Posted: 5/29/2011 7:16:17 AM EDT
| I got a spyware program that will not come off my PC, it causes crashes and search redirects. I have used crapcleaner / combofix / vundofix / zone alarm / spywareblaster and super anti spyware removal. None will take it off. The program is called "defender" or bitdefender and it shows the company as "MIT". I have searched for a removal tool , but no luck. System restore will not restore my pc to an earlier date either, Any ideas? |
|
Quoted:
download virus removal tool from clean pc, boot infected computer into safe mode, disable system restore, remove virus, reboot, enable system restore. meaning you have to do some research and find the correct utility that will remove the SPECIFIC virus from your computer. you most likely will not just be able to simply "uninstall" it. |
|
Try this: Malwarebytes removal tool. The page I've linked above walks you through the process. HTH m |
|
Sometimes viruses/malware are so bad and so hard to remove, that the easiest fix is to format the drive and reinstall the OS. You can spend days trying to get rid of the malware/virus or you can spend a couple of hours reinstalling the OS and all your programs.
I think I caught this same malware a couple of weeks ago on my work system (a bunch of people at work got infected with it). The malware pretended to be a Windows virus detection utility and would claim it found like 35 viruses on my system. It took control of my system and kept taking me to some webpage to trick me into buying something to remove the virus/malware. McAfee would not detect it even in safe mode, and Malwarebytes would not get rid of it totally. After 3 hours of screwing with it deleting files and editing the registry to no avail, I just formatted and reinstalled the OS. |
|
Quoted:
Sometimes viruses/malware are so bad and so hard to remove, that the easiest fix is to format the drive and reinstall the OS. You can spend days trying to get rid of the malware/virus or you can spend a couple of hours reinstalling the OS and all your programs. I think I caught this same malware a couple of weeks ago on my work system (a bunch of people at work got infected with it). The malware pretended to be a Windows virus detection utility and would claim it found like 35 viruses on my system. It took control of my system and kept taking me to some webpage to trick me into buying something to remove the virus/malware. McAfee would not detect it even in safe mode, and Malwarebytes would not get rid of it totally. After 3 hours of screwing with it deleting files and editing the registry to no avail, I just formatted and reinstalled the OS. The OS can always be salvaged. It just depends on your experience and commitment. Sure there are times when formatting is best option, it's a sure bet and the computer will run better after the re-install but cleaning computer of malware is one of my many hats I wear and when it's a customer system, salvaging the OS is the better option so that everything stays how it was when the customer gave you the computer. |
|
Reinstall everything. Buy Acronis TrueImage and an external hard drive and perform regular backups of your PC. Don't install anti-virus software; Windows Update has tools that manage malware removal automatically and third party tools tend to be a pain in the ass. If you catch something, perform a backup using TrueImage, then perform a restore from the most recent backup from before your PC gets infected. Use the past-infection backup to copy over any files that you may have saved.
TrueImage can restore 30GB in less than 10 minutes. Restoring around 250GB seems to take less than a couple hours. You can not be sure the malware is gone just because a utility says it's gone. You are better off reinstalling. |
|
Quoted:
Try this: Malwarebytes removal tool. The page I've linked above walks you through the process. HTH m The "bitdefender" icon i have looks like the windows icon. I think it is trying to impersonate a legit program. I think it is different from the real "bitdefender". |
|
Quoted: Quoted: Try this: Malwarebytes removal tool. The page I've linked above walks you through the process. HTH m The "bitdefender" icon i have looks like the windows icon. I think it is trying to impersonate a legit program. I think it is different from the real "bitdefender". Maybe. It can't hurt to try it...Worst case, you've spent 15 minutes on another malware tool. If it works as designed, you're done, and you've saved a re-install. http://www.malwarebytes.org/ m |
|
Run malwarebytes anti-malware via safe mode command prompt. If that doesn't work, then run system restore via safe mode command prompt and go back to a safe date(then run MBAM in safe mode command prompt again). These are the steps I use when I have a PC with a stubborn malware app that can't be removed through normal means. I rarely have to take it to this point, and have never needed to escalate it to further steps such as wiping and re-installing the OS. ETA: Also, it's worth noting that malware is becoming a LOT more resistant to normal removal methods and has become a lot more annoying. Example, a lot of malware these days is designed to re-write the rules for the way executables open via the registry. This basically translates to "when you try to open any program, it opens the malware app instead." It's incredibly annoying, but can be fixed. You can either create a txt document and input the commands to reset those executable rules or you can download a pre-made one online which can be found in thousands of places. Run this fix and you regain your ability to run executables, which will let you open your browser / download anti-malware apps / etc. |
|
Quoted:
Quoted:
Quoted:
Try this: Malwarebytes removal tool. The page I've linked above walks you through the process. HTH m The "bitdefender" icon i have looks like the windows icon. I think it is trying to impersonate a legit program. I think it is different from the real "bitdefender". Maybe. It can't hurt to try it...Worst case, you've spent 15 minutes on another malware tool. If it works as designed, you're done, and you've saved a re-install. http://www.malwarebytes.org/ m 15 min and $25. |
|
You may want to try running a program called 'rkill' it will detect and stop root kit viruses- and then you run can malware bytes and maybe super anti spyware. http://www.superantispyware.com/
If that doesn't wok- it's only about an hour to reinstall the OS and be sure it's clean. |
|
Quoted: Quoted: Quoted: Quoted: Try this: Malwarebytes removal tool. The page I've linked above walks you through the process. HTH m The "bitdefender" icon i have looks like the windows icon. I think it is trying to impersonate a legit program. I think it is different from the real "bitdefender". Maybe. It can't hurt to try it...Worst case, you've spent 15 minutes on another malware tool. If it works as designed, you're done, and you've saved a re-install. http://www.malwarebytes.org/ m 15 min and $25. There is a free version. Two major differences: It doesn't run automatically, and it doesn't scan active memory. For what you want to do, the free version is fine. m |
|
Quoted:
Quoted:
Quoted:
Quoted:
Quoted:
Try this: Malwarebytes removal tool. The page I've linked above walks you through the process. HTH m The "bitdefender" icon i have looks like the windows icon. I think it is trying to impersonate a legit program. I think it is different from the real "bitdefender". Maybe. It can't hurt to try it...Worst case, you've spent 15 minutes on another malware tool. If it works as designed, you're done, and you've saved a re-install. http://www.malwarebytes.org/ m 15 min and $25. There is a free version. Two major differences: It doesn't run automatically, and it doesn't scan active memory. For what you want to do, the free version is fine. m 
If the proactive protection wasn't needed this thread would have never been created. |
|
Quoted:
The OS can always be salvaged. It just depends on your experience and commitment. No, it cannot. You can never be certain you've found and removed every vestige of a virus or worm. You might decide that the risk of a backdoor or keystroke logger or other malware remaining on your system is not worth a reinstall, but that is very different from being certain your system is secure. There's a reason why we say an infected PC is "compromised". |
|
Quoted:
Quoted:
Quoted:
Quoted:
Quoted:
Try this: Malwarebytes removal tool. The page I've linked above walks you through the process. HTH m The "bitdefender" icon i have looks like the windows icon. I think it is trying to impersonate a legit program. I think it is different from the real "bitdefender". Maybe. It can't hurt to try it...Worst case, you've spent 15 minutes on another malware tool. If it works as designed, you're done, and you've saved a re-install. http://www.malwarebytes.org/ m 15 min and $25. There is a free version. Two major differences: It doesn't run automatically, and it doesn't scan active memory. For what you want to do, the free version is fine. m Thanks, i am trying this now. |
|
Quoted:
Sometimes viruses/malware are so bad and so hard to remove, that the easiest fix is to format the drive and reinstall the OS. You can spend days trying to get rid of the malware/virus or you can spend a couple of hours reinstalling the OS and all your programs. I think I caught this same malware a couple of weeks ago on my work system (a bunch of people at work got infected with it). The malware pretended to be a Windows virus detection utility and would claim it found like 35 viruses on my system. It took control of my system and kept taking me to some webpage to trick me into buying something to remove the virus/malware. McAfee would not detect it even in safe mode, and Malwarebytes would not get rid of it totally. After 3 hours of screwing with it deleting files and editing the registry to no avail, I just formatted and reinstalled the OS. I have xp on a HP that does not have a backup disc, it has it on the drive. Can i still do a reformat, or do i need a OS disc? |
|
Quoted:
Quoted:
The OS can always be salvaged. It just depends on your experience and commitment. No, it cannot. 
I do it daily man. If you're true to what you're saying then you'd have the customer change all the passwords to any account that has ever been logged onto from that computer after it's been infected and how would you as the tech even know of all the places they been? |
|
Quoted: ive kinda got the same prob with my PC but i can't boot into safe mode because it's an old PC from work and i dont have admin rights, anyway around this? Is it your PC now, and not work-owned? If so, you should have wiped and reinstalled the OS when you got it...might as well do it now. If it's work-owned, then you apparently need their tech admin to do whatever needs to be done. |
|
yea it is mine but ive tried reinstallin XP and it asks me for a password to continue and i type in my login password and it says " incorrect password, check with system admin " then the system shuts down and boots back up and returns me to the login screen
ETA: the system was fine till the girlfriend went on facebook and got something |
|
I run into this all the time. I've found that when this shit first shows up on your machine, the simplest fix seems to be to just immediately hold down the power button until the machine hard shuts down, then do a last-known-good to deal with the reg changes and then run Spybot. Works for me (I work in an XP environment). If you don't do that RIGHT AWAY, then it gets much more difficult and time-consuming to deal with.
The redirects you speak of are caused because the malware has modified your host file. C:\windows\system32\drivers\etc\hosts. You need to be logged in as an administrator to edit it. |
|
Quoted:
I run into this all the time. I've found that when this shit first shows up on your machine, the simplest fix seems to be to just immediately hold down the power button until the machine hard shuts down, then do a last-known-good to deal with the reg changes and then run Spybot. Works for me (I work in an XP environment). If you don't do that RIGHT AWAY, then it gets much more difficult and time-consuming to deal with. The redirects you speak of are caused because the malware has modified your host file. C:\windows\system32\drivers\etc\hosts. You need to be logged in as an administrator to edit it. I am logged in as HP administrator. |
|
Quoted:
Quoted:
If i reformat, do i lose my music and pictures? yep. and drivers. My pc did not come with hardly any cd's. will i be able to access my desktop / internet to reinstall drivers? Will my programs like backup come back after or will i have to save to discs before i format? What is the process for formatting?  I love technology
|
| Have you tried turning off the PC by just holding down the power button? Maybe you'll get lucky and the Windows did not shut down properly screen will come up when you reboot. If it does, choose safe mode with networking, then run malwarebytes. Also, get yourself CCleaner. |
|
Quoted:
Try this: Malwarebytes removal tool. The page I've linked above walks you through the process. HTH m This. Then keep it running. Malwarebytes is good enough to buy just because it's the only one that will fully uninstall the "fake anti-virus/anti-malware" malware crap. |
|
Quoted:
Quoted:
The OS can always be salvaged. It just depends on your experience and commitment. No, it cannot. You can never be certain you've found and removed every vestige of a virus or worm. You might decide that the risk of a backdoor or keystroke logger or other malware remaining on your system is not worth a reinstall, but that is very different from being certain your system is secure. There's a reason why we say an infected PC is "compromised". your joking right? obvious lack of knowledge is obvious. a computer is only as compromised as the users knowledge. i would know if a keylogger or backdoor was installed pretty damn quick...wireshark/bt5 ftw. re-format means you just gave up and the virus won. it's a loser's solution when it comes to removing a virus. just about every virus database'd has a removal process/procedure. like i said earlier, you need to boot into safe mode and run the specific virus removal software for your infection. you should not need networking in order to do this, because you should have downloaded the removal tools on a clean computer and put them on a clean flash drive. if for some reason you don't have another uninfected computer to download the programs to, then just boot your infected computer into safe mode with networking and you should be able to still download and access what you need. |
|
Quoted:
Have you tried turning off the PC by just holding down the power button? Maybe you'll get lucky and the Windows did not shut down properly screen will come up when you reboot. If it does, choose safe mode with networking, then run malwarebytes. Also, get yourself CCleaner. i have ccleaner––no good. yes i tried holding down the power button––no good. |
|
Yeah, DO NOT CLICK THAT LINK. |
|
Why? It's a step by step on how to get rid of a virus. Quoted: Yeah, DO NOT CLICK THAT LINK. |
|
Quoted:
Why? It's a step by step on how to get rid of a virus. Quoted:
Yeah, DO NOT CLICK THAT LINK. WOT has it flagged for safety/trust, so don't install software from there or give them cash. Web of Trust plugin on Firefox works pretty good. |