Help Please Laptop Infected

Browntoa

should run Rkill in Normal mode

yes, you should get that message if it works

patman99

No, the whole process works only in safe mode. System Rescue/Tools copies itself into Windows System Restore folders. As these are locked-out to normal access (i.e. virus scans) when Windows is in 'normal' mode, Malwarebytes cannot access them to clean them of the infection. So the rogueware simply re-installs itself the next time you reboot.

By booting into safe mode, the System Restore folders are not locked, so AV and Anti-malware programs can scan and clean them. This is why all the better AV programs after install, do a first-time scan before Windows loads-up.

patman99

beachlou wrote: »

I can't get onto the internet in safe mode so I can't download malwarebytes. I have downloaded it to my USB stick (have no disk drive on my alternative laptop) & have tried to run it but the virus is still there. ANy ideas on where to go from here? Thanks

In 'Safe mode with Networking Support' only wired connections are supported. Wireless support is not built-in to Windows. To download stuff in SMWNS you will need to connect with a cable.

Btw, I have been using 'ImmunetProject' alongside my regular AV program. It's a cloud-based AV, so adds a 2nd layer of protection without interfering with the regular AV.

Al1x

krazykidskate wrote: »

Just wondered where you think you got the virus from?

We got it from ebay

patman99

As it is a data-miner, just make sure that when you have cleared-it off, you go to all the sites you regularly buy from and change your passwords. Also, keep a very close eye on your Bank statements and at the first sign of fraudulent activity, get your account details and any cards you have changed.

sunshine01

patman99 wrote: »

You should have a list of your Operating systems, above this should be a list something like this -

Safe Mode
Safe Mode with Network Support
Command Line only

Last Good boot

Start Windows normally


If your normally get a menu when you boot asking you to select your O/S, then you need to select your O/S, then hit 'F8'

I definitely dont have any of those modes come up,(I know I have previously).

I have been able to download malware and Rkill as suggested but on a Mac to a CD, and cannot get either of them to open. Both come up with messages that the files cannot be opened and have the .exe on the end
Do you have any suggestions of other ways I can try. thanks

huggsy

Just a quick update my daughter in law has just been on the phone and friends of theirs have got it and they were on ebay

patman99

I must have been lucky, I have been on Ebay all week and so far no infection.

aliEnRIK

Can anyone please explain exactly which page they were on or what they were doing on ebay when it infected them?

huggsy

My son was looking through the listings for a new van and his friends were also looking at cars, I have been on ebay myself quite a bit last week and must have been very lucky.