Posted on 07/01/2009 7:12:27 AM PDT by Oshkalaboomboom
use windows defender
windows malicious software remover (MRT) worked for me. You might be able to download it form Microsoft and update it. I like defender also.
Get a Mac. You won’t have this problem.
Watch where you go and what you download to remove this. For the past three years this type of extortion ware has been infecting computers with false spyware removal programs and fake Anti-virus programs. THe authors who seem to be in China also put up fake websites advertising removal tools that just re-infect the computer.
Normally you can find the removal instructions on Symantec, McAfee, Trendmicro, AVG, F-Secure or one of the other Anti-Virus vendor websites. Also Microsoft’s Malware removal tool has been known to remove this type of infection.
http://www.softwarepatch.com/windows/microsoftvirusremoval.html
This has interesting non-technical things you should do, in addition to getting the technical problem fixed: http://www.bleepingcomputer.com/forums/topic227700.html
I’d hit it.
You probably need to put the hard drive in an external case, and then attach via USB or Firewire to a second system. Then, mount your drive, go into the location, remove the file, etc.
If you know the day of the infection erase every file that was made that day.
3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
* Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
-----------------------------------------------------------
* Close any open browsers.
* WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
* Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
* If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
7. Double click on combo-Fix.exe & follow the prompts.
8. Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall
9. Please restart your PC, check how its running.
The last time I had something like this a few weeks ago it was like described here. It just kept self replicating. Did you try combofix? That is what fixed it for me.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
I thought this was a thread about prez Obeyme....
Get Root !
Download.com has a couple hundred thousand free downloads. AVG free 8.5 is a good choice if you can find it. They want you to buy the other program but keep going to AVG free. I have used it for years and it is better than norton, and the others I have used.
The most recent updates for MalwareBytes are able to remove this. Be sure you download updates before you run MBytes.
As for Combofix (CF), it may or may not totally remove the infection. When CF produces a log post-run, a lot of times there's additional rogue DLL, DAT, EXE, etc. files to remove, in addition to rogue drivers/services, which may have been missed on the first run.
The only way to get rid of those is to write a custom script in Notepad and then drag the Notepad file into the CF icon on your desktop, so CF can proceed with the custom fix.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.