Waylaid by viruses

[Brolan]

Oh boy! I have got trouble on the virus front. In the last two days two computers in my house have gotten nasty a nasty virus.

The first is an old computer my kids use to play WoW. It has no anti-virus software installed on it. It has the TROJAN_FAKEAV.AGT and Spywareguard 2009 combo on it. I've tried Trend and Avast on it but I still can't get rid of it. I like how it disables system restore so you can't restore your registry. It also turns off Microsoft auto updates.

The second is my son's computer that has Trend Micro Internet Security on it, so I'm surprised it didn't stop it. He has ADWARE_VITRUMUNDO and I haven't been able to get rid of that either. I have done the registry fix but it keeps putting the keys back in there.

As an old computer guy who has been using PCs since the dawn of the PC age, I'm surprised to be feeling so helpless. I'm considering the nuclear option and reloading Windows but I really don't want to do that until entirely necessary.

 

[Deks]

Try booting into safe mode (by pressing F8 when the computer boots up) and scanning/removing the virus like that.
Usually if a virus has infiltrated system files, it has a tendency of being un-removable when the OS is booted up as usual.
In safe-mode, the OS loads the bare essentials and disables plenty of system processes ... therefore it's a far more suitable way of removing infections.

Just make sure your antivirus is up to date and clean out both computers using the same method.

I would also recommend you use NOD32 for your antivirus.
It's one of the best on the market with very low resource use.

Also, if you continue to have issues ... download Spybot.
http://www.safer-networking.org/en/spybotsd/index.html
It's free.
Install, update it and scan away (also in safe-mode).

 

[Brolan]

Long story short, I tried Malwarebytes on both machines and it cleaned them both the first try. On the one with Spywareguard I did have to do a manual restore of the registry to allow Malwarebytes to install. I also had to rename the install executable so the virus wouldn't mess with it.

Someone spent a long time making this almost impossible to remove. I would like to meet that person with a baseball bat and express my displeasure.

 

[GMac]

There are indeed some seriously irritating scumbags out there who write this sort of crap - however (touch wood) I've never yet come across anything I couldn't get shut of short of nuking the system. Malwarebytes is probably as good at shifting the stubborn stuff as there is at the moment (and as such is an essential part of my armoury), although occasionally there is no real alternative to rolling up your sleeves and hacking the registry to get rid of the nasty junk (as well as renaming files to get the anti-malware apps to run).

GM

 

[Alpha_Geek]

I've had good luck removing anti-spyware 2009 with www.superantispyware.com. Yeah, I know it sounds like it shuold be another product just like the one that's infecting your machine right now, but it works, damnit.

Go to a safe machine, put the installer on thumb drive or burn to CD.

Boot the infected machine in safe mode with no networking.

Install the superantispyware on the infected machine.

Reboot the machine, again in safe mode with no networking.

Run superantispyware, scan, and be amazed at the crap it finds.


Note that the free version of this program does not do realtime scanning, it has to be invoked manually. If you're looking for a freeware monitoring tool for trojans and other nasties, use Comodos BOclean along with a free A/V program like AVAST!

Good luck, godsspeed, and don't give away the homeworld.

AG

 

[TheGodBen]

Spybot used to be great for these things, but more and more I'm finding it doesn't remove things that Malwarebytes can. It's a very useful tool.

Virtumondo used to be a right bugger to remove as the only way I knew was to use Combofix. I didn't realise that Malwarebytes could remove that too, so thanks for the info.

 

[Turbo]

Honestly, Spybot has been all but useless for a few years now. SuperAntiSpyware and MalwareBytes are at the top, and Ad-Aware is getting better again.

 

[Tom]

I would also recomend ERD commander, this is a CD that you can boot from and has its own scaled down version of windows. From there you can remove startups, edit the registry and most important of all the abilty to remove malicious files from the computer because they are no longer linked in to windows, most of these files are ghkghk.dll type files founds in the c:/windows/system32, Maleware folders in the Program Files (like antivirus2009, mywebsearch etc..) and all temp files from your profiles temp folder.

 

[Meredith]

I always take the HDD out and hook it up to a PC with the latest Viruts scanners and def and have it dis-infect the bad drive.