I'll be quick here. Apparently, I've just been hijacked by a "Spyware Protection" program, created from a w32 blaster.worm It won't let me open or run anything. Not Firefox, not Windows Defender, or Task Manager, to name a few. I'm now running Spyware Doctor on it, but nothing good so far. How do I get this shit off my Compaq PC? I use Windows 7, BTW. I writing on my laptop now since I can't use my desktop.
Hirens Boot CD. I don't have a link atm, but if you have intertubes access, grab the iso via google, burn it, boot it, run virus scan, win big monies.
Boot into a Linux LiveCD and try to remove the worm that way? I don't know; more specifics would be helpful.
I don't know much about the specific program you are dealing with, but it seems to be a rogue antivirus and those tend to have a similar removal process. I suggest downloading a program called rkill from this page. Most likely this program will be blocked too, but you need to just keep repeatedly trying to run it until it gets far enough into doing what it needs to do. If you can manage, turning user account control off temporarily can help with this. However, if this program works, your job isn't finished. All rkill does is forcefully terminate the malware process. After that, if your antivirus program of choice doesn't pick up your infection then I recommend trying the free version of Malwarebytes Antimalware.
Could these images tell a lot for you? Please say yes. This is the fake program in question that was created by the worm that is infecting my PC. This is not a program I normally use for virus scanning. It says it detects that I have a bunch of malware and other shits that's infecting my desktop, but I of course don't trust it. It's asking me to activate it, even though I never downloaded it. Quite suspicious. This is Spyware Doctor, a legitimate program that I use to remove spyware, and its what I'm using to see if it can remove this worm on my PC.
Via google-fu, found some info. Try this: taskkill.exe /F /IM defender.exe That should kill the process; from there, clean it up. also, lol@ blaster on w7, who do they think they're fooling?
EDIT: Never mind. I found it on search, but the son of a bitch won't let me run it. EDIT: I have a W32/Blaster.worm in my PC, FYI.
You've got to try to get it into safe mode. When the administrative assistant at one of my old jobs got one of those, I just rebooted a few times, trying to hit control alt delete fast enough to get a task manager open before the fake software had time to disable it. From there I was able to get into safe mode, and I simply installed and scanned with Microsoft Security Essentials and Spybot. Remember Windows users: Microsoft Security Essentials, Spybot: Search and Destroy, and CCleaner. Don't leave home without them.
Found a removal guide video for what seems to be the same program. Trust this guy he knows what he's doing. Mad Echidna: If this is the same program it apparently fucks up safe mode. So doing that is actually not recommended.
Nice advice. But does this mean I would have to shutdown my desktop? Can I install and run virus scans like MalwareBytes then?
If you try to go into safe mode and get a BSOD it will prove that the program you have is a variation of the one in the removal guide I just posted.
As far as the rogue goes, no. Your data should be fine. If you follow the guide's instructions you'll be able to restore safe mode. As for what the worm you claim to have can do, I don't know. But first things first, you've got to take out that rogue.
That asked me to download an executable online, but I can't even run an executable let alone an internet browser.
Download it on another computer and move it over. Rapidly try to run rkill until the rogue can't keep up and it fails to block it before it does what it needs to do. Like I said earlier if you can manage to turn user account control off it will help with this.
I have managed to intercept the worm and now I have control of my PC, I have installed MalwareBytes and I am now running this sucka on my desktop right now As I type, I've found two infections already.
Yeah with these worms it's never usually just one...I've run into the "vista internet security" one before. Y'know, the one that makes all your exes direct to it. So I downloaded the vistaexefix.reg file that one guy uploaded onto my PSP, same with MalwareBytes installer. Did MB in Safemode with networking then when that cleared it I did the registry fix stuff. These things scare you shitless first time but once you've had them you feel they're not that hard to deal with XD
I generally get them out with safe mode + ComboFix, sometimes I have to use another PC or a live-CD to revive the machine.
I had a XP Internet Security 2012 worm on my PC a couple of days ago. Hiren's Boot CD worked wonders for me.