Malware Alert...System Tool 2011! RESOLVED

It takes over your entire computer

Tuesday, March 1, 2011 by jazzymjr | Discussion: Personal Computing

Just wanted to alert everyone about a very nasty piece of malware out there! 

My companion was the recipient of this "nice" piece of software.  He is running Windows 7, 32 bit.  He has no idea how he got it.  Anyway, it takes over your whole computer, and you cannot even open any executable on your computer.  It tells you that your computer is infected...it even takes over your desktop.  It disables eveything.  You cannot even get into safe mode to try to run a anti-malware program to try to get rid of it.  It even blocks all your system restore backups!  What a piece of work!  I am hoping that I can get to his documents folder and copy that...I can't remember if I put that on a different partition or not...I sure hope I did!  I am going to have to wipe and re-install everything for him. 

First Previous Page 1 of 3 Next Last
Jafo
Reply #1 Tuesday, March 1, 2011 7:15 AM
DrJBHL
Reply #2 Tuesday, March 1, 2011 7:18 AM

DON'T! You don't have to do all that, MJ.

Here: http://www.wiki-security.com/downloader/SpyHunter-Installer.exe 

or:

 

 

DrJBHL
Reply #3 Tuesday, March 1, 2011 7:19 AM

how did he sneak that in? 

sydneysiders
Reply #4 Tuesday, March 1, 2011 7:49 AM

ahhh..... so that is what I have..... I have been on an old lappy for a week.....  blocks everything...including the net....gave up... 

thanks for the headsup jazzy....

DrJBHL
Reply #5 Tuesday, March 1, 2011 8:19 AM

See if you can download the tool, and put it on a flash drive, then transfer it to the laptop, Syd...

Hope that works for you.

ElanaAhova
Reply #6 Tuesday, March 1, 2011 8:32 AM

I'm not a windows 7 person,  still on XP.  Can you boot from a different drive, or boot insafe mode, and then restore to an earlier point, etc.?

My system was infected with the infamous 'facebook trojan.'  After a week i finally had to reformant my hd, and reinstall windows.  I hope you get your system cleaned more easiallly than I did mine.   There is hope, many very knowledgabe people on this site who will give excellent' suggestions.

 

sydneysiders
Reply #7 Tuesday, March 1, 2011 8:45 AM

I'm on XP..... no safe mode... no restore points... no nuttin...

might give that a go doc... just over it at the moment........looking at getting a new PC.... 'bout time I bit the bullet and got 7..... just got a lot on at the moment and can't get my head around specs.....   then I'll just reformat this one...

benmanns
Reply #8 Tuesday, March 1, 2011 9:05 AM

sydneysiders
I'm on XP..... no safe mode... no restore points... no nuttin...

might give that a go doc... just over it at the moment........looking at getting a new PC.... 'bout time I bit the bullet and got 7..... just got a lot on at the moment and can't get my head around specs.....   then I'll just reformat this one...


Ok... normaly i dont do any commercial based posts but for everyone who isnt to much into computing and security i only can recommend you "Lavasoft AD AWARE"
there is a free version and a premium version but free is just as good.It basically prevents such things and can remove almost every trojan, backdoor jacker, worm, Keylogger and also infected rootkits.
For your problem above every OS has a safemode all you have to know what button you have to press when the computer is starting.Normaly pressing F8 during bootup should do the trick if . Note some older mainboards have a diffrent F-key for access if F8 doesnt work you may need to try F2 or F12.



MadDeez
Reply #9 Tuesday, March 1, 2011 9:30 AM

hitting F8 at start-up on some newer boards will bring up the boot order menu. on other boards, F2, F10, or F12 will do the same. to get to safe mode, one needs to wait until the motherboard "info page" and list of drives passes and then hit F8. that will bring up a menu of boot options for Windows. safe Mode will be at the top of the list.

 

jazzymjr
Reply #10 Tuesday, March 1, 2011 10:01 AM

UPDATE!  I got rid of the dang thing, using MalWare Bytes.  I went to their forums, and found very specific instructions on how to get rid of the Trogen.  Here is the link to it: 

http://forums.malwarebytes.org/index.php?showtopic=66064

You will not be able to download the file from the infected computer.  I downloaded it to my pc, then copied it to a flash drive and then copied that to his desktop.

I didn't have to wipe and re-install anything.  I also did not have to go into safe mode.  It took all of about 15 minutes from to start to finish.  Just be sure you follow the instructions EXACTLY as stated in the instructions.

Needles to say, My companion is a happy camper now.

DrJBHL
Reply #11 Tuesday, March 1, 2011 10:19 AM

Good!

sydneysiders
Reply #12 Tuesday, March 1, 2011 10:19 AM

I have Lavasoft AD AWARE....

and I didn't explain myself well before.... it automatically goes to the Safe Mode boot options menu page only... just, when you select it... it just boots back to the menu....constantly...

but, I don't get the pop ups to buy a removal program... so maybe I have a different prob...

nothing a sufficiently high balcony won't solve though...... 

 

Edit.... just saw your reply jazzy...page been sitting here for awhile..... will give that a go.... 

Phoon
Reply #13 Tuesday, March 1, 2011 10:37 AM

I've encountered this rascal on several occasions on various PCs. Malwarebytes was the only thing that fixed it. Note of advise. Run at least 2 full scans with it and perform a reboot to safe mode between scans.

Philly0381
Reply #14 Tuesday, March 1, 2011 10:47 AM

For those that encountered the trojan, any thoughts on where you may have picked it up from? 

Phoon
Reply #15 Tuesday, March 1, 2011 11:44 AM

I've seen this thing come in from various places just out of the blue too.

Last encounter.. I saw someone playing a game on facebook and BAM! it just starts scanning your system. Once that starts you are already infested.

Philly0381
Reply #16 Tuesday, March 1, 2011 11:53 AM

Thanks Phoon.

natas2
Reply #17 Tuesday, March 1, 2011 11:56 AM

I had this on my daughter's PC.  It comes up as a pop-up and tells you you are infected.  When you try to close the pop-up, it launches the program.  Then entire pop-up is the "accept" button.  In other instances that it has come up, I've just killed it with Task Manager or shut down the PC.

Philly0381
Reply #18 Tuesday, March 1, 2011 12:15 PM

The reason I asked about how it is picked up is I believe it tried to get to me by way of ImageShack the last couple of times I used it.

Dr Guy
Reply #19 Tuesday, March 1, 2011 1:30 PM

I have not had time to view Doc's video (will do so in a bit), but a friend got  a bug just like that one.  I was about to reformat and re-install! (not quite, I had other options, but you can see the frustration level).  But then I stumbled upon a way around it.

I tried to open a file that did not have an association.  So it let me pick something to open it with. I chose CMD.EXE (it would not let me go to the command line itself).  And it opened a command line!  I was then able to switch to the infected directory, rename the file (not delete it, it was running) and reboot - and then clean everythiing up!

So I guess the key is to leave a disassociated file on your desktop? 

As for how your friend got it, I have had many people tell me the same thing.  One thing I have read is that when the infecting popup shows up, the only "clean" way of closing it is to crash your browser.  Any other click was probably programmed in by the authors to be a "yes".

jazzymjr
Reply #20 Tuesday, March 1, 2011 1:44 PM

Philly0381
For those that encountered the trojan, any thoughts on where you may have picked it up from? 

My companion is not sure how he got it, but he had been looking at a slide show that he got in an email, just before the thing popped up.

Please login to comment and/or vote for this skin.

Welcome Guest! Please take the time to register with us.
There are many great features available to you once you register, including:

  • Richer content, access to many features that are disabled for guests like commenting on the forums and downloading skins.
  • Access to a great community, with a massive database of many, many areas of interest.
  • Access to contests & subscription offers like exclusive emails.
  • It's simple, and FREE!



web-wc01