Jump to content
TLarry

New Malware - Very Nasty...

Recommended Posts

rename the exe to something else like john.exe or whatever.exe then try to execute it

for some reason this trojan knows all the antispyware programs out there and programmed it to not allow anything with names similar to them to execute.

Do this for superantispyware first and see if it will install.

hopefully superantispyware will be able to get rid of it all and you will not need malwarebytes but if not try the same thing with malwarebytes- rename it too.

If not than make sure you copy down the names you gave it and go into safe mode with networking and try to install it there

the reason i am saying with networking is that you can get the latest updates if you do not have them already.

I had a similar program on a clients computer and when i renamed it to tootsie.exe it was able to execute and run

robin

Share this post


Link to post
Share on other sites
I am currently in malware hell, and it sounds like what you've been describing here. It happened to both my home pc and my work laptop, both of which I was using Sunday on Facebook. (Not sure how... I don't remember clicking any links.)

My laptop is being reimaged, but it's my home pc that is out of control. I have popups for both Antivirus 2009 and Spyware Guard 2008. Whenever I try to visit a site to download programs for removal, I'm redirected to their own bs antivirus sites.

My latest attempt has been to download the programs on another computer, and copy them to the infected pc. The executable files copy correctly, but none of them will open. I've tried Malwarebytes Anti-malware, STOPzilla, and now SAS.

Any help on how to get these files to open and exectute??

Locate SAS under your program files and click on alternate start which is there for this reason

how can he locate SAS in program files if he cannot execute the installation? The program has to install first to find it in Program Files, which he cannot do from what he has posted here.

robin

Share this post


Link to post
Share on other sites
I am currently in malware hell, and it sounds like what you've been describing here. It happened to both my home pc and my work laptop, both of which I was using Sunday on Facebook. (Not sure how... I don't remember clicking any links.)

My laptop is being reimaged, but it's my home pc that is out of control. I have popups for both Antivirus 2009 and Spyware Guard 2008. Whenever I try to visit a site to download programs for removal, I'm redirected to their own bs antivirus sites.

My latest attempt has been to download the programs on another computer, and copy them to the infected pc. The executable files copy correctly, but none of them will open. I've tried Malwarebytes Anti-malware, STOPzilla, and now SAS.

Any help on how to get these files to open and exectute??

Locate SAS under your program files and click on alternate start which is there for this reason

how can he locate SAS in program files if he cannot execute the installation? The program has to install first to find it in Program Files, which he cannot do from what he has posted here.

robin

READ this FAQ, it has the instructions and alternate installers. :)

https://www.superantispyware.com/suppor ... tml?faq=71

Share this post


Link to post
Share on other sites

Thank you all for your replies. I did as Robin suggested and changed the file name, which allowed it to load correctly. It found almost 800 infected items that it quarantined and removed. Just in case, I then ran the Malwarebytes program. There were another 29 items found.

It seems to be running fine now, if maybe a little slower than usual. I am by no means a computer expert... is there some sort of additional scan you would recommend? I now have my normal McAfee software running, and SAS installed.

Thank you again for your help! You saved me from having to pay $300 at Best Buy. :D

Share this post


Link to post
Share on other sites
Thank you all for your replies. I did as Robin suggested and changed the file name, which allowed it to load correctly. It found almost 800 infected items that it quarantined and removed. Just in case, I then ran the Malwarebytes program. There were another 29 items found.

It seems to be running fine now, if maybe a little slower than usual. I am by no means a computer expert... is there some sort of additional scan you would recommend? I now have my normal McAfee software running, and SAS installed.

Thank you again for your help! You saved me from having to pay $300 at Best Buy. :D

I am glad that helped you. :)

robin

Share this post


Link to post
Share on other sites

Locate SAS under your program files and click on alternate start which is there for this reason

how can he locate SAS in program files if he cannot execute the installation? The program has to install first to find it in Program Files, which he cannot do from what he has posted here.

robin

READ this FAQ, it has the instructions and alternate installers. :)

https://www.superantispyware.com/suppor ... tml?faq=71

Well nick that is basically what i told him, after going to the faq and clicking on the download I see you renamed the file too. I just told him basically the same thing only i told him to stay away from your name.

I have an acquaintance who WAS a known hacker. He got caught hacking into the Kennedy Space Station. He was 16yrs old at the time (that was 4 years ago). Now he works for the gov't in a good way. I learned many things from him and he is the one who told me after he experimented with this trojan on what it seems to do. It is programmed to know all the "known" keywords antispyware, spyware, and all known antispyware or antivirus programs out there. It disables them all from executing so you cannot install them. In some cases it actually disables them from starting if they are already installed.

After he told me all this, it has really helped me take this garbage off 2 client's computers by renaming the superantispyware exe to something totally different. Once computer I named it john.exe. One I named it tootsie.exe. that was the only way i could install superantispyware.Once I installed it, it wiped out all the garbage and he was back to humming :0

robin

Share this post


Link to post
Share on other sites
Thank you all for your replies. I did as Robin suggested and changed the file name, which allowed it to load correctly. It found almost 800 infected items that it quarantined and removed. Just in case, I then ran the Malwarebytes program. There were another 29 items found.

It seems to be running fine now, if maybe a little slower than usual. I am by no means a computer expert... is there some sort of additional scan you would recommend? I now have my normal McAfee software running, and SAS installed.

Thank you again for your help! You saved me from having to pay $300 at Best Buy. :D

I am glad that helped you. :)

robin

oh and as a third opinion (after you have run the online scans), uncheck system restore. Now reboot in safe mode without networking so you cannot connect to the internet.

Rerun superantispyware there and see if it comes clean

By unchecking system restore you are removing all the past restore points. Some trojans get caught up in the restore points and this wipes them out.

Safe mode dumps many of the drivers, etc, and only loads what you need in the raw

Once all is well, reboot and go back to regular mode

go back to system restore and re check it.

robin

Share this post


Link to post
Share on other sites

Best bet for nasty rootkits and other spyware removal is to boot up with a CD so that no files on your hard drive are being accessed when you run the SAS. For FREE - get the Ultimate Boot CD for Windows at UBCD4WIN.com. Just download the large installation file, then run it and let it burn a CD. When you boot with this CD, you see a Windows XP-ish desktop and can choose many programs to run, including antivirus and antispyware programs, including SuperAntiSpyware.

Share this post


Link to post
Share on other sites

Anyone know anything about the Spyware Guard 2008 malware? It is now preventing my computer from downloading anything.. I mean any kind of exe. file so I can't download and install ANY adware, spyware, virus checker. SAS will download to my desktop but it is not executable: States: "not a valid Win32 application" to every single thing I try to download and install--even Google Earth.

AND--per your advice, changing the name of the file does nothing... I have even tried to "Save As" before the download starts to limit some of the paper trail.

HELP!

Looking like I need to wipe my hard drive and start over...

Share this post


Link to post
Share on other sites

READ this FAQ, it has the instructions and alternate installers. :)

https://www.superantispyware.com/suppor ... tml?faq=71

Umm frankly that page stinks and the alternate installers don' t work. There are almost NO instructions either--saying "here use this" is not insruction, particularly if you can't even get them to download correctly because the malware changes the downloads into a non-executable form-- ALL downloads. it has been splitting the files apart into 2 files, naming one with a .part.exe and making the main file a non-win32 executable. Essentially shutting off the ability to use any alternate installers or any new downloaded software in general...

Share this post


Link to post
Share on other sites
READ this FAQ, it has the instructions and alternate installers. :)

https://www.superantispyware.com/suppor ... tml?faq=71

Umm frankly that page stinks and the alternate installers don' t work. There are almost NO instructions either--saying "here use this" is not insruction, particularly if you can't even get them to download correctly because the malware changes the downloads into a non-executable form-- ALL downloads. it has been splitting the files apart into 2 files, naming one with a .part.exe and making the main file a non-win32 executable. Essentially shutting off the ability to use any alternate installers or any new downloaded software in general...

The page stinks? It has simple instructions.....

Share this post


Link to post
Share on other sites

Your infection sounds like exactly what I got in my computer last Wednesday. I could not get my Windows system restore to work and it disabled Malwarebytes. I started SuperAntiSpyware in regular mode and after one minute I got the Windows failer blue screen of death! I tried again in SAFE MODE and it caught enough of the infection (but not all) to allow Mawarebytes to work. I ran Mawarebytes and then disabled my system restore, and dumped my cache to make certain the virus/malware/trojan was gone from the restore area. Ran Malwarebytes, Superantispyware and Trend Micro. I also ran CCleaner and Glary Utilites. Result = a cleaned system. I checked the system restore to make certain it was working again and also ran a Hijack This log and checked it.

Yes these infections have gotten much worse. After this one, I backed up my entire cleaned hard drive onto an external drive. If the worst were to hit, I could re-install windows and then use my external drive to put the computer back to where it was before the infection, and not lose any data.

Share this post


Link to post
Share on other sites

I had this problem last Thursday on a customers PC. Same nasty by the look of it. Nothing was working so I used my U3Drive with Xoftspy which removed it. Then turn of System restore and deleted frm the reg. It hasn't come back yet so I guess it worked.

Share this post


Link to post
Share on other sites

thanks for the info about renaming the executable superantispyware file. i did so, started the program, got the latest definitions, scanned,deleted infections, problem solved.

that was definitely the nastiest piece of malware i have encountered.

thanks so much!

andy g

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...