[OKei]

Download it on another computer and move it over. Rapidly try to run rkill until the rogue can't keep up and it fails to block it before it does what it needs to do. Like I said earlier if you can manage to turn user account control off it will help with this.

I have managed to intercept the worm and now I have control of my PC, I have installed MalwareBytes and I am now running this sucka on my desktop right now

As I type, I've found two infections already.

[Jimmy Hedgehog]

Yeah with these worms it's never usually just one...I've run into the "vista internet security" one before. Y'know, the one that makes all your exes direct to it. So I downloaded the vistaexefix.reg file that one guy uploaded onto my PSP, same with MalwareBytes installer. Did MB in Safemode with networking then when that cleared it I did the registry fix stuff. These things scare you shitless first time but once you've had them you feel they're not that hard to deal with XD

This post has been edited by Jimmy Hedgehog: 09 June 2011 - 03:50 AM

[TmEE]

I generally get them out with safe mode + ComboFix, sometimes I have to use another PC or a live-CD to revive the machine.

[Andlabs]

How do I get rid of this the not-from-within-Windows way? My brother's laptop is pwned...

[Aerosol]

How do I get rid of this the not-from-within-Windows way? My brother's laptop is pwned...

I had a XP Internet Security 2012 worm on my PC a couple of days ago. Hiren's Boot CD worked wonders for me.

[Andlabs]

What is the OFFICIAL download link? Google is sending me to at least two different places; one such place just has a Download link that links to about 20 pages of freeware downloads... another just takes me back to the download page when I click the download link (but it also misspells the name of the disc on the home page...)

This post has been edited by Andlabs: 19 June 2011 - 04:25 PM

[Aerosol]

I got mine from here.

[Andlabs]

Ok something tells me that site demands that you download from Windows, because when I tried downloading from Linux it just redirected me back to the download page o_O Anyway thanks; I'll try that out.

[Solaris Paradox]

It won't let me open or run anything. Not Firefox, not Windows Defender, or Task Manager, to name a few.

I realize I'm late to the party, but an effective tactic I've used in similar situations in the past is to restart my computer and use the start-up time to run any programs I need to run which malware would otherwise block out. There's a little vulnerable window of opportunity during startup where the malware hasn't turned "on" yet, and it's possible to use that to combat the malware. Usually just to download or Google whatever I need to have or know to fix it.

Something to keep in mind in the future if a second computer isn't within reach at the time.

[dsrb]

I realize I'm late to the party, but an effective tactic I've used in similar situations in the past is to restart my computer and use the start-up time to run any programs I need to run which malware would otherwise block out. There's a little vulnerable window of opportunity during startup where the malware hasn't turned "on" yet, and it's possible to use that to combat the malware. Usually just to download or Google whatever I need to have or know to fix it.

Isn't this just flailing around in a frantic attempt to imitate Safe Mode? I'm no authority on operating systems, but I'd imagine/hope safe mode loads only essential components and would thereby allow you to avoid and excise any virus reliant on hooking itself to startup.

[Dude]

It won't let me open or run anything. Not Firefox, not Windows Defender, or Task Manager, to name a few.

I realize I'm late to the party, but an effective tactic I've used in similar situations in the past is to restart my computer and use the start-up time to run any programs I need to run which malware would otherwise block out. There's a little vulnerable window of opportunity during startup where the malware hasn't turned "on" yet, and it's possible to use that to combat the malware. Usually just to download or Google whatever I need to have or know to fix it.

Something to keep in mind in the future if a second computer isn't within reach at the time.

You can't do this reliably with task manager, you need to have a program that interrupts the startupt process. The feature you're thinking of is built into a lot of antivirus/antispyware programs, but you can't use task manager to emulate it.

[Solaris Paradox]

It's just a method to open programs that a malware blocks out without setting off the malware. Safe Mode works better, but it's still a handy trick to know. Served me well enough in the past, anyway.

[Mester Keel98]

Just gonna pop in and throw in a little suggestion.

Burn a set of EXE file association fix registries for each Windows operating system and your anti-virus of choice to a disc (preferably one that does not use a live file system). That way if you or a friend has a fake anti-virus or whatever else stopping your stuff from running, you've got a portable solution.