How can I remove unwanted software that is listed in Windows Defender as harmful but is running on my OS?
- Infected with Block scanner Rogue SW which appeared to be a windows security alert that I was infected so I allowed it to be installed. I have now run virus, malware, spyware WMSRT and they all report that edverything is fine when it isn't. I am continuously getting pop upsstating I am infected.
I just updated WIndows Defender today and I still have te same problem. I checked the swtartup programs for all users and the blockscanner.exe in listed twice when I disable it the 2nd one is reneabled. I discovered that many files are listed in Windows Defender history as of yesterday, which is when I was infected, and were permitted to run. I can't seem to change it or remove them. Please help1 person got this answerI do too
Answers
- Hi,
Block Scanner is a rogue antivirus, a scam to force you to pay for it while it has no benefits at all.
Block Scanner - remove
http://www.im-infected.com/rogue/block-scanner.html
How to Remove BlockScanner
http://www.411-spyware.com/remove-blockscanner
Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone. (If Rootkits run UnHackMe)
Malwarebytes - free
http://www.malwarebytes.org/
Run the Microsoft Malicious Removal Tool
Start - type in Search box -> MRT find at top of list - Right Click on it - RUN AS ADMIN.
You should be getting this tool and its updates via Windows Updates - if needed you can download it here.
Download - SAVE - go to where you out it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)
Microsoft Malicious Removal Tool
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
-----------------------------
also install Prevx to be sure it is all gone.Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other security programs. This is
a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove.
http://www.prevx.com/PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp
--------------------------------------------
Here are some online free scanners to help if needed :
http://www.eset.com/onlinescan/
http://www.kaspersky.com/virusscanner
Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1
--------------------------------------------
Also do these to cleanup general corruption.
Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup
Start - type this in Search Box -> COMMAND find at top and RIGHT CLICK - RUN AS ADMIN
Enter this at the prompt - sfc /scannow
How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228
Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.
How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html
-----------------------------------------------------------------------
If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)
http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/a8f665f0-c793-441a-a5b9-54b7e1e7a5a4/
Hope this helps.
Rob - Bicycle - Mark Twain said it right.
All Replies
- Take the first step towards problem solution and download MalwareBytes Antimalware program from here- Install program by double clicking mbam-setup.exe setup file.- Stick to the guidelines when installing the program.- Make sure you update the program with latest malware entries.- Start computer scan by launcing the program and pressing "Scan" button.- After the scan has been completed, click "Show Results", then "Remove Selected".- Computer restart might be necessary.Another anti-spyware program that could be the solution for your problem:- Superantispyware (download free version from here)- Save setup file to your desktop and double-click the SUPERAntiSpyware.exe file to start the installation.- Before starting computer scan, make sure you have up-to-date software version.If non of the above tools worked, visit Block Scanner on pcindanger.com for alternative removal method.Hope this helps to fix your problems.
You are infected wth Malware.
Download, install, update and scan with each of the two programs below to check for/remove Malware/spyware.If necessary, do all the above work in Safe Mode with Networking.
To get into Safe Mode with Networking, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode with Networking from list of options, then hit ENTER.
Read all info below before starting:
http://www.malwarebytes.org/mbam.php
Malwarebytes is as the name says, a Malware Remover!
Download the Free Version from the link above.
Download, install, update and scan once a fortnight.
How to use Malwarebytes after it is installed and Updated:
1. Open Malwarebytes > Click on the Update Tab across the top> get the latest updates.
2. On the Scanner tab, make sure the the Perform quick scan option is selected and then click on the Scan button to start scanning your computer
3. MBAM will now start scanning your computer for malware. This process can take quite a while.
4. When the scan is finished a message box will appear
5. You should click on the OK button to close the message box and continue with the Malware removal process.
6. You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
7. A screen displaying all the malware that the program found will be shown
8. You should now click on the Remove Selected button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the programs quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, please allow it to do so. Once your computer has rebooted, and you are logged in, please continue with the rest of the steps.
9. When MBAM has finished removing the malware, it will open the scan log and display it in Notepad. Review the log as desired, and then close the Notepad window.
10. You can now exit the MBAM program.
http://www.spybot.info/en/index.html
Spybot Search & Destroy 1.6.2 is a very good, FREE Anti-Spyware Program.
Download, install and update it.
Then SCAN with it.
Update it, and scan your System once a fortnight.
Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot the computer, and go into Safe Mode.
To get into Safe Mode, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode from list of options, then hit ENTER.
RESCAN your computer with your Anti-Virus, Malwarebytes and Spybot S & D while in Safe Mode.
If unable to install above Programs in Normal Mode:
Sometimes Trojans, Viruses, Malware, etc stop you installing and/or updating Programs to remove them.
If that happens, reboot into Safe Mode with Networking (from F8 list of Startup Options), and install, update and scan from there.
Cheers.
Mick Murphy - Microsoft Partner- Proposed As Answer byMichael Murphy Monday, November 02, 2009 7:43 PM
- Hi,
Block Scanner is a rogue antivirus, a scam to force you to pay for it while it has no benefits at all.
Block Scanner - remove
http://www.im-infected.com/rogue/block-scanner.html
How to Remove BlockScanner
http://www.411-spyware.com/remove-blockscanner
Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone. (If Rootkits run UnHackMe)
Malwarebytes - free
http://www.malwarebytes.org/
Run the Microsoft Malicious Removal Tool
Start - type in Search box -> MRT find at top of list - Right Click on it - RUN AS ADMIN.
You should be getting this tool and its updates via Windows Updates - if needed you can download it here.
Download - SAVE - go to where you out it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)
Microsoft Malicious Removal Tool
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
-----------------------------
also install Prevx to be sure it is all gone.Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other security programs. This is
a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove.
http://www.prevx.com/PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp
--------------------------------------------
Here are some online free scanners to help if needed :
http://www.eset.com/onlinescan/
http://www.kaspersky.com/virusscanner
Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1
--------------------------------------------
Also do these to cleanup general corruption.
Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup
Start - type this in Search Box -> COMMAND find at top and RIGHT CLICK - RUN AS ADMIN
Enter this at the prompt - sfc /scannow
How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228
Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.
How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html
-----------------------------------------------------------------------
If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)
http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/a8f665f0-c793-441a-a5b9-54b7e1e7a5a4/
Hope this helps.
Rob - Bicycle - Mark Twain said it right. Thank you all so much for responding. I ran Windows Defender 3 times before it caught Trojan Win32 Fake Smoke. It listed it twiceand I removed both instances of it. I still was not comfortable as Windows Defender listed questionable programs that were permitted to run and I couldn't tell if these were part of FakeSmoke.
I then updated Malware Bytes and ran a full scan - caught nothing - rebooted system in safe mode and ran Windows Defender and Malware Bytes as Admin. Malware Bytes then picked up Rogue software block scanner - category registry key - Hkey-current user/software/block scanner.
I also stopped system restore as I was told that if it isn't stopped the virus will return if a restore needs to be done.
I also ran disk cleanup.
I am hoping that its all gone but wondering if Fake Smoke was listed twice, why wouldn't Malware Bytes have listed the block scanner it picked up twice as opposed to showing HKey- current user?
I am not too computer savy so I haven't done the sfc/scannow yet -- once the scan is completed will the screen automatically return to the windows screen?it it still be in a command window?- Hi,
You can just close the windows with the little X in the upper right corner. SFC is automatic
so once you start it you do nothing until it ends. Good idea to rerun checkdisk after to aid
in the repairs SFC makes - SFC itself does not cause any it corrects them.
Easy way is to do it as I described above.
How to Repair and Verify the Integrity of Vista System Files with System File Checker
http://www.vistax64.com/tutorials/66978-system-files-sfc-command.html
Hope this helps.
Rob - Bicycle - Mark Twain said it right.
