Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Having trouble with spybot

  • 08-08-2017 8:59pm
    #1
    Registered Users, Registered Users 2 Posts: 12,940 ✭✭✭✭


    I've been trying to get rid of some malware on my laptop by using Spybot. I did a scan and some malware was detected.

    I clicked on Delete Malware and it asked me if I wanted to create a restore point. I chose Yes and then this comes up.

    of3Bzre.png

    I've done this a few times and the same thing happens each time. Can anyone tell me what I should do?


Comments

  • Registered Users, Registered Users 2 Posts: 3,820 ✭✭✭FanadMan


    Maybe try Malwarebytes? It might find and remove the problem.


  • Registered Users, Registered Users 2 Posts: 2,116 ✭✭✭ItHurtsWhenIP


    For a thorough cleaning of the machine:


  • Registered Users, Registered Users 2 Posts: 12,940 ✭✭✭✭Rothko


    For a thorough cleaning of the machine:

    I downloaded malwarebytes but my computer won't let me open it


  • Registered Users, Registered Users 2 Posts: 12,940 ✭✭✭✭Rothko


    I also tried rkill but it won't allow me access. It says that there's an insecure connection or something.


  • Closed Accounts Posts: 8,585 ✭✭✭jca


    Run the computer in safe mode with networking which should allow you to open malwarebytes and update it. Reboot and run in safe mode only, run rkill and the other programs suggested. It will take a good while to do all this but hopefully you'll be malware free when it's finished.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 12,940 ✭✭✭✭Rothko


    I have it in safe mode now. I was able to run rkill but I still get the same message when I try to open Malwarebytes.


  • Closed Accounts Posts: 8,585 ✭✭✭jca


    Suas11 wrote: »
    I have it in safe mode now. I was able to run rkill but I still get the same message when I try to open Malwarebytes.

    Have you got mb installed or are you trying to run the install exe? Try right click and run as administrator. If you're trying to install rename the exe as something like clock.exe. It looks like the malware is recognising the program.


  • Registered Users, Registered Users 2 Posts: 12,940 ✭✭✭✭Rothko


    http://i.imgur.com/ElXI0Jm.png

    I left click on that to try and open it. The little menu is what comes up when I right click on it.


  • Closed Accounts Posts: 8,585 ✭✭✭jca


    Click on open in folder, open the folder and find the exe. Rename the exe and then try to install it. What did rkill find?


  • Registered Users, Registered Users 2 Posts: 12,940 ✭✭✭✭Rothko


    http://i.imgur.com/OqvIXEu.png

    I get that when I right click but it still won't let me open it even after renaming it.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 12,940 ✭✭✭✭Rothko


    This is what I got from rkill:

    Rkill 2.9.1 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2017 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 08/09/2017 07:27:53 PM in x64 mode. (Safe Mode)
    Windows Version: Windows 7 Professional Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * Windows Defender Disabled

    [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
    "DisableAntiSpyware" = dword:00000001

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * Cannot edit the HOSTS file.
    * Permissions Fixed. Administrators can now edit the HOSTS file.

    * HOSTS file entries found:

    0.0.0.1 mssplus.mcafee.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7event.stats.avast.com
    127.0.0.1 sm00.avast.com
    127.0.0.1 submit5.avast.com
    127.0.0.1 geoip.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7.stats.avast.com
    127.0.0.1 v7event.stats.avast.com
    127.0.0.1 sm00.avast.com
    127.0.0.1 submit5.avast.com
    127.0.0.1 geoip.avast.com

    20 out of 146 HOSTS entries shown.
    Please review HOSTS file for further entries.

    Program finished at: 08/09/2017 07:34:17 PM
    Execution time: 0 hours(s), 6 minute(s), and 24 seconds(s)


  • Registered Users, Registered Users 2 Posts: 12,940 ✭✭✭✭Rothko


    I've managed to install malwarebytes now.


  • Registered Users, Registered Users 2 Posts: 12,940 ✭✭✭✭Rothko


    For a thorough cleaning of the machine:

    I've tried all four. Threats were detected and supposedly deleted but nothing has changed. Hitman Pro hasn't actually finished it's scan since it's been stuck at 98% for the past 20 minutes.

    I keep getting ads popping up in new tabs. They initially have the url http://laserveradedomaina.com/redirect/57a764d042bf8 before changing.

    This menu also pops up when I start up the computer. http://i.imgur.com/Zb2URLD.png

    Another thing is that when I try to make a new folder in Downloads or Documents, I can't. I assume that this is down the malware since it hasn't happened before.


  • Registered Users, Registered Users 2 Posts: 3,323 ✭✭✭davo2001


    Not worth the effort, what is stopping you from backing up your data and doing a fresh install of Windows??


  • Closed Accounts Posts: 8,585 ✭✭✭jca


    davo2001 wrote: »
    Not worth the effort, what is stopping you from backing up your data and doing a fresh install of Windows??

    Exactly, I used to waste hours trying to eliminate malware on computers. Copy what you want and clean install is the way to go.


  • Moderators, Arts Moderators, Regional Abroad Moderators Posts: 11,106 Mod ✭✭✭✭Fysh


    Stop trying to clean it from within Windows. Get a bootable AV disk like the FSecure Rescue CD, burn it to a disc, plug in a patch cable (I've never gotten the rescue cd to update over wireless), get the latest definition files and run a full scan, and nuke whatever is found. Go from there for further cleanup.

    Optionally also use Process Monitor and Process Explorer from the Sysinternals Suite to see what processes are running on your machine and try to remove them. You can also try Autoruns (also Sysinternals) to check for nastyware running at startup.

    The hosts file info you posted shows that whatever malware you've got has modified your local DNS to redirect various AV tool addressez to your local computer (effectively stopping them from downloading updates or cleanup tools). If you can edit the file outside of windows, you should reset it to its default state (no entries). The relevant file is in c:\windows\system32\drivers\etc, I think.


Advertisement