|
||
|
 |
|
||||||||||||||||||
|
#1
04-07-2011
|
||||
|
||||
Can't remove Malware
Some Malware has got onto the mother in laws laptop and I can't seem to get rid of it, in add/remove programs it is listed as:
Inbox Toolbar PC Power Speed Rebateinformer I tried uninstalling them from add/remove programs, but they are still on the pc, they still pop up. They still show up in add/remove programs but when you click on them it says they can not be removed. I've tried Malwarebytes but it finds nothing  Any ideas?
__________________
Graham North http://www.atomic-carbon.co.uk https://www.facebook.com/atomiccarbon https://www.facebook.com/nortechracing 
|
|
#3
04-07-2011
|
||||
|
||||
|
Find a program called malwarebytes. I've found it very good at removing stuff. (Didn't spot you'd already tried this LOL).
Also if you go on to the moneysavingexpert.com forums in the techie bit there are plenty of help threads in there. LINK ADDED http://forums.moneysavingexpert.com/...d.php?t=133269 I can't remember all the tools I used to clean mine but the people on their will definately be able to help. Depending on the problem you have there are different ways to clean it. At least you know what the programs are that seem to be causing the problem. Mine was deeply embedded. Last edited by adon30; 04-07-2011 at 07:23 PM. Reason: Added Link to other forum
|
|
#4
04-07-2011
|
||||
|
||||
|
malwarebytes http://download.cnet.com/ccleaner/
Iwas recommended that too. Its good.
__________________
My feedback http://www.oople.com/forums/showthread.php?t=19395
|
|
#5
04-07-2011
|
||||
|
||||
|
Quote:
__________________
MBModels - Schumacher Racing - Vapextech.co.uk - MRT - Savox - SMD
|
|
#7
04-07-2011
|
||||
|
||||
|
why not just use system restore to a point before it was installed
__________________
~Rick Evans~ ~LRP~shark st ft~lwb~ ~Carisma GT14B pro~ ~Schumacher KF2~ ~Schumacher Atom~ ~BSR Basher-RallyX~ ~Ascociated RC8.2e RallyX~ ~TeamC T8EV3 RallyX~ phat bodies worm-racing http://www.mendiprcraceway.co.uk
|
|
#9
04-07-2011
|
||||
|
||||
|
Don't shoot me down just because its an MS product but Microsoft Security Essentials is actually an excellent program, AV and Malware scanner all for free.
Less intrusive and lighter than Norton or McAfee, no adverts, doesn't install browser bars during the install and keeps itself upto date using windows update. It's not perfect but its not far from it for the home user. If you are paying for your AV or have just bought a new one and are using the standard free trial AV software that comes bundled, uninstall it and install this instead  http://www.microsoft.com/en-us/secur...s/default.aspx
__________________
 Mike Baldwin - Caldicot
|
|
#10
04-07-2011
|
||||
|
||||
|
Hey Northy,
No problems, we can get those nasties out of there without too much problems. 1st - have you started in safe mode and run msconfig to alter the startup files? If not, you need to do that: Restart your machine, and keep tapping F8. Before the Windows spinny logo thing comes up you should see a white text based menu, (p.s. if you see the WIndows logo, restart - youve missed the F8 point) Select "safe mode" on this menu, and hit Enter When Windows finishes loading, click the START button, then select the RUN... option type in "msconfig" and press Enter select the STARTUP tab If you can manually pick out the offending programs, untick their boxes, if not, click DISABLE ALL to be sure. Restart you machine in SAFE MODE and now try going to Add/Remove programs. If that still doesnt work, we need to step up to Defcon 2  I'll be on here all day tomorrow if that helps. Andrew
|
|
#11
04-07-2011
|
|||
|
|||
|
Combo fix will get rid of it.
although I would try the above first, its a last resort as it can go wrong if used incorrectly.
|
|
#12
04-07-2011
|
||||
|
||||
|
I wouldnt let ComboFix near my computer to be honest.
Im still not convinced it doesnt do more harm than good! All malware/virus/adware problems can be fixed with 0-3 bits of totally free legit software: - avg free - spyhunter (although spybot s&d is a damn good second) - ccleaner
|
|
#13
04-07-2011
|
|||
|
|||
|
We have two or three infested PC/laptop going through our workshop a day at the moment!!
I guess PC Powerspeed is a "Fake Alert Virus" basically a trojan up to alll sorts of no good in the background. No doubt it is asking for credit card details to make your PC go faster or something like that... Malwarebytes is good as is Norman Malware Cleaner. Combo Fix is a very good "next level" but can make one hell of a mess if used incorrectly. Try Andrews safe mode tip first and try the manual removal. Ideally you should download the removal tools and burn to a CD on another PC. (CD's are read only so cannot "catch" the virus and pass it back to a clean PC). Don't use a memory stick for this reason. If you can't burn to a CD then boot to "safe mode with networking" and download Norman Malware Cleaner and try this. Once you have the necessary tools downloaded remove the internet connection from the PC, as often the longer you leave it on the web the worse the infestation will get. Hope this make sense as is some help. Cheers Chris
|
|
#14
04-07-2011
|
||||
|
||||
|
A lot of these programmes hide themselves in
c:\windows\prefetch And C:\documents and settings\all users\application data Assuming c is windows drive. Might not be in there but worth a look, that's where I found malware and a fake antivirus that popped up all the time and that wouldn't uninstall. I deleted it and all has been fine since
|
|
#15
05-07-2011
|
|||
|
|||
|
Quote:
Personally, I've never had an issue with combofix but i do know others who have. rKill is another one which might help out (it won't get rid of the malware, but will make it easier to scan for it)
|
|
#16
05-07-2011
|
||||
|
||||
|
Hi guys,
I think I've managed to get rid of them with a combination on Hijackthis and CCleaner. They don't pop up at boot up any more but how do I really make sure it's all clean? Malewarebytes has never found anything wrong at all!  G
__________________
Graham North http://www.atomic-carbon.co.uk https://www.facebook.com/atomiccarbon https://www.facebook.com/nortechracing
|
|
#17
05-07-2011
|
||||
|
||||
|
Tell your mother in law not to go browsing on naughty men websites.
If your up for some fun try this. http://www.oople.com/forums/showthread.php?t=36813 A lad at racing got pop ups from naughty sites and he fell for this hook line and sinker.
__________________
My feedback http://www.oople.com/forums/showthread.php?t=19395
|
|
#18
05-07-2011
|
||||
|
||||
|
ONly way to really make sure mate is to do a search in your registry.
Second to that (and my advise to you) would be to search through the SERVICES and STARTUP tabs within the msconfig window. If they arent there, then Id be confident that they are gone. P.S. good job in getting rid of them.
|
|
#19
05-07-2011
|
||||
|
||||
|
Quote:
Now stick some antivirus on there and make sure it's kept up to date  There's also another good program that helps remove unwanted temporary stuff and repairs duff registry and program links. Now if I can only remember what that one is called..... Remembered, it is Glary Utilities (I think?!). Last edited by adon30; 05-07-2011 at 06:44 PM. Reason: Remembered
|
|
#20
11-07-2011
|
|||
|
|||
|
A lot of stuff I've had at work recently won't let you run tools like malwarebytes/superantispyware ect as it tags itself onto exe files, a lot of the time it blocks msconfig and regedit too even in safe mode.
Everything recently seems to be varients of the same thing, usually there's only one file that runs and a few registry entries. You have to kill the process with task manager and quickly delete the malware exe before it starts up again. Then you can disassociate the file with exe's in regedit which wil let you run anti malware tools that will clean the rest up for you
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
