Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Having trouble with spybot

Options
  • 08-08-2017 9:59pm
    #1
    Rothko
    Registered Users Posts: 12,842 ✭✭✭✭


    I've been trying to get rid of some malware on my laptop by using Spybot. I did a scan and some malware was detected.

    I clicked on Delete Malware and it asked me if I wanted to create a restore point. I chose Yes and then this comes up.

    of3Bzre.png

    I've done this a few times and the same thing happens each time. Can anyone tell me what I should do?
    Tagged:


Comments

  • Options
    #2
    FanadMan
    Registered Users Posts: 3,820 ✭✭✭FanadMan


    Maybe try Malwarebytes? It might find and remove the problem.


  • Options
    #3
    ItHurtsWhenIP
    Registered Users Posts: 1,963 ✭✭✭ItHurtsWhenIP


    For a thorough cleaning of the machine:


  • Options
    #4
    Rothko
    Registered Users Posts: 12,842 ✭✭✭✭Rothko


    ItHurtsWhenIP wrote: »
    For a thorough cleaning of the machine:

    I downloaded malwarebytes but my computer won't let me open it


  • Options
    #5
    Rothko
    Registered Users Posts: 12,842 ✭✭✭✭Rothko


    I also tried rkill but it won't allow me access. It says that there's an insecure connection or something.


  • Options
    #6
    jca
    Closed Accounts Posts: 8,585 ✭✭✭jca


    Run the computer in safe mode with networking which should allow you to open malwarebytes and update it. Reboot and run in safe mode only, run rkill and the other programs suggested. It will take a good while to do all this but hopefully you'll be malware free when it's finished.


  • Advertisement
  • Options
    #7
    Rothko
    Registered Users Posts: 12,842 ✭✭✭✭Rothko


    I have it in safe mode now. I was able to run rkill but I still get the same message when I try to open Malwarebytes.


  • Options
    #8
    jca
    Closed Accounts Posts: 8,585 ✭✭✭jca


    Suas11 wrote: »
    I have it in safe mode now. I was able to run rkill but I still get the same message when I try to open Malwarebytes.

    Have you got mb installed or are you trying to run the install exe? Try right click and run as administrator. If you're trying to install rename the exe as something like clock.exe. It looks like the malware is recognising the program.


  • Options
    #9
    Rothko
    Registered Users Posts: 12,842 ✭✭✭✭Rothko


    http://i.imgur.com/ElXI0Jm.png

    I left click on that to try and open it. The little menu is what comes up when I right click on it.


  • Options
    #10
    jca
    Closed Accounts Posts: 8,585 ✭✭✭jca


    Click on open in folder, open the folder and find the exe. Rename the exe and then try to install it. What did rkill find?


  • Options
    #11
    Rothko
    Registered Users Posts: 12,842 ✭✭✭✭Rothko


    http://i.imgur.com/OqvIXEu.png

    I get that when I right click but it still won't let me open it even after renaming it.


  • Advertisement
  • Options
    #12
    Rothko
    Registered Users Posts: 12,842 ✭✭✭✭Rothko


    This is what I got from rkill:

    Rkill 2.9.1 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2017 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 08/09/2017 07:27:53 PM in x64 mode. (Safe Mode)
    Windows Version: Windows 7 Professional Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Defender Disabled

    [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * Cannot edit the HOSTS file.
    * Permissions Fixed. Administrators can now edit the HOSTS file.

    * HOSTS file entries found:

    0.0.0.1 mssplus.mcafee.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7event.stats.avast.com
    127.0.0.1 sm00.avast.com
    127.0.0.1 submit5.avast.com
    127.0.0.1 geoip.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7event.stats.avast.com
    127.0.0.1 sm00.avast.com
    127.0.0.1 submit5.avast.com
    127.0.0.1 geoip.avast.com

    20 out of 146 HOSTS entries shown.
    Please review HOSTS file for further entries.

    Program finished at: 08/09/2017 07:34:17 PM
    Execution time: 0 hours(s), 6 minute(s), and 24 seconds(s)


  • Options
    #13
    Rothko
    Registered Users Posts: 12,842 ✭✭✭✭Rothko


    I've managed to install malwarebytes now.


  • Options
    #14
    Rothko
    Registered Users Posts: 12,842 ✭✭✭✭Rothko


    ItHurtsWhenIP wrote: »
    For a thorough cleaning of the machine:

    I've tried all four. Threats were detected and supposedly deleted but nothing has changed. Hitman Pro hasn't actually finished it's scan since it's been stuck at 98% for the past 20 minutes.

    I keep getting ads popping up in new tabs. They initially have the url http://laserveradedomaina.com/redirect/57a764d042bf8 before changing.

    This menu also pops up when I start up the computer. http://i.imgur.com/Zb2URLD.png

    Another thing is that when I try to make a new folder in Downloads or Documents, I can't. I assume that this is down the malware since it hasn't happened before.


  • Options
    #15
    davo2001
    Registered Users Posts: 3,317 ✭✭✭davo2001


    Not worth the effort, what is stopping you from backing up your data and doing a fresh install of Windows??


  • Options
    #16
    jca
    Closed Accounts Posts: 8,585 ✭✭✭jca


    davo2001 wrote: »
    Not worth the effort, what is stopping you from backing up your data and doing a fresh install of Windows??

    Exactly, I used to waste hours trying to eliminate malware on computers. Copy what you want and clean install is the way to go.


  • Options
    #17
    Fysh
    Moderators, Arts Moderators, Regional Abroad Moderators Posts: 11,016 Mod ✭✭✭✭Fysh


    Stop trying to clean it from within Windows. Get a bootable AV disk like the FSecure Rescue CD, burn it to a disc, plug in a patch cable (I've never gotten the rescue cd to update over wireless), get the latest definition files and run a full scan, and nuke whatever is found. Go from there for further cleanup.

    Optionally also use Process Monitor and Process Explorer from the Sysinternals Suite to see what processes are running on your machine and try to remove them. You can also try Autoruns (also Sysinternals) to check for nastyware running at startup.

    The hosts file info you posted shows that whatever malware you've got has modified your local DNS to redirect various AV tool addressez to your local computer (effectively stopping them from downloading updates or cleanup tools). If you can edit the file outside of windows, you should reset it to its default state (no entries). The relevant file is in c:\windows\system32\drivers\etc, I think.


Advertisement