HELP - how do I get rid of "Cyber Security"?

Browntoa

follow this guide

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

and run combofix, then post the log here

Ticklemouse

ok - here's my latest problem .....

Downloaded combofix as per instructions. Shut down/disabled everything. It still said spybot was active when it wasn't so I've even uninstalled spybot and the malware program I tried yesterday, to try and reduce complications. Ok so far ... then I run combofix. After about 15-20 minutes, with nothing obvious happening, Cyber Security flags it up and asks to I want to ignore it. As Combofix already seems to have stalled, I "ignore". All seems ok but I then get the dreaded BSOD which goes after a minute and windows appears or reloads itself and the Combofix Autoscan is still flashing away as scanning. I know it says it may take some time but it's been 40 minutes now and there appears to be little or no disc activity.

Help Is it a case of take it to someone who knows what they are doing? Surely my time, patience and lack of stress must be worth paying for? I've spent another 2-3 hours this morning faffing around with it and I need to do some real life stuff. Thank heavens I have a PC, but I want my laptop back.

Yours despondantly
TM

Browntoa

kill these 2 processes ,then try combofix again ( before running it "right Click" on the combofix icon and rename it to Qwerty.exe )

tsc.exe

csc.exe


http://www.2-spyware.com/news/post203.html

Start Windows Task Manager
Use the following key combination: press CTRL+ALT+DEL or CTRL+SHIFT+ESC. This will open the Windows Task Manager.
If that didn’t work, try another way. Press the Start button and click on the Run… option. This will start the Run tool. Type in taskmgr and press OK. This should start the Windows Task Manager.

Image 1. Start the Task Manager
2. Find and terminate the process
Within the Windows Task Manager click on the Processes tab (it is in the red box). This will bring the complete list of all active tasks. Find the process by name. Names are in the first column from the left. Click on the Image Name button (it is designated by the blue box) to sort tasks in alphabetical order. Then scroll the list to find required process. Select it with your mouse or keyboard and click on the End Process button (in the green box). This will kill the process.


bit of perseverance will get it don't worry

Browntoa

or follow this first

http://www.bleepingcomputer.com/virus-removal/remove-cyber-security

Ticklemouse

Ok - latest updates....

Followed steps as per post 15! Didn't find anything

Followed steps are per No 14 - no joy

I downloaded Opera as a browser, as firefox wouldn't work. I have renamed Combofix as qwerty.exe, on the desktop as instructed. Is this enough or does Cyber Security still know it's combofix?

I tried changing the name of Malwarebytes to something else but when I look in the registry, the new name is in there but so is Malwarebytes. How do I get rid of the newly named prog without doing more damage? ANd how do I change all the fixing software progs names to fool CS?

I'm beginning to lose the will to live now

Ticklemouse

Oh another thing that might be causing a problem ....

I turned off AVG as per their instructions but it still started its scheduled scan this morning? I thought sod it, I'll uninstall it completely to save mucking around and reinstall it afterwards. Can't uninstall that either

DCFC79

Ticklemouse wrote: »

Oh another thing that might be causing a problem ....

I turned off AVG as per their instructions but it still started its scheduled scan this morning? I thought sod it, I'll uninstall it completely to save mucking around and reinstall it afterwards. Can't uninstall that either

heres the avg removal tool, click on the first item eg the 1 with 32bit in the link

Ticklemouse

Thanks DCFC79 - at least that worked first time

DCFC79

Ticklemouse wrote: »

Thanks DCFC79 - at least that worked first time

so whats the next task then

Browntoa

1. Before we can do anything we must first end the Cyber Security process so that it does not interfere with the cleaning process. To do this, download the following file to your desktop.
   
   rkill.bat Download Link
2. Once downloaded, double-click on the rkill.bat in order to automatically attempt to stop any processes associated with Cyber Security and other Rogue programs.
3. Just to be sure, we will use another program to verify that the processes are indeed terminated. To do this we must first download and install a Microsoft program called Process Explorer. Normally, we would have you use the Windows Task Manager, but this rogue will disable the ability to run it. Please download Process Explorer from the following link and save it to your desktop:
   
   Process Explorer Download Link
4. You should now have the Procexp.exe file on your desktop. You now need to rename that file to iexplore.exe. To do this, right-click on the Procexp.exe and select Rename. You can now edit the name of the file and should name it to iexplore.exe. Once it is renamed you should double-click on the file to launch it.
5. Once the program is running, you should be presented with a screen similar to the one below.
   
   
   
6. Scroll through the list of running programs until you see a process named tsc.exe. When you see this process, select the tsc.exe process by left-clicking on it once so it becomes highlighted. Then click on the red X button as shown in the image below. Newer versions of this executable may be using names consisting of random numbers or characters. If you see a process that is composed of random numbers or characters and has a shield icon or a padlock icon next to it, then you have found the process you need to terminate. If you do not see any processes using random characters or with the name tsc.exe, please continue to step 9.
   
   
   
7. When you click on the red X to kill the process, Process Explorer will ask you to confirm if you are sure you want to terminate it as shown in the image below.
   
   
   
   
   At this point you should press the Yes button in order to kill the process.