I was on the phone with a client and my screen started going crazy. It seems that two trojans activated at once. I was able to rid one of the Antimalware Doctor using SuperAntiSpyware (SAS) but the second one, MS Removal Tool was undetected by SAS and WebRoot. I have found that there is not one program that will detect every virus or malware out there.
The MS Removal Tool(MSRT) was a beast. It wiped out every system restore point I had. The only one available was the one it had created. Even in safe mode all the restore points were gone. It also stopped me from shutting the process down since that feature was disabled by MSRT. Fake alerts were popping up about every 30 seconds, with a 'buy me now' option.
I was able to surf the web and find out what to do to clean it out. I had to go into Safe Mode and turned System Restore off then downloaded Malwarebytes. I Installed that and ran a quick scan that picked up 6 trojans..sheesh! I am now running, in Safe Mode, a deep scan, which has found two more infections, and after this is all done and back to normal I will turn System Restore back on and pay $ 30 for Malwarebytes. I scan regularly and some malware will slip past the front guards, you can count on that.
So I will now have three different malware/virus/trojan catchers on my system.Four if you count Windows Defender which seems to just sit there taking up 1's and zero space.
There should be a law with severe penalties for software manufacturers that hijack a system and display false warnings. A $10,000 fine and six months in jail for the first offense would go a long way in keeping these criminals out of our hair.
Paul what virus detection were you using and what sites do
you think you got it ?
Or was it through an email?
RADU
Paul what virus detection were you using and what sites do
I feel your pain, Paul. Yes, harsh sentences for malware creating miscreants.
Last night, it was so bad that when I clicked on an .exe, it asked me which app I would like to open it with!
Disk imaging saved me this time. I used Acronis to restore an image I saved recently, and am back in business.
I still have the MS Removal Tool 2.20
Im hooked into a router and that may have left an open line..needless to say I have to give it a try again. I wish that I could system restore, thats the simple way and some have done that from what I read. TBH I am really wary on DL any type of removal tool at this point, who knows whos really behind that web site..could even be the authors of this bastard program.
Sure...infect a persons computer then sell a fix to get it out from another site..
I still have the MS Removal Tool 2.20
Luckily I always keep a clean $200 netbook computer handy.
It's saved me twice. I have been able to take the time to google the problem and solution, download the cure, write it to a flash drive, boot the infected computer in safe mode, and run the fix from the flash drive.
This stuff is awfully nasty and will anticipate and fend off most of your logical responses.
I still have the MS Removal Tool 2.20
I agree that Malwarebytes is probably best tool for cleaning after the fact. However, I would recommend a firewall such as Comodo or Zone Alarm as prevention.
I still have the MS Removal Tool 2.20
Zone Alarm is hard-core...
My Trimble Geomatics Office would not run with it. I had to uninstall Zone Alarm to get TGO to work. Tried all of the port mods, etc., never could get it to work. Installed/uninstalled twice to prove to myself that it was Zone Alarm.
I used the Microsoft Safety Scanner, which was free on Microsoft's site. I downloaded it to a thumb drive using another computer, and then ran it after starting my laptop in safety mode.
The malware downloaded to my laptop from a website while I was researching. I made the mistake of clicking on the "X" to close the program. I should have used the task manager to shut down the download and installation or turned the computer off. I then tried to use the system restore, but then the computer wouldn't even execute a program. I ended up starting the computer in the safe mode and used the DOS command prompt to start the restore program and then had to undo the restore.
Nasty malware. So, if you see something that looks like it's an anti-virus program that just pops up don't click anywhere on it's screen.
Evelyn
Please let us know what trojan/virus you had. Yesterday I was again infected with the Troj/Tdlmbr-A.
This time it behaved differently. Before it would block access to windows update, this time it did not. This time it opened IE and launched a pop-up window that told me to click cancel if I wanted to navigate away from this page. It also said "please don't leave, I have something special for you". Then while I was in the field it proceeded to run an audio sound byte with someone speaking in Arabic for several hours.
I was wondering where I got it from, I only browse to this site and during lunch I read the news. IT thinks it came from an ad on a news site. I did not click on anything out of the ordinary.
Aside from the main firewall, my PC runs Sophos Anti-virus software. It detects this virus after it is has already infected the boot sector. JRL