29 total posts
Please Try This
Download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.
First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 4 different versions. If one of them won't run then try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.
Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.
Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
Malwarebytes Manual Updater link
Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:
SuperAntispyware Manual Updater
In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
Hope this helps.
re: please try this
Would just like to say thanks so much for taking the time to write such a full, easy to unerstand and helpful answer. Your advice really helped me my computer is now working fine again and the constant updates have stopped.
thanks a whole bunch i was able to repair my pc in a couple of minutes because of you and it works perfectly now
Thank you so much this worked!
Hi Grif - One more question
Thanks for the help, your suggestions worked great and took care of most of the issues on my XP Pro SP3 box. My last issue is that the automatic updates service dissapeared completely, so the red shield appears in the task bar and updates cannot be turned on. I tried updating from the Microsoft update web site and I get error code 0x80070424. I followed Microsoft directions to reinstall in and it tells that it's already installed. BITS service is enabled and started so is workstation. Should I assume malware may still be lingering about? Should I considered system restore to a date before infection happened? I'd rather not have to re-install XP. Any and all suggestions are greatly appreciated.
Frist, be sure to run the previous removal toosl REPEATEDLY till nothing is detected.. It may take a while to get it done but frequently, the first round of removals doesn't remove all the remnants.
Next, try the steps below to get you updates working again.
Re-register the Windows Update DLL with the commands below
Click Start, click Run, type cmd, and then click OK.
Type the following commands. Press ENTER after each command.
Attempt to run Windows Update
Hope this helps.
Thanks Grif, will give it a shot as suggested.
Did all as indicated and windows updates is running like a charm once again. Thanks!
Is there anything I should be looking at in the registry going forward? I see some blank entries in the startup tab - Any thoughts?
Thanks a mill again.
Probably No Reason To Worry
If you're referring to the "msconfig" startup tab, there are a number of reasons for blank entries.. For most, UNCHECK them and forget about them.. You might or might not be able to remove them safely, but UNCHECKing them will prevent them from running and you can move on.
As to the registry itself, the best recomendation is to leave well enough alone until you can know exactly what your changing.
Hope this helps.
Yes Grif, I meant msconfig's startup tab. There are only two blanks with only this showing:
I will uncheck and leave it be. I'm not too keen on messing with the registry, ever!
Thanks for all your great help!
Still need help
I followed your directions for removing the virus by running Rkill once and Malwarebytes & SuperAntispyware several times until nothing was detected by both, but I am still having a problem with Automatic Updates being disabled.
I tried your suggestion above, but every time I enter the commands I receive a message that says the command "is not recognized as an internal or external command, operable program or batch file". When I attempt to run Windows Update, I receive the error 0x80070424.
My operating system is WinXP. When I type in the commands, I am not connected to the internet. I was only connecting to the internet to try to run the Windows Update. Do I need to be connected when I am typing in the commands or is there any other help you could supply?
The security center says that automatic updates is disabled, but if I go to automatic updates in the control panel, it is showing that the "notify me but don't automatically download or install them" is still checked.
Running Those Commands At Anytime Should Work
You don't need to be connected to the internet. I'll guess that you are typing the command incorrectly. Please note there is a "single space" after each of the regsvr32 commands. For example, at a command prompt, you should be typing: regsvr32(singlespace)wuapi.dll
Obviously, don't type the (singlespace) text but you should get the idea. No other spaces are required in the line.
Hope this helps.
Thank you for the help. That was exactly what I was doing wrong. My computer is now fixed.
Good Job !
re please try this
Thank you so much for your easy to follow instructions, fixed my son's and daughter-in-laws computer no problem. Really appreciate it.
I freaked when I had this virus. Fortunately, I was able to do a search on my husbands laptop before I powered mine off and found your post. Thank you, thank you!
Internet connection not working after process completed
thanks for the instructions, I went through all of the steps and it seemed like it removed everything. After the SuperAntiSpyware ran, it asked to reboot the computer to make sure everything was removed. I did that and when it restarted, the internet does not work (same issue that happened after getting the Trojan-BNK.Win32.Keylogger.genmessage). Went through the steps again, rebooted again and still internet not working.
Are there any additional steps I need to do or anything else that I am missing?
Dude you are the best!!! I appreciated it!!!!!
Can I do this from a mac?
I have a PC which is having this problem. I'm trying to download the information above onto my mac, but it's not downloading. Is there any way to do this?
Wow, totally mystified
Hi Grif, thanks for the instructions. I have XP on my infected PC I'm not particularly computer literate. Feeling a bit desperate.
I cannot get the Grinler tool to install. l was able to copy and save it to my flashdrive but it won't install on the infected PC. I have also typed the address directly into my browser window but the virus blocks it from installing that way as well.
As an alternative I tried skipping the Grinler tool, went direct to the website and tried to run malwarebytes from there, but the virus prevents it from running.
Last, can you please give me some instructions on copying and renaming the Malwarebytes Installer Download Link, and then saving it to my flashdrive. I just keep clicking on it and getting sent to the website; i don't understand how to copy it to my flash drive.
Any advice you have would be much appreciated. I am assuming my problem is operator error since so many people have been able to follow your directions and fix their computers!
Rkill May Need To Be Renamed Or...
...At the links provided by Carol below, you'll see variations of the Rkill tool, specifically renamed to "iexplore.exe". There is also a "FixNCR.reg" registry fix that may be required as well. The registry fix and the Rkill tool will need to be run before Malwarebytes or any other removal tool will work.
Generally, it's best to copy all of the removal files to a flash drive, then start the infected computer into "Safe Mode with Networking", then copy all of the tools over to the problem machine.. Once there, run the Rkill tool repeatedly till it gets things done, (in your case, renaming it first would be beneficial), and once it's run, then install, update, and run Malwarebytes. by copying from the flash drive
Hope this helps.
Problem installing antivirus softwares after removal of troj
Firstly I want to thank you for the instructions! I stopped receiving those messages. However, I soon experienced error in installing norton antivirus 2012. Each time I installed, the error message of 8506 422 appeared. So I uninstalled it and tried other free trials of antivirus softwares. Each time, they cannot be installed and seemed to hint that the problem lied with my pc. Do you have a solution to it? Thanks.
Regarding That Error...
There is a discussion in the Norton forums about the error you're receiving.A poster named "Shamrock" seems to have fixed the problem there.... See the link below:
I suggest running all the scans again and deleting anything they find, just to be sure everything's gone.. Once that's done, download the Norton Removal Tool to make sure all things Norton are gone from the computer.. Next, clean out all the Temp and Temporary Internet Files folders on the computer..
After that, you can try reinstalling Norton if you choose..... Or.....try downloading one of the free antivirus programs from the links below.. I actually prefer them over the Norton product but such is a personal thing..
Avast Free Antivirus
Hope this helps.
Thank you for taking the time to answer my question. First, I followed your instructions but the same error message appeared. Then I tried shamrock's and same thing happened too. So I gave up and tried Avast which was successfully installed. Checked with a couple of ppl and they also agreed with me that norton is problematic. Guess I wasted my money.
This is the first time I faced such issues with my pc and being a technology idiot (I did not install antivirus for my pc!), I want to thank you once again for helping me solve these issues!
Good Job & Thanks For Posting Back !
Just want to express my big gratitude to your advice. I was very frustrated with the issue and seemed helpless until I followed your instruction. The issue is now gone and I couldn't be happier. Thank you!