I would also use combofix and malwarebytes to be sure. After shutting down safe mode, it will in no certain order, disable MSIEXE (windows Installer), network, etc.
If you can get a portable version of superantispyware and malwarebytes, you can remove it. I had 3 customers in one week with it so you are not alone, it will be popular in the next few weeks.
Please note that Combofix should NEVER be run unless requested by someone trained in its use who has contact with its developer so that any issues can be addressed. ComboFix is a work in progress.
As you run ComboFix the Disclaimer is displayed:
It states that Combofix should not be run in an unsupervised environment. That means that someone trained in its use needs to be working with you. Otherwise, you should not have run the tool to begin with. If someone on this forum advises you to run ComboFix, I will contact the tools owner and developer to verify credentials. As far as I know Kev66 has not been given permission to supervise anyone in the use of Combo/Fix Here is just one example of the consequences of using Combofix without supervision. http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=293341&messageID=2763333#2763333
MW3, I suggest that you post your problem as a New Message and wait for a helper on the DCF list. It is a holiday weekend in the USA. Our response times will likely be slower. As an alternative, you can post your log at one of these other forums: http://spywarehammer.com/
kev66
3 Posts
0
November 26th, 2009 14:00
This is a pretty neat piece of rogueware. First you need to get safe mode working. You can look for safe mode repair tool or get it here, http://www.softlist.net/products/safe_mode_fix.html
Once in safe mode, get superantispyware, free.
I would also use combofix and malwarebytes to be sure. After shutting down safe mode, it will in no certain order, disable MSIEXE (windows Installer), network, etc.
If you can get a portable version of superantispyware and malwarebytes, you can remove it. I had 3 customers in one week with it so you are not alone, it will be popular in the next few weeks.
Good Luck,
If you need anything, drop a line.
Kev66
Bugbatter
3 Apprentice
•
20.5K Posts
0
November 26th, 2009 16:00
Please Read This Before Posting For Malware Removal Help
Please note the list of helpers on that list.
As specified in the announcement:
Please note that Combofix should NEVER be run unless requested by someone trained in its use who has contact with its developer so that any issues can be addressed. ComboFix is a work in progress.
As you run ComboFix the Disclaimer is displayed:
It states that Combofix should not be run in an unsupervised environment. That means that someone trained in its use needs to be working with you. Otherwise, you should not have run the tool to begin with. If someone on this forum advises you to run ComboFix, I will contact the tools owner and developer to verify credentials. As far as I know Kev66 has not been given permission to supervise anyone in the use of Combo/Fix
Here is just one example of the consequences of using Combofix without supervision.
http://forums.cnet.com/5208-6132_102-0.html?forumID=32&threadID=293341&messageID=2763333#2763333
MW3, I suggest that you post your problem as a New Message and wait for a helper on the DCF list. It is a holiday weekend in the USA. Our response times will likely be slower.
As an alternative, you can post your log at one of these other forums:
http://spywarehammer.com/
Additional forums that offer malware removal can be found at this link in the
recommended sites section on the left side of these pages:
http://asap.maddoktor2.com/
http://hjt-data.trendmicro.com/hjt/analyzethis/index.php
Thank you for your patience and understanding.
kev66
3 Posts
0
November 26th, 2009 17:00
Sorry did not realize that you should not recommend to users, and yes, you do need to know what you are doing when you use combofix.
Won't happen again.
Kev66
kev66
3 Posts
0
September 8th, 2010 09:00
Oh, by the way, I am sure the original poster was grateful for all your help. Wait a minute, you did not offer any....