus software on it.

Member Avatar for caperjack

That was a good Idea, it allowed me to install Malwarebytes but it won't start. .

go the folder in program file where malwarebytes is install and rename its exe there also

Member Avatar for chess77

Hi

I got a thread from a tech at malwarebytes and loaded. 1st scan had 155 threats, now I'm down to 1 which keeps restarting. It's a rootkit and I was told to run combofix.

Note that I can't get combofix to install. It actually gets removed from my flashdrive ever when it's renames. Copying from CD it says the file is corrupt after it starts to load.

Edited by chess77 because: n/a
Member Avatar for PhilliePhan

Hi
I got a thread from a tech at malwarebytes and loaded. 1st scan had 155 threats, now I'm down to 1 which keeps restarting. It's a rootkit and I was told to run combofix. . . .

If you are being helped in another forum, you should continue there.
Less confusion that way.

Cheers :)
PP

Member Avatar for chess77

OK Thanks for your help so far. Between you and MalwareBytes I got down to one evil Bug. I was able to get a program to create a bootable CD with McAfee on it. But their latest definition file didn't correct this rootkit problem. Hopefully noone else get this.

Member Avatar for PhilliePhan

OK Thanks for your help so far. Between you and MalwareBytes I got down to one evil Bug. I was able to get a program to create a bootable CD with McAfee on it. But their latest definition file didn't correct this rootkit problem. Hopefully noone else get this.

Having not seen any logs, I am 100% guessing, but you may have one of the MBR Rootkits that is going around.
No need to panic.
If you can boot to recovery console (via Windows disc or burn an ISO) and use the fixmbr command, that might help.
Chances are also good that a valid system file has been modified (I see a lot of atapi.sys modifications) and with any luck, combofix will address that.

But again, if somebody in another forum is guiding you through combofix run, it is best you stick with them to avoid conflicting instructions.

-- You may suggest to them to talk you through the running of GMER as well.....

Best Luck :)
PP

Member Avatar for chess77

Having not seen any logs, I am 100% guessing, but you may have one of the MBR Rootkits that is going around.
No need to panic.
If you can boot to recovery console (via Windows disc or burn an ISO) and use the fixmbr command, that might help.
Chances are also good that a valid system file has been modified (I see a lot of atapi.sys modifications) and with any luck, combofix will address that.

But again, if somebody in another forum is guiding you through combofix run, it is best you stick with them to avoid conflicting instructions.

-- You may suggest to them to talk you through the running of GMER as well.....

Best Luck :)
PP

Thank you
Everything I do seems to be making progress with the system.
Now McAfee software runs but it has a problem and I've been told to uninstall and reinstall it. The Tech I'm working with at Malwarebytes suggested ComboFix, I still can't get ComboFix to run
even changing the name, says files are corrupt, but doesn't remove it from the system now. I can send you a HackThis Scan after the ESET Scan completes. so far it found 1 ExploitPofka.ASD trojan.
Any help is greatly appreciated. Have a Happy & Healthy New Year.

Member Avatar for PhilliePhan

Have a Happy & Healthy New Year.

The same to you :)

You very likely have a rootkit that is preventing the running of these tools. There are ways to get around this and I'm certain your advisor at Malwarebytes can talk you through it. I would imagine they'll have you run GMER or another ARK tool to pinpoint the baddie.

Cheers :)
PP

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.