SpyWare BeWare! ASAP
March 24, 2017, 08:48:07 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: [1]   Go Down
  Print  
Author Topic: test fake  (Read 2054 times)
0 Members and 1 Guest are viewing this topic.
MrCharlie
ASAP Members
Hero Member
*****
Offline Offline

Gender: Male
Date Registered:June 06, 2004, 05:50:23 PM
Posts: 6662


Coby


WWW
« on: November 27, 2010, 09:12:00 AM »

This tutorial will help you rid your computer of most fake/rogue antivirus programs.

There's also removal guides located Here and Here which may help.

This will work for most of the fake/rogue antivirus programs:

Notes:
  • Use at your own risk: Spyware Beware forum's does not take responsibility for any outcome of following these directions. Every computer is different, so we cannot guarantee the outcome.
  •  Not for Google Redirects see HERE
Vista and Windows 7 users:
  • These tools MUST be run from the executable. (.exe) every time you run them
  • With Admin Rights (Right click, choose "Run as Administrator")
________________________

The first thing we want to do we want to run is Malwarebytes' Anti-malware and here's how to do that:

Reboot your computer into Safe Mode with Networking using the instructions for your version of Windows found HERE

You may not be able to connect to the internet, here's how to fix that:
  • Open up Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.
  • Another way to get to your Internet Properties:
    Go to your Start Button > Run > copy and paste this in: inetcpl.cpl > Click OK
  • Now click on the Connections
  • Now click on the Lan Settings
  • Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the OK button to close the Internet Options screen.
  • Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.

If that doesn't work and you still can't access the net...please try this:

  • Copy all the text in the code box into notepad.
  • Save it as fix.reg
  • Save as file type > All files
  • Save it to your desktop

Note: Fix.reg is available for download HERE.
Just download and unzip it on a clean computer and transfer it to the sick computer by using a usb flash drive.

Code:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-
"ProxyEnable"=-
"ProxyOverride"=-

If you did it right it will look like this except with a different name:



Now double click on it and allow it to merge into the registry.
__________________

Now we have to stop the malware from running:

The malware is preventing you from downloading any programs, running any files such as .exe (executable) and even preventing you from using safe mode or connecting to the internet. We will attempt to terminate the malware that's running on your computer and restore some of the functions by using rkill.
If needed you can download it to a usb flash drive and then transfer it to the sick computer.

rkill tutorial found here


There's 7 versions of rkill.

Please Note: The purpose of this tool is to stop certain processes and fix certain reg keys that stop you from using our normal clean up tools. It is NOT designed to remove infections in their entirety and not designed to fix all problems.
Don't reboot the computer after running rkill or the malware will restart.

Download links for rkill: (some are renamed)
rkill.exe  rkill.com  rkill.scr
WiNlOgOn.exe
 uSeRiNiT.exe
iExplorer.exe eXplorer.exe  

When you find a version that does run, immediately download and run MBAM.

Here's how to rename MBAM to enable it to run if needed: Check HERE

Other info on getting MBAM to run: HERE

The latest MBAM definitions update is available for download HERE if needed.

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Full Scan", then click Scan.

The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediatly.

Note: Some infections will prevent MBAM from running. If MBAM won't run, try renaming the file mbam-setup.exe to a random name, and then try again.

---------------------------------------

At this point the infection should be gone but I suggest you post on the forum and let use take a look for any other malware on the system.

Note:
If you are unable to get MBAM to run, try running either SUPERAntiSpyware Portable Scanner or VIPRE Rescue.
Information on running them can be found HERE.

Post the report from MBAM and a HiJackThis log in your post.

You can download the HJT installer HERE:

Doubleclick HJTInstall.exe to install it. By default it will install to C:\Program Files\Trend Micro\HijackThis . Click on Install. It will create a HijackThis icon on the desktop. Once installed, it will launch Hijackthis. Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad. Save the log to a convenient location.
Copy and paste it into your post.


If you are not a registered member...please register HERE,
then.....Start a New Topic in the Malware Removal forum.

Just a note: The full version of Malwarebytes' Anti-Malware would have protected you against this malware.
Save yourself the hassle and get protected!

 Good luck and Thanks for using the forum.....MrC

_____________________________________________________________

Notes:
  • Use at your own risk: Spyware Beware forum's does not take responsibility for any outcome of following these directions. Every computer is different, so we cannot guarantee the outcome.
  •   Not for Google Redirects see HERE
  • Vista and Windows 7 users:
    • These tools MUST be run from the executable. (.exe) every time you run them
    • With Admin Rights (Right click, choose "Run as Administrator")
<++++++><++++++><++++++><++++++><++++++><++++++><++++++><++++++><++++++><++++++>

You also my want to look at This Post.

When you find that your computer is so bogged down with malware and nothing works, please look through this When Nut'n Works Tutorial and maybe one of the options will work.
You also might want to look at this post HERE

1. The first thing we want to do is to download and run Malwarebytes' Anti-Malware (MBAM) which you probably can't do....that's why you're here.

Common Issues, Questions, and their Solutions for MBAM HERE and HERE

 The malware is preventing you from downloading any programs, running any files such as .exe (executable) and even preventing you from using safe mode. We will attempt to terminate the malware that's running on your computer and restore some of the functions by using rkill or exehelper, they both do a good job at it, it's just a matter of finding out which one will run on your computer.
Please Note: The purpose of these tools is to stop certain processes and fix certain reg keys that stop you from using our normal clean up tools. They're NOT designed to remove infections in their entirety and not designed to fix all problems.
You can try running these in safe mode also if possible.
If needed you can download them to a usb flash drive and then transfer them to the sick computer.
There's 3 versions of exehelper and 5 versions of rkill.
When you find a version that does run, immediately download and run MBAM.

exeHelper.com  exehelper.scr
explorer.exe<----exehelper with a different file name

rkill.exe  rkill.com  rkill.scr
  WiNlOgOn.exe  uSeRiNiT.exe <-----these are rkill with different file names

If you can't connect to the internet, here's how to fix that:
  • Open up Internet Explorer, and when the program is open, click on the Tools menu and then select Internet Options.
  • Another way to get to your Internet Properties:
    Go to your Start Button > Run > copy and paste this in: inetcpl.cpl > Click OK
  • Now click on the Connections
  • Now click on the Lan Settings
  • Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the OK button to close the Internet Options screen.
  • Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.

    If that doesn't work and you still can't access the net...please try this:

    Copy all the text in the code box into notepad.
    Save it as fix.reg
    Save as file type > All files
    Save it to your desktop

Code:
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"=-
"ProxyEnable"=-
"ProxyOverride"=-
    If you did it right it will look like this except with a different name:



Now double click on it and allow it to merge into the registry.

Here's how to Scan for malware using MBAM:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
Note: -->Do not run a full scan with MBAM. It is not required or needed.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediatly.

2. If that doesn't work....try running VIPRE Rescue Program
VIPRE Rescue Program is a new anti-malware utility that runs from the command prompt that will scan for and remove most malware including rootkits. It will run when other programs won't.
 
Please note: Windows must load for this scanner to work.
What ever VIPRERESCUE deletes is not easily restored!

It's easy to use:

1.  Download VIPRE Rescue to your desktop (it's a big download about 80mb.....takes about 4-5 minutes on broadband and always download a fresh copy as it is updated frequently)

2. Double click on the VIPRE Rescue icon, it will ask if you want to extract VIPRE Rescue Scanner to your computer, click yes.

3. The "WinZip Self- Extractor" window will pop-up, click Unzip
It should by default unzip to C:
Make sure the checkbox for "When done unzipping open: .\deep_scan.bat" is checked
After the files are unzipped, click OK

4. VIPRE Rescue will now run automatically and perform a deep (full) scan.

5. When it's done, type exit and press enter to close the program.

6. The log isn't that good but will be in the VIPRERESCUE folder and listed as  a CSV file.

7. Now see if you can run MBAM.
   
Note: If you find that you can't download any programs to the infected computer, you can download VIPRERescue to a usb flash drive on another computer.
Then plug the drive into the infected computer, navigate to the drive and double click on VIPRERescue****.exe and follow the directions above starting at #2.

3. Try using SUPERAntiSpyware Portable Scanner.
It's easy to use, just download SAS Portable Scanner to the sick computer, double click on it and then run it.
If you can't download it on the sick computer, download it onto another computer and then put it on a usb pen drive or cd and run it from there.

Please note: Windows must load for this scanner to work and also the scanner is saved under a random filename so that malware infections won't block the scanner.
Please look over what was quarantined (especially files located in system32) before closing SAS, once you close the program the quarantined items are not easily restored.
The program and logs are located in a temp folder called SAS_SelfExtract, do a search for it.

4. Make a AVG Rescue CD:

"AVG rescue CD is basically a portable version of AVG anti-virus, which runs on linux distribution as bootable CD or bootable USB flash drive. This Rescue CD is equipped with AVG Antivirus , AVG Anti Spyware and some administrator recovery tool.
You can scan and remove computer virus without booting operating system first. It is suitable for recovering MS Windows and Linux operating systems (FAT32 and NTFS file systems) from virus and spyware attack. Meanwhile, Administrator toolset on AVG rescue disk are Windows Registry editor, a TestDisk utility for data recovering and lost partitions, a file browser for navigating folders, and a Ping tool for basic network diagnostics."

Please Note: Windows does not have to load for this scanner to work.

AVG Rescue CD Guide-check here

You can download  AVG rescue CD  HERE.
It's also located on ThisPage, make sure you download the .iso file.

Here's how it goes:

Download and install Active@ ISO Burner
Click HERE  for ISOBurner Instructions.
Install the program, and follow the next set of steps.

After you install Active@ ISO Burner, put a blank cd-r in your burner and double click on the AVG Rescue CD.iso you downloaded and Active@ ISO Burner should automatically open up.....now click BURN.

The program is very easy to use, you'll just be pressing Enter most of the time but here's how it goes:

1. After the rescue cd is made, boot-up the sick computer, put the rescue cd in and then restart it.
    Note: In order to do so, the computer must be set to boot from the CD first. For information on how to do that....click HERE.

     2. At the Boot Menu: Choose AVG Rescue CD (1) and press Enter

    3. Let it load, at the Disclaimer Screen......just choose I agree or not and press Enter

    4. At the Update Screen, choose Yes and press Enter[blockquote]Next screen, Choose Update from Internet and press Enter[/blockquote] 5. At the  Update Priority Configuration window, choose Priority 2 Virus Database Update and press Enter

    6. Let it update and when finished, Press any key to continue

    7. You end up back at the Update Screen, choose Return and press Enter

    8. Your at the Main Menu screen, choose Scan, press Enter

    9. Scan Type Menu, choose Volumes Scan - Selected Volumes and press Enter

    10. Scan Volumes, choose OK and press Enter

    11. Scan Options, choose OK and press Enter

    12. Run Scan, choose Yes and press Enter

    13. When scan is complete, Press any key to continue

    14. Info screen, choose OK and press Enter

    15. To see the scan report, select Report File and press Enter
    Please look over the list as some files can be crucial for the Windows system and deleting them can make it inoperative, if  in your not sure please Google the file or files.

    16. Scan Results Menu, use the up and down keys and choose Select - Handle single or groups of infected files, press Enter
    Go through the files and choose to Rename the infected file, don't choose Delete!
    This is important....Rename<---

    17. Read the Warning Screen, Yes and Enter

    18. Back to Scan Results Menu, choose Back or Return to get to the Main Menu and then choose ---->Reboot System
    Don't forget to take out the rescue cd.

    19. All the malware files will be renamed to _INFECTED.arl, to find all of these files....
    Go to Start > Search > All Files and Folders > type _INFECTED.arl and click search.
      Example: malware.exe would be renamed to malware.exe_infected.arl

    20. Note: If you find the cd doesn't load, it's most likely do to a bad download or bad burn, download the file again and burn it at a slower speed.[/blockquote]<++++++><++++++><++++++><++++++><++++++><++++++><++++++><++++++><++++++><++++++>

    [blockquote]If none of the above options work and your computer still won't boot or is unusable.....please do this on a clean computer:

    Note: OTLPE is just a tool that we use and is no value to you...so please don't use it yet, one of the malware team will instruct you on how and when to use it.

    Download OTLPEStd.exe from  the link below: (it's a big download)

    HERE or HERE

    After you download it, put a blank cd-r in your burner and double click on the OTLPEStd.exe.
    It will automatically burn an OTLPE image to the disk, when done...remove the disk, it will be used later. You will also need a usb flash drive and please don't use OTLPE without guidance.

    If you are not a registered member...please register   HERE,
    then.....Start a in the Malware Removal forum.
    Please state that you followed this tutorial, the problems you are having and that you have made an OTLPE bootable disk and are waiting instructions on how to proceed from here.
    One of the Malware Team will instruct you on the next steps.

    -------------------------------------------------------------------------------------------------------------

    Your questions or comments about the tutorial are welcome....please note that I can't diagnose your system here.

    Good Luck and Thanks for using the forum.....MrC[/b][/blockquote][/list][/list]
    Logged

    My help is always free here but if you would like to show your appreciation, it will be much appreciated.
    Thanks MrC
    Pages: [1]   Go Up
      Print  
     
    Jump to:  


    Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!