24 total posts
Just In Case It's Malware
Please follow the steps below:
On a friend or family member's computer, download the Malwarebytes installer and update files from the links below, copy them to a CD or flash drive, then transfer the files to the problem machine and use them. If you can't start the computer into "normal" windows, try installing, updating, and running the scans AFTER the computer is started into Safe Mode.. I use the sites below to download the installer file and the manual updater:
Once downloaded and before transferring them to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.
Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
Malwarebytes Manual Updater link
Next, download the SuperAntispyware program and the manual updater from the links below. After running the Malwarebytes tool above, if you still can't download and install it directly from the problem machine, download it on a friend or family member's computer as well.:
SuperAntispyware Manual Updater
In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder.
Hope this helps and let us know more.
If no other computer, can I do anything
Is there anything I can do if I don't have access to another computer? I temporarily lent my desktop to my daughter 3 states away while she waits for her new laptop. Can I take any steps under these circumstances. Why do you suspect Malware? I have McAfee Security Suite & it updates at least once a day, scans weekly for viruses, malware, spyware, etc. I also run another spyware program from Comcast toolbar (which recently malfunctioned). Are there other apparent "symptoms" with malware? What if it's not malware, is there another fix I might be able to do without a 2nd computer? I'm really worried now. But thanks very much for your input.
Try Downloading And Running The Programs From Your Machine
And just a note... When it comes to detecting spyware, McAfee isn't one of the best. It's not bad at traditional viruses but tests indicate they have problems with trojans and spyware. Try other tools such as those I've mentioned.
Hope this helps.
Is this procedure a good idea?
It sounds like the above represents a more "advanced" way to get rid of malware, but also involves more effort.
Is this better than using Adaware, Spybot, and/or CCleaner?
It's really NO Difference And Not That Advanced
You mentioned Ad-Aware, Spybot, and CCleaner.. First, CCleaner is NOT an antispyware malware removal tool.. It won't do the job at all for this type of malware.. Second, although Ad-Aware and Spybot were once the premium spyware removal tools, at this point in time, they simply are not as good as the two tools mentioned earlier. They "might" work but for the specific malware mentioned, the tools recommended will do a better job.
As to the specific instructions for downloading and installing Malwarebytes and SuperAntispyware, it's now becoming necessary to rename various tools before installing them because of the complexity of the viruses and malware that infect machines.. Basically, if you simply try to download and install removal tools such as Ad-Aware, Spybot, SuperAntispyware, or Malwarebytes, the malware will prevent it from being done.. The malware stops the tool from being downloaded, or installed, or run.. Are the steps a little bit more advanced, maybe, but if you don't take a few extra precautions to correctly install the program, you won't be able to clean out the malware.
Hope this helps.
Thanks for clarifying...
A couple more things I was wondering...do the 2 tools you mentioned do more or less the same thing (meaning you recommended using both just to be on the safe side) or different things?
Also, would you recommend running these periodically just as a safety check, or only when something goes wrong? If the former, how often?
As With All Such Scanners...
They all seem to find something different. There have been times, just for experimentation, where I've run full system scans with all four, one right after the other, deleting the various items that each scanner found, and they all found something extra that the others had not. Obviously, each tools is called a malware scanner but they all look for a slightly different set of malware definitions..
As to when it's necessary to run such scans, that depends on whether you have the "paid for" version which contain "real time" scanning ability, (scanning for such malware constantly in the background), or whether you're using the "free" versions which only work as stand-alone scanners without real-time protection.. It also matters how expert you are at seeing the signs of an infection.. An expert user might only run the scanner when they suspect something is wrong.. A "newbie" user should probably run weekly scans "just to be sure".. But all of this is based on the user having a real-time antivirus running constantly, a firewall enabled, and all other security features running at all times.
Hope this helps.
i did what you recommeded but malwarebytes won't open. does this mean i have malware virus?
Rename The Installer AND The Executable
If Malwarebytes doesn't open, it's a good sign that malware is present.. As I mentioned in my post....
Once downloaded and before transferring them to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.
In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder. Once you've renamed the program executable, double click directly on the newly named file to open it..
In addition, there is a new online scanner for SuperAntispyware at the link below. Use it if you can't get Malwarebytes going.
SuperAntispyware Online Scanner
Hope this helps.
advanced protection not fix
thank you for your help.. it worked!!!!
i did the online scanner for superantispyaware. after doing that... i was able to run malwarebyes.com. after a day, i realized my advanced protection was in the FIX mode and i don't have an X mark on the norton icon.
by the way, do you know a good software that will optimize my computer xp?
thank you again,
I was referred to this thread as a result of another question which I asked, but I have a new question.
I have downloaded the .exe files, renamed both of them, transferred them to a CD, and installed the program. However, I can't figure out how to update the program from the .exe update file. I clicked on it the same way as the .exe for the program itself, but it didn't confirm that any updating had been completed.
Any help you can provide on this would be greatly appreciated.
I have since
discovered that the Malwarebytes program seems to be up to date from a screen I saw showing that the actual program included recent additions. Therefore, I am now assuming that ONLY the program needs to be up to date and that there are no DEFINITIONS within the program that need to be updated. Is that correct?
As well, I have tried to download the Super Anti-Spyware program onto the laptop in question, however, I was not allowed to do so.
From the instructions in this thread, it says that I should then try to download the Super Anti-Spyware program onto my own desktop computer and transfer it to a disc which I would then use in the infected laptop (just like I did with the Malwarebytes program). However, I cannot figure out how to do that. The Super Anti-Spyware program link in this thread is NOT a .exe file, therefore I don't know how to transfer the program to a CD so I can transfer it to the infected laptop.
Please give more detailed instructions as to how this is to be done.
(Note that I did a Malwarebytes scan and all identified infections were removed. I then restarted the laptop and did another Malwarebytes scan which revealed no infections. I did these two things before trying to download the Super Anti-Spyware onto the laptop).
Any guidance you can provide will be greatly appreciated.
I tried to update the Malwarebytes program by using the internet. However, when I clicked on the Malwarebytes on the desktop I received the following message:
"The database you are using is not supported by this version of Mawarebytes Anti-malware. Download the latest version of the program."
I don't understand what this means. I used the exact link that was given in this thread.
Can someone shed some light on this for me, and let me know what I should do next?
Thanks so much again for any assistance you can provide.
I ran a scan using the Malwarebytes program, even though I didn't have confirmation that the program was updated. Sometime during the installation and/or doing the scan, Sophos Anti-Virus was downloaded onto the laptop, and is now active.
Is there some "link" between these two programs that I am not aware of?
If not, then why do you think that Sophos is now on the laptop?
Thanks again for any assistance you can provide.
First, you may have cleaned some of the problem malware so.... try uninstalling Malwarebytes you currently have installed, then reinstall it and updated it normally from the internet, assuming you can now access the internet.. If you get that part done, run another FULL system scan.
Once that's done, you can download the SuperAntispyware installer from the link below.. Install it, update it from the internet, and run a full system scan with it as well.
Note, clicking on the link below will immediately bring up the download dialogue window.
And NO, SOPHOS has nothing to do with either of the programs I've mentioned. I'm not sure why it would have automatically installed.. Uninstall it if you'd like.
Hope this helps.
Thanks so much for taking the time to reply to my query.
That was very helpful, and I believe everything has cleared up now.
Best wishes to you for a great holiday season!
Sorry it took so long to get back to this. 1st, I could not open the mbam.exe. I got an error message saying it was a corrupted file. 2nd I did run the other anti-spy ware programs you suggested and they eliminated 127 problems. That did not correct my problem. The reason I am trying to restore to a previous time is because after downloading and playing a game for many months I now get an error message that says "Access violation at 0x00e3e16c (tried to read from 0x806F4coe), program terminated" every time I open the game. I uninstalled the game and reinstalled it but get the same result.I was trying to see if going back to a previous point would get me into my game.
Restoring Back Could Cause A Reinfection..
Most importantly, if you still can't run Malwarebytes, I'll guess your computer is still infected.. So, please perform the steps in my link above to download the Malwarebytes program on another CLEAN computer, rename the file, copy it to a CD or flash drive, then transfer the file to the problem machine.. Install and update the program, then run a full system scan..
In fact, make sure to update the other scanning programs and run some more scans until they all come up clean.
Using a set of restore points that are infected are a good way to reinfect the machine.. After such cleanups, I usually eliminate all previous restore points by temporarily disabling System Restore.. Afterward, I restart the computer, then re-enable System Restore again.
How To Disable System Restore
That said, it would be nice to know the operating system on the computer in question.. Which game are you having problems with? Are there any patches for the game at the game manufacturer's website?
Hope this helps and let us know more.
Just in case it's Malware
Did all you suggested, found 50 Malware/Adware and 1 Trojan. cleaned all but still cannot restore to previous date.
check your restore point storage manually
open a command prompt as administrator and run the following command:
vssadmin list shadowstorage /for=c:
divide the "Used Shadow Copy Storage space" by the number of restore points you have available to estimate the size of a point. subtract "Used Shadow Copy Storage" from "Maximum Shadow Copy Storage" to determine how much shadow space you have left. (on my laptop, i have 6.5gb used by 2 restore points so each one is roughly 3.25gb. since i only allocate 9gb, only 2.5gb is available so the next restore point will replace the oldest point.)
lastly, keep in mind that system restore tracks more than just installed apps and OS stuff. the list of monitored file extensions is shown below. if you have files named xxx.data or download software installs (.exe, .msi, .cab) or use some other 'gotcha' extensions, they'll be scooped up in a restore point also.
Using an "Eraser" program?
Have you recently started using a "Data Erasure" program such as Eraser, The option for secure deletion in CCleaner etc. this could be causing problems. When you create a Restore point and then use one of the programs to erase files instead of just deleting them it destroys the "Restore Points".
I learned this the hard way in the past.
Strange! I Use CCleaner With
"secure" deletion enabled at 3 passes (military spec) and manually create restore points every day after updates but before surfing. I further reduced my HD space for SR to 3% of 80G HD from default 12%. This gives me about 6 weeks of points to go back to. They are always there (for the last 4 years I've had machine) and only vanish when I decide to manually delete all by turning on/off SR. I also use ERDUNT to back up points just in case
(which I occasionally, about every 6 weeks, delete all but the very 1st and last weeks points to recover HD space. Just lucky I guess!
A VERY useful tool
Several months ago I bought a USB to SATA/IDE adapter. It's one of the most useful tools I've ever had. Take the hard drive out of the infected computer, and plug it into another computer via this tool. After a minute or two, it will show up in "My Computer" as an additional hard drive. I simply right-click to run either an AVG A/V scan or scan with Malwarebytes. Just last week, I did this for a friend and removed 137 viruses, trojans, and spyware. Two days later, my daughter brought her computer over; 97 objects were removed.
I bought this adapter when working on a similarly infected computer. As they do, the malware blocked any and every means to fight it. No malware scans, no internet access, it wouldn't recognize a USB drive, and it even disabled both CD and DVD player, so I couldn't even format and re-install the OS. I plugged the HD into this tool and formatted it. Presto.