discussion Malwarebytes question

[somecanadianguy]

So now I have to try to convince her to have a look around for ScanSpyware leftovers...
Don't think she'll just let me do it...
Then I have to convince her to run SuperAntiSpyware again...
We'll see how this goes.

This sucks :angry2:
I can't believe she installed that program.
She said that it got from Cnet and it had great reviews... :blarg:

Thanks again guys.
Looks like I'm in for a fun weekend.

 

[somecanadianguy]

Ok, she did a Windows search and found some files in C:/Windows and C:/Windows/Prefetch...
She deleted them and then ran a prog called RegistryMechanic which she uses a lot (probably too often).
I'm trying to get her to check out the removal instructions, but she's not that interested.
I'm not even sure if I should push her anymore, because If she something up worse while trying guess who'll get the blame?
Of course she won't just let me on there to deal with it.
How much of a threat is this ScanSpyware?
Should I really be worried?

 

[somecanadianguy]

Well, she finally decided to let me try to help.

Malwarebytes only showed one infection:
Rogue.AntiSpywareBot

The error on install was something about HpSdpAppCoreApp... something to do with Hp Easy Internet Sign-up.

I'm running SuperAntiSpyware right now... only a bunch of tracking cookies so far.

Should be another fun night!!! :blarg:

 

[Nodscene]

I have to say I've found Superantispyware to be too far behind the ball lately and have pretty much given up on it in favour of Malwarebytes. If you are still infected after Malwarebyte, download Combofix, reboot in safe mode and run it. Once it's done it's thing it will probably ask you to reboot and do so but again go into safe mode and wait for the text file to open up.

I know people are a bit leary of combofix but I have yet to run into any problems with it and I've used it well over a 100 times. Actually, I've run into more issues with Superantispyware blue screening than any other program. If you are still infected after that then it's time to do it the old school way and track down all the files and registry entries and delelte it. Make sure you try updating Malwarebytes before every use in case you do have a 0 day.

Edit: I usually end up running both Malwarebytes (or SAS) and Combofix as it almost always finds more stuff to delete.

 

[somecanadianguy]

So far, after a night/day of work it's running better.

There are still a couple items in the msconfig startup tab that are invisible.
I'm thinking I may try to get her to let me run SAS or MBAM again in safe mode.
I'll look into combofix.

Any other suggestions?

 

[AkG]

I would also try hijackthis and look through its log for any programs which do not belong.
Actually, I would also run a few specialized root kit detectors like F-Secure's Blacklight, Sophos Anti-Rootkit and then Rootkit repeal. IIRC you can't run some of them in safe mode (they need special drivers to be loaded, my memory is fuzzy on the details...hell I may be out to lunch on it and rembering it arse backwards!).

BlackLight
Sophos Anti-Rootkit - Free rootkit detection and removal
RootRepeal - RootRepeal - Rootkit Detector

Between all three (in addition too MBAM, SAS and combofix ) you should feel safe knowing that whatever is left is not malware/spyware or a rootkit.

 

[Squeetard]

If you scanned your apartment for malware, it would find your girlfriend. :rofl:

Tell her to let you clean her comp or she can't use your network or your External drive.

 

[MacJunky]

[fantasy]
There needs to be antivirus/rootkit/malware utility that resides on a bootable USB flash drive. No safe mode, no av programs getting messed with, etc.
You can pop it into a booted clean PC then run the updater to get updated database. You then carry it over to the infected PC, boot off it and clean your drive(s).
[/fantasy]

 

[MacJunky]

[fantasy]
There needs to be antivirus/rootkit/malware utility that resides on a bootable USB flash drive. No safe mode, no av programs getting messed with, etc.
You can pop it into a booted clean PC then run the updater to get updated database. You then carry it over to the infected PC, boot off it and clean your drive(s).
[/fantasy]

 

[somecanadianguy]

I would also try hijackthis and look through its log for any programs which do not belong.
Actually, I would also run a few specialized root kit detectors like F-Secure's Blacklight, Sophos Anti-Rootkit and then Rootkit repeal. IIRC you can't run some of them in safe mode (they need special drivers to be loaded, my memory is fuzzy on the details...hell I may be out to lunch on it and rembering it arse backwards!).

BlackLight
Sophos Anti-Rootkit - Free rootkit detection and removal
RootRepeal - RootRepeal - Rootkit Detector

Between all three (in addition too MBAM, SAS and combofix ) you should feel safe knowing that whatever is left is not malware/spyware or a rootkit.

I'll see if she'll let me do some more to it.
She says it's working fine now... we'll see...
It's hard to help someone who doesn't want your help.

I've used HijackThis before, but don't really know what to look for always.
Also, last time she saw it in her add/remove programs list she freaked out.

If you scanned your apartment for malware, it would find your girlfriend. :rofl:

Tell her to let you clean her comp or she can't use your network or your External drive.

:rofl::rofl::rofl: