Can't remove Malware
 

Some Malware has got onto the mother in laws laptop and I can't seem to get rid of it, in add/remove programs it is listed as:

Inbox Toolbar
PC Power Speed
Rebateinformer

I tried uninstalling them from add/remove programs, but they are still on the pc, they still pop up.
They still show up in add/remove programs but when you click on them it says they can not be removed.

I've tried Malwarebytes but it finds nothing :cry:

Any ideas?

Try Spybot Search and Destroy.

A

Find a program called malwarebytes. I've found it very good at removing stuff. (Didn't spot you'd already tried this LOL).

Also if you go on to the moneysavingexpert.com forums in the techie bit there are plenty of help threads in there.

LINK ADDED http://forums.moneysavingexpert.com/...d.php?t=133269

I can't remember all the tools I used to clean mine but the people on their will definately be able to help. Depending on the problem you have there are different ways to clean it.

At least you know what the programs are that seem to be causing the problem. Mine was deeply embedded.

malwarebytes http://download.cnet.com/ccleaner/
Iwas recommended that too. Its good.

tip read the full post before you recomend somthing he has tried :lol:

reg cleaner is probably the way to go if your comfortable doing it.

why not just use system restore to a point before it was installed

......because that wouldnt remove viruses or spyware

Don't shoot me down just because its an MS product but Microsoft Security Essentials is actually an excellent program, AV and Malware scanner all for free.

Less intrusive and lighter than Norton or McAfee, no adverts, doesn't install browser bars during the install and keeps itself upto date using windows update.

It's not perfect but its not far from it for the home user. If you are paying for your AV or have just bought a new one and are using the standard free trial AV software that comes bundled, uninstall it and install this instead :)

http://www.microsoft.com/en-us/secur...s/default.aspx

Hey Northy,

No problems, we can get those nasties out of there without too much problems.

1st - have you started in safe mode and run msconfig to alter the startup files?

If not, you need to do that:
Restart your machine, and keep tapping F8.
Before the Windows spinny logo thing comes up you should see a white text based menu, (p.s. if you see the WIndows logo, restart - youve missed the F8 point)

Select "safe mode" on this menu, and hit Enter

When Windows finishes loading, click the START button, then select the RUN... option

type in "msconfig" and press Enter

select the STARTUP tab

If you can manually pick out the offending programs, untick their boxes, if not, click DISABLE ALL to be sure.

Restart you machine in SAFE MODE and now try going to Add/Remove programs.

If that still doesnt work, we need to step up to Defcon 2 ;)

I'll be on here all day tomorrow if that helps.

Andrew

Combo fix will get rid of it.

although I would try the above first, its a last resort as it can go wrong if used incorrectly.

I wouldnt let ComboFix near my computer to be honest.
Im still not convinced it doesnt do more harm than good!

All malware/virus/adware problems can be fixed with 0-3 bits of totally free legit software:
- avg free
- spyhunter (although spybot s&d is a damn good second)
- ccleaner

We have two or three infested PC/laptop going through our workshop a day at the moment!!

I guess PC Powerspeed is a "Fake Alert Virus" basically a trojan up to alll sorts of no good in the background. No doubt it is asking for credit card details to make your PC go faster or something like that...

Malwarebytes is good as is Norman Malware Cleaner. Combo Fix is a very good "next level" but can make one hell of a mess if used incorrectly.

Try Andrews safe mode tip first and try the manual removal.

Ideally you should download the removal tools and burn to a CD on another PC. (CD's are read only so cannot "catch" the virus and pass it back to a clean PC). Don't use a memory stick for this reason.

If you can't burn to a CD then boot to "safe mode with networking" and download Norman Malware Cleaner and try this.

Once you have the necessary tools downloaded remove the internet connection from the PC, as often the longer you leave it on the web the worse the infestation will get.


Hope this make sense as is some help.

Cheers

Chris

A lot of these programmes hide themselves in

c:\windows\prefetch

And

C:\documents and settings\all users\application data

Assuming c is windows drive.

Might not be in there but worth a look, that's where I found malware and a fake antivirus that popped up all the time and that wouldn't uninstall. I deleted it and all has been fine since

True, but if everything else has failed then its worth a shot. Its not my first choice but it works assuming the others have failed.

Personally, I've never had an issue with combofix but i do know others who have.

rKill is another one which might help out (it won't get rid of the malware, but will make it easier to scan for it)

Hi guys,

I think I've managed to get rid of them with a combination on Hijackthis and CCleaner. They don't pop up at boot up any more but how do I really make sure it's all clean? Malewarebytes has never found anything wrong at all! :o

G

Tell your mother in law not to go browsing on naughty men websites.
If your up for some fun try this.
http://www.oople.com/forums/showthread.php?t=36813
A lad at racing got pop ups from naughty sites and he fell for this hook line and sinker.

ONly way to really make sure mate is to do a search in your registry.

Second to that (and my advise to you) would be to search through the SERVICES and STARTUP tabs within the msconfig window. If they arent there, then Id be confident that they are gone.

P.S. good job in getting rid of them. :)

Yes 'Hijackthis' that was the name of the one that helped clean mine. Very good tool. Glad you've got it sorted.

Now stick some antivirus on there and make sure it's kept up to date :thumbsup:

There's also another good program that helps remove unwanted temporary stuff and repairs duff registry and program links. Now if I can only remember what that one is called.....

Remembered, it is Glary Utilities (I think?!).

A lot of stuff I've had at work recently won't let you run tools like malwarebytes/superantispyware ect as it tags itself onto exe files, a lot of the time it blocks msconfig and regedit too even in safe mode.

Everything recently seems to be varients of the same thing, usually there's only one file that runs and a few registry entries. You have to kill the process with task manager and quickly delete the malware exe before it starts up again. Then you can disassociate the file with exe's in regedit which wil let you run anti malware tools that will clean the rest up for you :)