Need some help with removing some malware

[funkyCable]

HI

My friends pc keeps through up warning and asking the mto purchase some anti-virus software. This one is called CleanUp Anti-virus.

I have downloaded and ran Spy bot and loads off trojans, malware and SecurityC come up. I ran the "Fix checked faults" on spy-bot S&D and some of them come back as saying cant fix acces is denied. I see CleanUp antivirus still coming up and seems to have installed itself again. I scanned again and again loads came up.

Any Idea how I can get rid of these?

[Ben B]

Use Malwarebytes anti malware http://www.malwarebytes.org/mbam.php if it doesn't work in a normal environment try safe mode and safe mode with networking

[dilli-theclaw]

You can also try this if you like....

http://www.superantispyware.com/

This is what I use.

[funkyCable]

Will that remove some of these?
win32.Delf.uv - 102entries trojans
Fraud.CleanUpAntivirus - 5 entries MalwareC
Fraud.WindowsProtectionSuites - 15 Entries Malware
Microsoft.Windows.RedirectHosts - 3 Entries SecurityC

---------- Post added at 20:06 ---------- Previous post was at 20:04 ----------

The error I get in Spybot is
Unexpect error in fixing problems
(Cannot create file
"C:\WINDOWS\System32\drivers\etczhosts". Access is denied)

[Ben B]

Woah, if there is really that many then maybe just wipe it and start over?

[Scrubbs]

don't forget to switch off restore and empty your bin as well before running AV software

[Spectato]

As a last resort, you could try Combofix.
Either 'properly' as detailed below, or by just running it!

Gumph: http://www.bleepingcomputer.com/comb...o-use-combofix

Download: http://www.combofix.org

It has been known to yield spectacular results, but it's a bit of an unknown, due to the lack of documentation.
If it's stuff that it recognises, then you're golden.

Try the program suggestions made by the other guys first!

if the program itself is saying they are there then its a lie

make sure the program is on the screen

download and run rkill.com ( if you do not get this running right first the clean up will not work. The fake program may try to stop it running leave the warning on ther screen and run rkill.com again)

download malwarebytes and install and run

These are quite easy to get rid of just sometimes they leave a mess

Full instructions http://www.bleepingcomputer.com/viru...anup-antivirus

done loads of these lately more than ever are slipping in

[Lord Nikon]

right click spybot search & destroy and 'run as administrator'

the instruction I gave have worked for me with various of these type.

The main problem with these is stopping the running processes. You can run whatever you like until you stop the running process before you run it then its just gonna be back again

The rkill.com kills the process allowing your malware ap to do its job properly the only problem is sometimes it messes up user setting. Now you can spend a day sorting them out or you can create a new user which as a rule is fine.

[Ben B]

These fake antiviruses have been a nightmare recently everyone seems to be getting them and as usual it's me that gets asked to sort them out...

Quote:

Originally Posted by Ben B

These fake antiviruses have been a nightmare recently everyone seems to be getting them and as usual it's me that gets asked to sort them out...

Most are easy enough to sort. The worst ones shut out all external access like no access to usb or cd roms or change the hosts file to block the net.
The best one ive seen threw up a fake bsod and reboot cycle. Looked realistic until when windows "booted" any pages open prior were still open . Very clever
Most of the new ones are based on the same program just has a different name

[Matty_]

If you don`t want to format (which is preferable as it sounds like you may have a polymorphic) maybe try a rescue cd.

Most are here with instructions http://www.techmixer.com/free-bootab...download-list/

[PPPP]

Quote:

Originally Posted by Spectato

As a last resort, you could try Combofix.
Either 'properly' as detailed below, or by just running it!

Gumph: http://www.bleepingcomputer.com/comb...o-use-combofix

Download: http://www.combofix.org

It has been known to yield spectacular results, but it's a bit of an unknown, due to the lack of documentation.
If it's stuff that it recognises, then you're golden.

Try the program suggestions made by the other guys first!

With respect; this is about the one program you should NOT attempt to run unless you are on an HJT forum and under the direct supervision of a Trained Malware removal Expert ; you can wipe off an OS by the innappropriate misuse of this program; I guess people have not really read the ComboFix Disclaimer?


The 'lack of documentation' is one reason why it is not intended to be run outside of Malware forums
Has Malwarebytes program been run yet?

[Mr Angry]

Quote:

Originally Posted by PPPP

With respect; this is about the one program you should NOT attempt to run unless you are on an HJT forum and under the direct supervision of a Trained Malware removal Expert ; you can wipe off an OS by the innappropriate misuse of this program; I guess people have not really read the ComboFix Disclaimer?


The 'lack of documentation' is one reason why it is not intended to be run outside of Malware forums
Has Malwarebytes program been run yet?

Combofix is for sissies and girls.

The best way to clean your hard drive is a Jeyes fluid / Domestos hybrid (3:2 mix) in a B&Q bucket.