Author Topic: Malware Defense  (Read 4498 times)

0 Members and 1 Guest are viewing this topic.

CoolStev

  • Guest
Malware Defense
« on: January 16, 2010, 02:46:12 PM »
Help!  I keep getting pop ups on my desktop advising me that I have worms, trojans etc trying to get in or already infected.  The windows look like Windows security firewall notifications.  I have run avast and RegCure and have deleted the software from the machine.  It is still there.  Ultimately it pops up with a "buy now" window.  It is now hidden and i cant find it to delete it.  It puts icons on my desktop that include three icons to porn sites.  What is this and how do I get rid of it?  Thanks

Hermite15

  • Guest
Re: Malware Defense
« Reply #1 on: January 16, 2010, 02:49:28 PM »
post a screen shot next time you get an alert...you downloaded a rogue AV it seems...wait for an expert to come here in this thread to help you get rid of that  ;)

in the meantime you can take a look there and see if you recognize yours:
http://roguedatabase.net/index.html

spg SCOTT

  • Guest
Re: Malware Defense
« Reply #2 on: January 16, 2010, 02:53:35 PM »
Hi CoolStev, welcome to the forum :)

http://www.bleepingcomputer.com/virus-removal/remove-malware-defense

Is this what it is?

This article is usually on point on how to remove these rogues, and this one suggests MalwareBytes AntiMalware, who also have a removal guide for this, so I would say it is your best bet

http://www.malwarebytes.org/forums/index.php?showtopic=34889

-Scott-

YoKenny

  • Guest
Re: Malware Defense
« Reply #3 on: January 16, 2010, 02:57:52 PM »
RegCure is a rogue application and listed by hpHost:
http://hosts-file.net/default.asp?s=www.regcure.com

Malwarebytes is good to remove that infection.

spg SCOTT

  • Guest
Re: Malware Defense
« Reply #4 on: January 16, 2010, 03:13:56 PM »
post a screen shot next time you get an alert...you downloaded a rogue AV it seems...wait for an expert to come here in this thread to help you get rid of that  ;)

in the meantime you can take a look there and see if you recognize yours:
http://roguedatabase.net/index.html


Since you use Fx, it is easier with the Malware Search addon (thanks to DavidR IIRC), as you can just highlight the name, and search the uninstall list of Bleeping Computer. I prefer that over roguedatabase as it also includes removal solution.

I'm no expert BTW ;)

-Scott-

techlike99

  • Guest
Re: Malware Defense
« Reply #5 on: January 16, 2010, 06:32:14 PM »
In some cases Malware Defense comes with trojan-rootkit that blocks anti-virus software and MalwareBytes too. You should remove Trojans first. To do this, you can downlaod TDSSKiller tool from http://support.kaspersky.com/downloads/utils/tdsskiller.zip
Then run a full system scan with MalwareBytes anti-malware or SUPERAntispyware. Good luck!


______________________________
http://deletemalware.blogspot.com

CoolStev

  • Guest
Re: Malware Defense
« Reply #6 on: January 16, 2010, 06:53:01 PM »
Thank you all for your suggestions.  I don't know how to capture a screen shot and there are several.  I will try some suggestions.  I had malware bytes and it wouldnt run and downloaded Spybot search and destroy and it wont run either.  Thanks techlike99 for the news on that.  I will try your suggestion.   

As to RegCure being a rogue?  are you sure?  I downloaded that from c-net i believe and paid for the subscription.  what in the heck?   Please feel free to help a barely literate user like me.  Thanks

micky77

  • Guest
Re: Malware Defense
« Reply #7 on: January 16, 2010, 07:58:28 PM »
.  I had malware bytes and it wouldnt run

If you have Malware defense, it actually deletes mbam.exe,thats why it wont run,in the link posted by scott, there is a detailed description how to remove this virus.There is also a download link for a ' renamed' mbam.exe which you should place in C:\program files\Malwarebytes' Anti-Malware\ folder.
It is important to kill the process before removal, use Rkill ( in the link )

However the fact that it deleted mbam.exe suggests that, ( as someone else said ) There may be another element ( tdss )

So start by running the tdss killer posted by techlike99, then  follow the link   http://www.bleepingcomputer.com/virus-removal/remove-malware-defenseto the letter