I have a serious infection

samdd

Hi Guys.. Picked up a prety agressive virus/malware from an email attachment.

The infection has shut down and isolated Windows Firewall and also done the same to Malwarebytes. Thinking i could outsmart the it, I downloaded installed and updated a new version of Mbam and then run a scan. About 20 seconds into the scan the virus shut it down completly and isolated it again.

As far as i can make out its an advertising infection within the two browsers, ie & FF. It has also added a toolbar that will not uninstall.

It looking more like a format but thought id ask here incase anyone has come across this nasty bit of Sht before.

Thank in advance for any tips..

GunJack

can you try MBAM in Safe Mode ???

samdd

GunJack wrote: »

can you try MBAM in Safe Mode ???

Hi. thanks for your reply. I thought the same thing and tried the safemode option. It appears that once the infection has isolated mbam then its totally isolated becase it give the same message in safemode and will not load.

Its a pretty smart virus becasue when you type into Google any words to do with virus removal etc the browswer goes bannans and throws huge amounts of adds at you..

Is there another way? id hate to start over agin on a fresh install..

GunJack

either:-

1. download and save to desktop Combofix (but in the download process rename the file qwerty) and see if it'll run.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

2. download RKILL to desktop (as above, rename during download), run that, then mbam.

3. http://www.avira.com/en/support-download-avira-antivir-rescue-system

on another pc, download the .iso file from this page, and burn it to a disk using nero, imgburn, etc (a burning prog whch will burn .iso files) Reboot the infected pc from this disk, update and run a scan. Chances are it'll get enough of the infection for mbam to get the rest later

any of these may work....

samdd

GunJack wrote: »

either:-

1. download and save to desktop Combofix (but in the download process rename the file qwerty) and see if it'll run.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

2. download RKILL to desktop (as above, rename during download), run that, then mbam.

3. http://www.avira.com/en/support-download-avira-antivir-rescue-system

on another pc, download the .iso file from this page, and burn it to a disk using nero, imgburn, etc (a burning prog whch will burn .iso files) Reboot the infected pc from this disk, update and run a scan. Chances are it'll get enough of the infection for mbam to get the rest later

any of these may work....

Combo fix and RKill will download but dont give the option to Save-as, they go directly into downloads. Should i cut them over to desktop and remane the source file?

Reluctant_spender

Download to a clean computer and rename before transferring.

TakeThis

System Restore no good?

Windows 7?

These instructions will assist you:

Download and save this Windows 7 Recovery Disc Image to a working computer if Windows 7 32 bit or this image if Windows 7 64 bit.
Next, download and install ImgBurn(No need to install the Google Toolbar. Remove the relevant tick). Burn the Image to Disc. Use this guide(skip step 2b)

You can then use these instructions to assist you with a System Restore. Further to that we will have access to the Registry via Command Prompt.

System File Checker

dacouch

GunJack wrote: »

either:-

1. download and save to desktop Combofix (but in the download process rename the file qwerty) and see if it'll run.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

2. download RKILL to desktop (as above, rename during download), run that, then mbam.

3. http://www.avira.com/en/support-download-avira-antivir-rescue-system

on another pc, download the .iso file from this page, and burn it to a disk using nero, imgburn, etc (a burning prog whch will burn .iso files) Reboot the infected pc from this disk, update and run a scan. Chances are it'll get enough of the infection for mbam to get the rest later

any of these may work....

The mbeep is great and sorted me out when I had an agressive bug, one tip I found helpful is to open internet explorer or avira or mwarebytes etc etc as "Administrator" (In vista or windows) as this normally fools the bug and allows you to run the programs.

scotty1971

try the GUM clinic

samdd

This infection a very smart malware program. Im having to work in Safe mode becasue windows is crashing (BSOD) If the malware even gets a sniff im trying to remove it then it throws a total wobbly and shuts the computer or BSOD. It's even reading what im typing into google and replaces the google webpage with simular finds.

I only have one pc available to me so unable to dowload to a clean machine.

I downloaded Combofix and RKill by changing the download options in FF but both were grabbed and uninstalled by the malware while running.

I found a portable version of Mbam and downloaded to a mem stick and tried that but again, the malware grabs it and closes it down. Something ive noticed is that the malware is reproducing itself by grabbing folders and converting them into EXE's... if i double click to open the folder it runs a EXE infection..

This isnt good and i feel ive got no other option but to format the Hdd and run a fresh install.

samdd

dacouch wrote: »

The mbeep is great and sorted me out when I had an agressive bug, one tip I found helpful is to open internet explorer or avira or mwarebytes etc etc as "Administrator" (In vista or windows) as this normally fools the bug and allows you to run the programs.

What is Mbeep?