Hey! I am looking at a friends computer, it is riddled with malware/spyware and virus's, They want to avoid a clean install, so they asked me to try and remove the problems. It has the xp antivirus 2009 malware "installed" on it, so i have tried to follow instructions for removing it, by usuing malware bytes ( used this before to get rid of it from another friends computer and it was easy) but it won't allow me to run it on the machine, it launches the service but doesn't appear on the screen. The only ones it allows me to run are the anti virus programs that were there before the infection and these turn up blanks on scans. (using avg 8 and mcaffe security centre) So does anyone have any ideas before i tell them its a clean install on the cards? cheers!
One possibility would be to whip the HD out of their computer, then use a swathe of antivirus scanners etc from a working computer. That way you won't run into any trouble with the malware/spyware being in-use.
My policy is to always reinstall a compromised system... But you can release the wrath of a crapload of AV and anti-crapware tools at it... But I highly doubt you can get rid of all the nastyness.
Anti-virus can remove viruses from the system, but it can't always heal or heal properly... In extreme cases as your friend computer, my guess is that the system won't work properly as it would if you did a clean install.
Apart from anything else, it teaches the PC owner a useful lesson. There is no easy fix for negligence.
tried using malware bytes, it installs fine but won't launch, the service for it launches but nothing else. I ran AVG on it and got rid of a few things, but not everything. Will use it as a secondry drive in my desktop and attack it with my spyware/av stuff.
That's what we do at the place I work. Plug it into yours, run Malwarebytes that way. AVG should pick up some stuff too if it's that bad, but obv the best solution for cleanliness is a clean install.
Disable System Restore, too. I went through the registry and deleted all evidence of av2009. There are also a couple of files in the system folder iirc that launch at startup - easy to get rid of, look in the startup tab under msconfig, then once in safe mode, delete the blighters. I also run Adaware and Spybot, once up to date. Seems to cure it.
Why not get rid of the crap, throw the important data on a backup, reformat and re-import the data... or is that just plain stupid just in case something sneaks in with the backup?
YES! Yes! Yes! Backing up the data is possible (and maybe risky), but you should be picky (ie, don't throw the whole my docs folder in, go for known important/irreplaceable files.) And SCAN the HELL out of the backedup stuff before you put it back in. I'm just paranoid, but that doesn't mean they're not out to F88K with my computer.
ive seen this one before, heres what you need to do. 1. download avast and the latest manual updates to flash drive 2. restart into safemode 3. install avast and schedule a boot time scan 4. reboot and let it do the boot scan 5. remove all objects found. This should get rid of the problem your having so you can scan with other programs such as mbam which does a good job as well. I like to reinstall but in alot of cases thats not a possible option. GL
Seriously, a nuke 'n' pave is the only way to be sure. If they're worried about data then you can export it on an external hard drive and scan all files on a separate system before importing it back again. I'd also strongly recommend Avast! over AVG, it's less intrusive and appears to do a better job. It's worth trying to install Avast! in safe mode but I've had that fail with this little beasty before, it seems to depend on how long it's had free reign as to whether or not you can get rid of it. If the answer is more than a week then personally I wouldn't even try to remove it, just flatten and rebuild the system. I couldn't even get Hijackthis to run under safe mode as admin and under the user profiles it blocked all access to the registry.
i work for an isp that also does pc repair and i cannot count how many times ive ran into this virus. What really stinks is most of the time the customer does not want us to do a reinstall so we end up having to throw all kinds of virus removers at it to get them clean. Avast has done one of the best scans i find with its boot scan. But yes if they are this bad i just save what data i can and wipe it, just not worth the extra time cleaning it.
Ta very muchly for the info morris, Avast latest version is currently going onto my recovery drive as I type. I've used it for years on my systems but didn't know about the boot scan effectiveness. I mostly do dumb terminal/apps support with PC repair being a somewhat profitable sideline I still reckon that full profile backup + nuke 'n' pave = result! though.
