Jump to content
Rob Roberts

Antimalware Doctor + Bensorty

Recommended Posts

Issue was with an office computer user with domain priveleges, so cleaning the system from the administrator login didn't help much. When in normal safe mode (no networking) I was able to eradicate some standing files and registry entries, though they returned immediately. SAS blocked a bit, but this version of SAFE mode at least allowed me to hit Regedit and Taskman. Rebooting to SAFE with NETWORKING, however, ran everything up again. Both Regedit and Taskman are blocked, as are the file functions to show hidden files.

SAS detected both the Registry and Taskman blocks as well as Trojan.Smitfraud Variant-Gen/Bensorty, Trojan.Agent/Gen.-exploit, various Adware tracking cookies, and Malware.Trace. I selected all to be removed and they show successful removal. I respond "yes" to reboot the computer. Log back in to the domain, still in safe mode with networking. Cannot Regedit or Taskman. Re-run SAS and it still finds the Registry and Taskman blocks and removes them. Reboot. THEY'RE BACK.

Any possible solution to this mayhem? I cannot simply boot in as the user with the domain access, as the domain will not be able to verify if no networking is present. Something is still out there and I can't see the hidden files. BTW, this is the version with handlerfix707700.exe and also appears to have a link to idrfrnv.dll (can find no information on this.)

I've removed admin access for this user, so there will be no more malware installs. (this process also blocks the malware from doing any further damage as far as I can tell.)

Any suggestions?

Share this post


Link to post
Share on other sites

Welcome to the SAS forum Rob.

Sounds like you're inclined, so let's get right to the point:)

Are you aware of the numerous options to repair a disabled Task Manager and/or Regedit?

Have you run any other antimalware programs?

Are you running the latest numerical version of SAS? That is, version, core, and trace?

Share this post


Link to post
Share on other sites

Welcome to the SAS forum Rob.

Sounds like you're inclined, so let's get right to the point:)

Are you aware of the numerous options to repair a disabled Task Manager and/or Regedit?

Have you run any other antimalware programs?

Are you running the latest numerical version of SAS? That is, version, core, and trace?

I am aware of some solutions to disabled taskman and regedit, but all only work in safe mode without blocking as far as I can see. I am also concerned about "legitimate" products that may simply install additional malware.

Besides SAS, I ran SpySweeper and AdAware. My next attempt will try Malwarebytes as well.

Not sure if version, core, and trace are all the current versions. I pulled a new version off the site Monday morning and updated as soon as I could get the networking running in safe mode (and bypass the scamware.)

Share this post


Link to post
Share on other sites

I am aware of some solutions to disabled taskman and regedit, but all only work in safe mode without blocking as far as I can see. I am also concerned about 'legitimate' products that may simply install additional malware.

Besides SAS, I ran SpySweeper and AdAware. My next attempt will try Malwarebytes as well.

Not sure if version, core, and trace are all the current versions. I pulled a new version off the site Monday morning and updated as soon as I could get the networking running in safe mode (and bypass the scamware.)

Preview mode doesn't always show you all the data that doesn't show up. Try this full post.

Share this post


Link to post
Share on other sites
I am aware of some solutions to disabled taskman and regedit, but all only work in safe mode without blocking as far as I can see.

"without blocking"?

The solutions to the above are programs that simply enable TM/RE in the registry. Such programs are irrelevant to Safe Mode or Normal Mode. That is unless Normal Mode loads a security program that protects the registry. However, if that's the case, then the program will prompt you to accept or deny the registry changes.

If you need further info, just ask.

I am also concerned about "legitimate" products that may simply install additional malware.

To the best of my knowledge, there is no such thing as a registry TM/RE fix that contains malware.

Please post your latest SAS scan log for review.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×