Matthew Carberry
Formerly carebear
friend
Senior Member
Posts: 4,007
Fiat justitia, pereat mundus
|
 |
« on: February 07, 2010, 02:46:43 PM » |
|
Seems to have disabled my malware bytes. I tried reinstalling from cdnet and it failed. saved the installs for mwb and adaware to my desktop.
occaissionally pops up an ad page on a new tab or redirects a link click to a red screen with a big warning and offer to "update my malware". I just close the tabs.
Any ideas? Any way to find it and gut it manually?
|
|
|
|
|
Logged
|
"Not all unwise laws are unconstitutional laws, even where constitutional rights are potentially involved." - Eugene Volokh
MHI - Alaska/Yukon Region HQ
"Getting strange things done in the midnight sun since the Rush of '97"
|
|
|
Jim147
Dirty Work Inc.
friends
Senior Member
Posts: 1,168
|
|
« Reply #1 on: February 07, 2010, 02:59:13 PM » |
|
Try starting in safe mode and see if you can get Malwarebytes to run.
Is it giving you any name when it pops up?
jim
|
|
|
|
|
Logged
|
I know just where my feet should go and that's enough for me.
I turned around and knocked them down and walked across the sea.
|
|
|
Matthew Carberry
Formerly carebear
friend
Senior Member
Posts: 4,007
Fiat justitia, pereat mundus
|
|
« Reply #2 on: February 07, 2010, 03:36:39 PM » |
|
looks like a virus of some sort.
"Your PC Protector" shows in the program list.
Hid my AVG icon and actually restarted my machine for me.
Can't open "Add/Remove programs"
I stopped it in the task manager screen as a process and got AVG updated, it found (so far):
Found registry key with reference to file C:Program files alggui.exe
HKCR\exefileshell\open\command\\
I went into Program files and took alggui and a couple other files to the trash and they stayed gone.
the "Your PC Protector" still shows in the program list and AVG greyed out the "scan rootkits" box.
|
|
|
|
|
Logged
|
"Not all unwise laws are unconstitutional laws, even where constitutional rights are potentially involved." - Eugene Volokh
MHI - Alaska/Yukon Region HQ
"Getting strange things done in the midnight sun since the Rush of '97"
|
|
|
|
|
RocketMan
friend
Senior Member
Posts: 3,993
Tornado? Where?
|
|
« Reply #4 on: February 07, 2010, 05:08:11 PM » |
|
carebear, open regedit and look for your "Run" keys. Use the "Find" function in Edit and tell it to find "run". Select the "Match Whole String" box. Press F3 to find successive "run" keys.
Look for what is starting in HKCU\Software\Microsoft\Windows\CurrentVersion\Run and HKLM\Software\Microsoft\Windows\CurrentVersion\Run. You should see a startup value for the bug in one or both of those. Delete the value for the bug if you find it.
Once that is done, restart your machine and see if MalwareBytes will start and run successfully.
|
|
|
|
|
Logged
|
My computer beat me at chess, but I beat it at kick boxing.
|
|
|
Sergeant Bob
friend
Senior Member
Posts: 3,096
Barack Hussein Obama Mmm! Mmm! Mmm!
|
|
« Reply #5 on: February 08, 2010, 10:40:09 AM » |
|
Linkage broken, Try This one |
|
|
|
|
Logged
|
What’s there to say about Canada? Settled by Tories who backed the wrong side in the Revolutionary War, it’s the original anti-American country, a giant, moose-infested land mass that only Sarah Palin could love, with roughly the same number of people as California — most of whom live within a few miles of Burlington, Buffalo, Detroit and Seattle, just in case they need to go to a real hospital.
|
|
|
lee n. field
friend
Senior Member
Posts: 1,768
|
|
« Reply #6 on: February 08, 2010, 10:49:53 AM » |
|
Any ideas? Any way to find it and gut it manually? Can you run task manager, or is that blocked? |
|
|
|
|
Logged
|
In thy presence is fulness of joy.
At thy right hand pleasures for evermore.
|
|
|
Brad Johnson
friend
Senior Member
Posts: 6,870
Witty, charming, handsome, and completely insane.
|
|
« Reply #7 on: February 08, 2010, 11:33:05 AM » |
|
I had the same problem. I was installing Malwarebytes but it would come up with a File Not Found error, claiming the executable was missing (which it was because the malware was deleting it during the install). Malwarebytes has a random-name executable generator on their web site. It gives you an executable under some funky name that you simply copy to the Malwarebytes folder. It should then run as advertised. 'least that's how it worked for me.
Brad
|
|
|
|
|
Logged
|
It's all about the pancakes, people. "And he thought cops wouldn't chase... a STOLEN DONUT TRUCK?  That would be like Willie Nelson ignoring a pickup full of weed." -HankB |
|
|
geronimotwo
friend
Senior Member
Posts: 718
|
|
« Reply #8 on: February 08, 2010, 02:00:27 PM » |
|
with the "antivirus live" malware, i only had a few seconds at the begining of windows loading to have control if i wasn't in safe mode. i was able to use task manager to highlight the program hogging the cpu then click "end task" to gain control of the computer again. task manager can be found by hitting the ctrl, alt, and del keys at the same time.
|
|
|
|
|
Logged
|
|
|
|
Matthew Carberry
Formerly carebear
friend
Senior Member
Posts: 4,007
Fiat justitia, pereat mundus
|
|
« Reply #9 on: February 08, 2010, 02:41:52 PM » |
|
I did that in task manager and have some control, but anything with an .exe after it gets an "open with" prompt screen and nothing will run it.
I tried doing "run" regedit and it did the same thing "choose program to run regedit.exe"
I can try downloading the malwarebytes random but it won't even let me open iTunes.exe or any other. apparently IE is the only one.
|
|
|
|
|
Logged
|
"Not all unwise laws are unconstitutional laws, even where constitutional rights are potentially involved." - Eugene Volokh
MHI - Alaska/Yukon Region HQ
"Getting strange things done in the midnight sun since the Rush of '97"
|
|
|
Matthew Carberry
Formerly carebear
friend
Senior Member
Posts: 4,007
Fiat justitia, pereat mundus
|
|
« Reply #10 on: February 08, 2010, 02:43:45 PM » |
|
I did get Combofix and Hijackthis installs saved to my desktop but they won't execute either. First I tried running them and they failed, thus the "save to".
|
|
|
|
|
Logged
|
"Not all unwise laws are unconstitutional laws, even where constitutional rights are potentially involved." - Eugene Volokh
MHI - Alaska/Yukon Region HQ
"Getting strange things done in the midnight sun since the Rush of '97"
|
|
|
Jim147
Dirty Work Inc.
friends
Senior Member
Posts: 1,168
|
|
« Reply #11 on: February 08, 2010, 03:52:08 PM » |
|
Have you tried installing in safe mode? What version of windows do you have?
jim
|
|
|
|
|
Logged
|
I know just where my feet should go and that's enough for me.
I turned around and knocked them down and walked across the sea.
|
|
|
|
MikeB
New Member
Posts: 48
|
|
« Reply #12 on: February 08, 2010, 03:56:11 PM » |
|
Look here: http://www.bleepingcomputer.com/forums/topic271734.htmlSpecifically post number 5. You should be able to get one of the rkill's to run, they are different executable files with alternate extensions. Then you should be able to run a .exe. You may have to run one or more of the rkill files a couple times. Oh and: Microsoft Security Essentials. Yes I know it is a MS product, but it is better than most other anti-malware programs out there right now, this changes every few months as to which are most effective. |
|
|
|
|
Logged
|
|
|
|
|
