I'll be quick here. Apparently, I've just been hijacked by a "Spyware Protection" program, created from a w32 blaster.worm
It won't let me open or run anything. Not Firefox, not Windows Defender, or Task Manager, to name a few. I'm now running Spyware Doctor on it, but nothing good so far.
How do I get this shit off my Compaq PC? I use Windows 7, BTW. I writing on my laptop now since I can't use my desktop.
This post has been edited by OKei: 08 June 2011 - 10:50 PM
I don't know much about the specific program you are dealing with, but it seems to be a rogue antivirus and those tend to have a similar removal process.
I suggest downloading a program called rkill from this page. Most likely this program will be blocked too, but you need to just keep repeatedly trying to run it until it gets far enough into doing what it needs to do. If you can manage, turning user account control off temporarily can help with this. However, if this program works, your job isn't finished. All rkill does is forcefully terminate the malware process.
Boot into a Linux LiveCD and try to remove the worm that way?
I don't know; more specifics would be helpful.
Could these images tell a lot for you? Please say yes.
This is the fake program in question that was created by the worm that is infecting my PC. This is not a program I normally use for virus scanning. It says it detects that I have a bunch of malware and other shits that's infecting my desktop, but I of course don't trust it. It's asking me to activate it, even though I never downloaded it. Quite suspicious.
This is Spyware Doctor, a legitimate program that I use to remove spyware, and its what I'm using to see if it can remove this worm on my PC.
This post has been edited by OKei: 08 June 2011 - 11:22 PM
EDIT: Never mind. I found it on search, but the son of a bitch won't let me run it.
EDIT: I have a W32/Blaster.worm in my PC, FYI.
You've got to try to get it into safe mode. When the administrative assistant at one of my old jobs got one of those, I just rebooted a few times, trying to hit control alt delete fast enough to get a task manager open before the fake software had time to disable it. From there I was able to get into safe mode, and I simply installed and scanned with Microsoft Security Essentials and Spybot.
Remember Windows users: Microsoft Security Essentials, Spybot: Search and Destroy, and CCleaner. Don't leave home without them.
You've got to try to get it into safe mode. When the administrative assistant at one of my old jobs got one of those, I just rebooted a few times, trying to hit control alt delete fast enough to get a task manager open before the fake software had time to disable it. From there I was able to get into safe mode, and I simply installed and scanned with Microsoft Security Essentials and Spybot.
Remember Windows users: Microsoft Security Essentials, Spybot: Search and Destroy, and CCleaner. Don't leave home without them.
Nice advice. But does this mean I would have to shutdown my desktop? Can I install and run virus scans like MalwareBytes then?
This post has been edited by OKei: 08 June 2011 - 11:51 PM
As far as the rogue goes, no. Your data should be fine. If you follow the guide's instructions you'll be able to restore safe mode. As for what the worm you claim to have can do, I don't know. But first things first, you've got to take out that rogue.
Download it on another computer and move it over. Rapidly try to run rkill until the rogue can't keep up and it fails to block it before it does what it needs to do. Like I said earlier if you can manage to turn user account control off it will help with this.
