Help with spyware/trojan removal - rogue Internet Security 2010

Someone in my house ("she who shall not be named") managed to get a very nasty virus on her computer called "Internet Security 2010". I can only boot her Vista machine up in Safe Mode, and the virus is also active there:

- Can't Cntl-Alt-Del to kill the process
- MSConfig is disabled soon after bootup giving no time to uncheck the culprit processes
- Live Update for Symantic anti-virus won't run
- It won't allow Spybot S&D go to the internet to complete the install

I've put Spybot Search and Destroy on a USB key and was able to run it on her machine, but while it cleaned a bunch of issues it didn't seem to know about this rogue "Internet Security 2010".

There's another product from PC-Tools called "Spyware Doctor" that does detect the problem, but it's a pay for application. Having never heard of this app before I don't want to give my cc number out without verifying that they are legit first. Does anyone here know about PC-Tools Spyware Doctor and can confirm that it's a legitimate application? Also, before taking that step do any of the PC guru's here have any other steps I can take prior to going this route?

Run a Google for a tool called "HijackThis" which is a free tool that will log every startup item (regardless of whether it's in registry/certain folders/etc.)

Using that, you should be able to track down and disable the culprit.

Try the steps listed here

http://www.2-spyware.com …ternet-security-2010.html

Seems fairly straight forward.

Pete wrote in post #9271537
Try the steps listed here

http://www.2-spyware.com …ternet-security-2010.html

Seems fairly straight forward.

Thanks Pete.

I tried this when my daughter reported the problem but I couldn't execute the first step (Kill Processes):

- Cntl-Alt Del doesn't bring up the processes (missing from pick list)
- MSConfig is blocked

Bob_A wrote in post #9271504
Someone in my house ("she who shall not be named") managed to get a very nasty virus on her computer called "Internet Security 2010". I can only boot her Vista machine up in Safe Mode, and the virus is also active there:

- Can't Cntl-Alt-Del to kill the process
- MSConfig is disabled soon after bootup giving no time to uncheck the culprit processes
- Live Update for Symantic anti-virus won't run
- It won't allow Spybot S&D go to the internet to complete the install

I've put Spybot Search and Destroy on a USB key and was able to run it on her machine, but while it cleaned a bunch of issues it didn't seem to know about this rogue "Internet Security 2010".

There's another product from PC-Tools called "Spyware Doctor" that does detect the problem, but it's a pay for application. Having never heard of this app before I don't want to give my cc number out without verifying that they are legit first. Does anyone here know about PC-Tools Spyware Doctor and can confirm that it's a legitimate application? Also, before taking that step do any of the PC guru's here have any other steps I can take prior to going this route?

Sounds like a daughter....

But yea, Pete's instructions should work. And you should also look into locking down the system, I'm sure if you PM Maxxum he'll give you a few tips on simple ways to deter users from screwing up their machines.

EDIT:

Bob_A wrote in post #9271595
Thanks Pete.

I tried this when my daughter reported the problem but I couldn't execute the first step (Kill Processes):

- Cntl-Alt Del doesn't bring up the processes (missing from pick list)
- MSConfig is blocked

Go to the microsoft website and download "autoruns" it's like msconfig on steroids, and made by microsoft, for free.

basroil wrote in post #9271597
Sounds like a daughter....

But yea, Pete's instructions should work. And you should also look into locking down the system, I'm sure if you PM Maxxum he'll give you a few tips on simple ways to deter users from screwing up their machines.

EDIT:


Go to the microsoft website and download "autoruns" it's like msconfig on steroids, and made by microsoft, for free.

Thanks. DL'd Autoruns and will try it out.

Well ... using autoruns and following the directions on the 2-spyware.com site I'm able to get the pc working in safe mode without the malware popups, but it won't boot normally at all. I keep getting:

"Windows Explorer has stopper working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." Ya close it and the screen just stays blue.

Bob_A wrote in post #9272041
Well ... using autoruns and following the directions on the 2-spyware.com site I'm able to get the pc working in safe mode without the malware popups, but it won't boot normally at all. I keep getting:

"Windows Explorer has stopper working. A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available." Ya close it and the screen just stays blue.

Just an FYI... even if you completely remove that trojan it has already damaged your registry and several dll's. Your computer will not work the same again. I recommend a complete reinstall and then follow good security protocols.

Don't leave anything behind by installing over your old Windows - though this will probably work it still leaves infected files on your computer that may be accessed again by rogue calls from Java or ActiveX on shady websites.

MaxxuM wrote in post #9272272
Just an FYI... even if you completely remove that trojan it has already damaged your registry and several dll's. Your computer will not work the same again. I recommend a complete reinstall and then follow good security protocols.

Don't leave anything behind by installing over your old Windows - though this will probably work it still leaves infected files on your computer that may be accessed again by rogue calls from Java or ActiveX on shady websites.

Thanks Maxxum. I have to agree that it's the only way to be certain that everything will be ok even if I could get Windows to boot up again.

Security protocols ... can you please explain that to my wife

Looks like I need to help her back up whatever data I can then do the re-install.

Good security really isn't that hard to implement at home. These are three very easy things you can do to avoid trouble in the future.

1. Avoid sharing sites/programs. They are the #1 reason for infection of PCs. Limewire and it's ilk spread PC disease faster than the plague. If you cannot get them (kids) to stop, then teach them the difference between programs and videos/music files.

2. Never log in with an account with Administrator privileges. Create a second account as a non-Administrator to do your day to day work. When you need to install updates, programs or plugins use the Admin account then log back in with the limited one.

3. Install a good suite like McAfee or Kaspersky - NOT just an anti-virus program. Don't bother with free programs like Avast. They're good, but not anywhere as good as paid solutions. Avast! is for people that generally know what they are doing on the net and just need a little backup protection, just in case. Some goes for programs like Comodo (free firewall).

Optional (easy) - Get an account at OpenDNS and use their free tools (which are pretty much automatic). They are pretty good at detecting sites which distribute viruses and trojans.

Optional (medium difficulty) - Start using parental controls. Usually pretty easy, but to be effective you have to be proactive and monitor/edit permissions week to week until a balance is found.

Optional (easy) - Get a router/switch if you don't already have one. This will add a hardware firewall to your network. It also has the benefit of disrupting some sharing sites from accessing your network. If you already have one, check its settings to see if "Port Forwarding" is set - clear it - then put a different password on the router and don't tell anyone what it is

Optional (easy) - If this person is under 17, I highly recommend them not having the computer in their room where you/adult cannot supervise them. As a person that works with children and has their own and is a professional network person I've seen too many parents make very poor decisions. The stats are pretty scary when it comes to kids on the net; I'm here to tell you that the stats are wrong. They're actually MUCH worse. If your child has access to the internet and has a computer in there room is is about 90% likely they have seen porn, been proposisioned by strangers on the net or have been introduced to some adult content via YouTube and other similar sites. It's pretty scary actually.

Hope that helps.

Edit: Oops, just saw that it's your wife Then number 1, 2 and 3 are your best bet. Forget all but he first option - OpenDNS is a very good tool for your situation.

Download MalwareBytes from here http://www.malwarebyte​s.org/

Install and run it. Great tool for malware removal.

MaxxuM wrote in post #9273148
Good security really isn't that hard to implement at home. These are three very easy things you can do to avoid trouble in the future.

1. Avoid sharing sites/programs. They are the #1 reason for infection of PCs. Limewire and it's ilk spread PC disease faster than the plague. If you cannot get them (kids) to stop, then teach them the difference between programs and videos/music files.

Thankfully she doesn't install applications or visit sharing sites, so this one is being followed.

MaxxuM wrote in post #9273148
2. Never log in with an account with Administrator privileges. Create a second account as a non-Administrator to do your day to day work. When you need to install updates, programs or plugins use the Admin account then log back in with the limited one.

This is a great idea. I'll set up her machine so that she isn't an Admin.

MaxxuM wrote in post #9273148
3. Install a good suite like McAfee or Kaspersky - NOT just an anti-virus program. Don't bother with free programs like Avast. They're good, but not anywhere as good as paid solutions. Avast! is for people that generally know what they are doing on the net and just need a little backup protection, just in case. Some goes for programs like Comodo (free firewall).

She has Symantic Endpoint Protection on the PC, but it didn't help for this instance.

MaxxuM wrote in post #9273148
Optional (easy) - Get an account at OpenDNS and use their free tools (which are pretty much automatic). They are pretty good at detecting sites which distribute viruses and trojans.

Thanks for this one.

MaxxuM wrote in post #9273148
Optional (medium difficulty) - Start using parental controls. Usually pretty easy, but to be effective you have to be proactive and monitor/edit permissions week to week until a balance is found.

Even though I'm pretty certain my better half clicked on something she shouldn't have I'll set up some parental controls because my 12 and 13 year old also use the PC.

MaxxuM wrote in post #9273148
Optional (easy) - Get a router/switch if you don't already have one. This will add a hardware firewall to your network. It also has the benefit of disrupting some sharing sites from accessing your network. If you already have one, check its settings to see if "Port Forwarding" is set - clear it - then put a different password on the router and don't tell anyone what it is

I have a router and do some blocking with it. Good advice though and I'll beef up security here.

MaxxuM wrote in post #9273148
Optional (easy) - If this person is under 17, I highly recommend them not having the computer in their room where you/adult cannot supervise them. As a person that works with children and has their own and is a professional network person I've seen too many parents make very poor decisions. The stats are pretty scary when it comes to kids on the net; I'm here to tell you that the stats are wrong. They're actually MUCH worse. If your child has access to the internet and has a computer in there room is is about 90% likely they have seen porn, been proposisioned by strangers on the net or have been introduced to some adult content via YouTube and other similar sites. It's pretty scary actually.

Agree completely. Since my young daughters also use the machine we keep it in the kitchen where all can see what's going on.

MaxxuM wrote in post #9273148
Hope that helps.

Edit: Oops, just saw that it's your wife Then number 1, 2 and 3 are your best bet. Forget all but he first option - OpenDNS is a very good tool for your situation.

Thanks very much for the terrific advice!

I managed to remove the 2009 version of this program using a free program with a ridiculous name...Super Anti-Spyware!

http://www.superantisp​yware.com/superantispy​ware.html

Getting the registry repaired if anything else is messed up is another matter.

MaxxuM wrote in post #9273148
Good security really isn't that hard to implement at home. These are three very easy things you can do to avoid trouble in the future.

1. Avoid sharing sites/programs. They are the #1 reason for infection of PCs. Limewire and it's ilk spread PC disease faster than the plague. If you cannot get them (kids) to stop, then teach them the difference between programs and videos/music files.

2. Never log in with an account with Administrator privileges. Create a second account as a non-Administrator to do your day to day work. When you need to install updates, programs or plugins use the Admin account then log back in with the limited one.

3. Install a good suite like McAfee or Kaspersky - NOT just an anti-virus program. Don't bother with free programs like Avast. They're good, but not anywhere as good as paid solutions. Avast! is for people that generally know what they are doing on the net and just need a little backup protection, just in case. Some goes for programs like Comodo (free firewall).

Optional (easy) - Get an account at OpenDNS and use their free tools (which are pretty much automatic). They are pretty good at detecting sites which distribute viruses and trojans.

Optional (medium difficulty) - Start using parental controls. Usually pretty easy, but to be effective you have to be proactive and monitor/edit permissions week to week until a balance is found.

Optional (easy) - Get a router/switch if you don't already have one. This will add a hardware firewall to your network. It also has the benefit of disrupting some sharing sites from accessing your network. If you already have one, check its settings to see if "Port Forwarding" is set - clear it - then put a different password on the router and don't tell anyone what it is

Optional (easy) - If this person is under 17, I highly recommend them not having the computer in their room where you/adult cannot supervise them. As a person that works with children and has their own and is a professional network person I've seen too many parents make very poor decisions. The stats are pretty scary when it comes to kids on the net; I'm here to tell you that the stats are wrong. They're actually MUCH worse. If your child has access to the internet and has a computer in there room is is about 90% likely they have seen porn, been proposisioned by strangers on the net or have been introduced to some adult content via YouTube and other similar sites. It's pretty scary actually.

Hope that helps.

Edit: Oops, just saw that it's your wife Then number 1, 2 and 3 are your best bet. Forget all but he first option - OpenDNS is a very good tool for your situation.

EnglishBob wrote in post #9273753
I managed to remove the 2009 version of this program using a free program with a ridiculous name...Super Anti-Spyware!

http://www.superantisp​yware.com/superantispy​ware.html

Getting the registry repaired if anything else is messed up is another matter.

Just finishing up a complete (clean) reinstall of Windows, so it should be good. The Windows part is a snap ... it's all the drivers and updates that take forever.

EnglishBob wrote in post #9273753
I managed to remove the 2009 version of this program using a free program with a ridiculous name...Super Anti-Spyware!

http://www.superantisp​yware.com/superantispy​ware.html

Getting the registry repaired if anything else is messed up is another matter.

Deleting a fishy known malware with a fishy thing that may be malware itself, not exactly the best solution. Best way is to do it manually, since this is a known problem (rather than an unknown problem, here we know it's a certain malware).

As for registry issues, you can try using the system restore feature if you have vista or 7 (vast improvements over xp in terms of being able to use it without screwing up more things). For XP, not much choice but to end up reinstalling everything.