Discussion in 'Miscellaneous' started by bigdaddy, Apr 7, 2010.
I think so but I'll try again.
This thing is the antichrist.
Have you identified the process/es that are running when the xpantimalware thing pops up?
You need to look at the process tree in the Task Manager and find out what it is by ending suspicious looking processes until the pop ups disappear, identify the .exe process and make a note of it, then i'd suggest booting into safe mode and running the malwarebytes software from there.
Once that is done, before you boot back into normal mode, search the computer for any reference to that process, you may find left over bits and bobs in the C/Windows/Prefetch folder, and a search of the registry for the process name may reveal some left over keys that malwarebytes didn't pick up.
You have to clean it out completely and utterly, just deleting things won't help, it won't be in any of the normal places like program files, probably not even in your local internet files, it's far more insidious than that.
You need to be very methodical. In fact, if you just start deleting things you are likely to simply render your PC inoperable before you solve the problem.
Malwarebytes scanned the computer, found 6 things and deleted them. For the time being the computer is running somewhat normally. I have a feeling that it isn't all gone though, because it is evil.
I was only going to start deleting things if nothing else worked. If that fucked the computer up I would have just reinstalled Windows anyways.
I don't think it's fully gone, the computer has been slower than normal.
Fire up Task Manager, see what kind of CPU/RAM usage is going on, see if there's an odd process running, look up the process on teh interwebz. That's what I usually do as a prelim.
www.geekstogo.com (free expert help in the forums)
Yeah that's good stuff. I run Malwarebytes and Security Essentials.
A recent attack I had did the fake scan thing and then through the fake scan tried to tell me that Malwarebytes was a virus and "click yes to delete." Of course I said no. I downloaded Security Essentials which blocked the malware/virus from stopping me from using Malwarebytes. Ran Malwarebytes and was finally clean.
These fake security things are becoming rather common. It's horrible stuff. You can get it from just clicking a link to an infected site. I got it once from going to a fake sports site a person linked to on another message board and the second time I got it by going to a site to illegally watch episodes of The Simpsons. They look like normal websites and then suddenly your computer starts going nuts!
bigdaddy, have you considered just doing a reformat and reinstall of the whole computer? Surely that would kill any viruses you may have, wouldn't it?
Go to Microsoft's site and find their program called "Process Explorer" (which they got from Sys Internals) http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx. Process Explorer is a better version of Task Manager. Start it up and scroll down to the bottom of the list, these are programs that are user run (in a sense). The programs should show where a file is running from and who the maker is. Ignore the Microsoft ones and any others that sound familiar, the ones with no Description need a closer look and are usually purple in color. Hover over a process and it will show you where the file is (usually something like c:\windows\skjlfdjlask.exe) and write down the path. Right-click the name of the program, and select "Kill Process", then go to the directory and find the file. Don't delete it yet, just rename it to skjlfdjlask.exe.OLD (or whatever, just incase it is a file that actually needs to be there) and restart the computer. If the virus/malware doesn't come back, run a virus/malware scanner (I LOVE Malwarebyte's) and it should get rid of it, or delete the file by hand.
Thank you guys and gals so much! It seems the main problem is when I start it up, it now takes at least 15 minutes to run Firefox. The computer is 7 years old (I think) but I had Windows reinstalled and it has worked fine ever sense until now. I'm busy now, but I am using MS Security Essentials along with Malwarebytes.
Which version of FF? Some versions were real memory hogs. From 3.0 on it's better.
I'll have to give that Process Explorer a try, thanks, Stiletto.
It's 3.6 I think, I just updated it a few weeks ago.
I've had good luck with ComboFix. It won't prevent the malware, but has been very good at getting rid of it.
Separate names with a comma.