Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Keyboards_999

60 Posts

2141

August 24th, 2009 18:00

multi-virus and trojan infestation.....partially fixed but still have weirdness

History:
Got iPod Touch. Wanted to load video's. Got convertor from CNET. Wanted to convert DVD's. Followed instructions from video convertor recommended by CNET. Loaded DVD convertor. Ran it. It completed. Ran alternate converter. It stopped and the computer rebooted itself. Eventually it came back but had "PC_antispyware2010" malware.
Updated SymantecAV files and ran it. Found multiple virus's and trojans, which it quarantined.
Rebooted.
Tried running Spybot. No joy.
Teatimer did fine a couple of things.
Found the "spybot doesn't run....what you should do" forum post. Followed the instructions. No joy.
De-installed Spybot. Re-installed.
Ran it. No joy.

Continuing weirdness beyond the above:  "googleinstaller" error message during start0up after reboot;  random "internet explorer couldn't open...." messages eventhough I don't have it running.

I suspect I at least have registry errors.

Guidance, please.

cheers,

Leigh



What now??

Bugbatter

3 Apprentice

 • 

20.5K Posts

August 25th, 2009 00:00

Got convertor from CNET.
If you believe the malware was installed by the converter it would be good to let CNET know about it. They claim their downloads are clean.

Try running Malwarebytes' Anti-Malware.
Please download to your desktop Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates,
  • manually download them from here
    and just double-click on mbam-rules.exe to install.
    Alternatively, you can update through MBAM's interface from a clean computer,
    copy the definitions (rules.ref) located in
    C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
    Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
  • Once the program has loaded, select "Perform Quick Scan"; then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checkedPhotobucket
    Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • If you are still having problems and/or would like a follow-up check to be sure the infection as well as vulnerabilities are gone, copy and paste the entire report into a New Message on the Malware Removal forum. Also include a fresh HijackThis log. Instructions for downloading HijackThis are in the "Please Read..." announcement at the top of that forum.

     

    1. Just click the "Post A Message" button (upper right) in the Malware Removal forum HERE
    to start your own thread requesting assistance for a follow-up check to be sure the malware is gone.

    2. In the discussion window that opens, simply Right-Click and select Paste.

    Extra Notes:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer, please do so immediately.

     

    * If you are unable to download or install MBAM on your computer, see if you can use a friend's or family member's computer to download MBAM. Use this update link here to manually download the update. Once downloaded, rename the program installer "mbam-setup.exe" file to something else like "keyboards999.exe". Copy the installer file and the update file to your CD or flash drive. Transfer the file to the infected computer. Install the "keyboards999.exe" file, then run the update so that you will have the current definitions. After that, run a full system scan and select to have the program REMOVE whatever it finds.

     

    -- MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes (like Spybot's Teatimer), they may interfere with the fix or alert you after scanning with MBAM. Please disable such programs until disinfection is complete or permit them to allow the changes.

    **If you need to re-install MBAM but encounter issue in re-installing, try using the MBAM Cleanup Utility by downloading it from http://www.malwarebytes.org/mbam-clean.exe

Keyboards_999

60 Posts

August 26th, 2009 19:00

Bugbatter,

Thanks for the response. 

After posting to this forum, I went back and tried the "if it doesn't work..." instructions for Spybot.  I eventually got it to work.  It found LOTS!!!  Virus'es, trojans, and registry changes.  I let it clean up a bunch of it but was a bit concerned about some of the registry errors (SystemRestore, Explorer, WindowsSecurityCenter) so left them until I got some guidance from one of you folks.

There are still a few clearly weird things going on, e.g.  IE pop-ups to down load Adobe Reader when IE isn't even running.

I'll follow your instructions for Malwarebytes' Anti-Malware and post to the Malware removal forum.

Thanks again.

Leigh

View More

View All

No Events found!

Top