iccaros Posted February 20, 2009 Report Share Posted February 20, 2009 ok I have a neighbor who has been infected with at least antivirus 2009The issue, Malware bytes will not install, it comes up with the choose language and a splash of the next screen before it is is killed. Jeff recommended that and I followed the site that rename malware bytes install, and runs some batch files,, but still no joy, no joy in safe mode. I have tried hijackthis.. no joy can't install even when renamed. Cdrom does not work in safe mode, when you try to explore it takes you to My documents. This is a nasty little bugger, and I am ready to just format and start over, but its not my computer and they have not backed up.. I can install http://www.pctools.com/spyware-doctor/ but they want $30 to remove it, I have no real issue, but I do not trust programs that will cure for a cost as that is same tactic that antivirus 2009 uses. so any suggestions are heeded. Thanks Quote Link to post Share on other sites
isteve Posted February 20, 2009 Report Share Posted February 20, 2009 If Windows is fairly up to date you can manually run Microsoft's Malicious Software Removal Tool. It removes the Antivirus 2009 trojan. Of course not sure if it will remove anything that may have been downloaded by AV 2009. To run it click Start > Run and type mrt run the deep scan. Quote Link to post Share on other sites
iccaros Posted February 20, 2009 Author Report Share Posted February 20, 2009 Thanks, its not up to date.. It is still service pack 2 XP and what ever other rootkit is with the trojan is really hampering effects. Quote Link to post Share on other sites
bluebirdit Posted February 23, 2009 Report Share Posted February 23, 2009 I've just had a barrel of laughs removing this from someone's PC.First I used the SmitFraudFix program (running in Safe mode) to remove most of it, as I couldn't get anything else to run. Then I had to use Ad-Aware, Spybot and Mcafee Stinger to get rid of everything that was still around (although some of this may not have been related).http://siri.geekstogo.com/SmitfraudFix.phpThe problem is it was using Karna.dat which is a nightmare to remove as it infects a windows system file, beep.sys, to re-install itself. SmitFraudFix removed the files and repaired beep.sys so i could get the other software running properly. Quote Link to post Share on other sites
therock247uk Posted February 23, 2009 Report Share Posted February 23, 2009 Bluebird... Why are you as a normal member posting in this forum? Any advice should only be given from the groups listed in this topic... http://www.besttechie.net/forums/index.php?showtopic=562Thank you. Quote Link to post Share on other sites
therock247uk Posted February 23, 2009 Report Share Posted February 23, 2009 Download ComboFix from one of these locations:Link 1Link 2* IMPORTANT !!! Save ComboFix.exe to your DesktopDisable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our toolsDouble click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply. Quote Link to post Share on other sites
bluebirdit Posted February 24, 2009 Report Share Posted February 24, 2009 Bluebird... Why are you as a normal member posting in this forum? Any advice should only be given from the groups listed in this topic... http://www.besttechie.net/forums/index.php?showtopic=562Thank you.Sorry - I didn't see a HJT log posted, just a question about how to deal with a certain piece of Malware which as I just spent nearly a whole day trying to remove it I thought I would help out with what I learnt. Normally I wouldn't try to analyse a HJT log. Quote Link to post Share on other sites
therock247uk Posted February 24, 2009 Report Share Posted February 24, 2009 Ok no problem. Quote Link to post Share on other sites
iccaros Posted February 25, 2009 Author Report Share Posted February 25, 2009 thanks I will try this when I get back next week, and see if it fixes the issues they are having Quote Link to post Share on other sites
therock247uk Posted March 2, 2009 Report Share Posted March 2, 2009 Hows things? Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.