PDA

View Full Version : Removing Virus /Malware



learning
31-01-2011, 12:07 AM
I have Windows Vista and have Kaspersky Int Security and Malwarebytes and installed on PC.

Now one of the user profiles is infected with one of those pesky fake Antivirus virus/malware.

When logged in with that profile It changes the desktop to big red warning and then runs a fake virus scanner called "System tool protect your PC"
It kills Kaspersky and doesnt allow task manager to open etc.

I have logged in with another profile and run scan of virus and malwarebytes on that specific virus infected profile but nothing gets detected.

I know i can just wipe that profile and start fresh but i would really like to fix it first and use that as last option.

Any tips on fixing this ?

Speedy Gonzales
31-01-2011, 12:19 AM
Boot into safe mode / networking then post a HJT log. Then we can see what else is on it. And install something else besides Kaspersky

learning
01-02-2011, 07:26 PM
Boot into safe mode / networking then post a HJT log. Then we can see what else is on it. And install something else besides Kaspersky

thanks speedy booting into safe mode w /networking and running malwarebytes fixed it. it found the following infection:



Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\RunOnce\cLoBoJg08600 (Rogue.SystemTool.M) -> Value: cLoBoJg08600 -> Quarantined and deleted successfully.

Files Infected:
c:\programdata\clobojg08600\clobojg08600.exe (Rogue.SystemTool.M) -> Quarantined and deleted successfully.

Speedy Gonzales
01-02-2011, 07:32 PM
Sweet ! Now I would replace Kaspersky, with something else

lakewoodlady
01-02-2011, 07:36 PM
Cool, glad to hear that was fixed. I would recommend installing Microsoft Security Essentials instead of Kaspersky as an anti-virus.

LL

pctek
02-02-2011, 07:40 AM
I would also install Spybot as well. One antispyware isn't enough.
It can scan all profiles:

To scan your system including installations on other partitions, right-click the link/icon you use to start Spybot-S&D, click on Properties, then on the tab shortcut and insert /allhives (separated by a space from the rest) in the box target. If you start Spybot-S&D through this link, it will automatically detect other installations, and scan their registries and files as well. From now on, that will happen every scan, so please delete the command /allhives if you do not want to scan several hives any longer

kjaada
02-02-2011, 10:37 AM
I recently had a BAADD experiance with Malware and would like others to be aware.
My partner on W7 with MALWAREBYTES free installed downloaded a beaut screen saver.
When she started to install it there was sort of an explosion and a popup saying (something like)
you have malware get malware bytes pro $41.00.
I okd that and entered my details and then decided I had been ripped off and closed down the puter.
What I did not realize was We had malware and to fix it we needed the paid up version of MWB.
and then should have run it.
Because I did not understand what was happening I ended up with a root kit which cost a lot of time and effort by professionals to put right.

Speedy Gonzales
02-02-2011, 11:12 AM
Be careful where you download files from. Some are dodgy. And do a search in google / other to see what it does before you get it / install it

kjaada
02-02-2011, 11:28 AM
The point I was trying to make was:
After I brought MWB I had 2nd thoughts and should not have closed down but should have run
(the now paid version of MWB) and I guess all would have been OK.