How to get rid of malware
已鎖定
- 登入以投票11
You may experience any one or more of the following symptoms:
- When you start your computer, or when your computer has been idle for many minutes, your - Internet browser opens to display Web site advertisements.
- When you use your browser to view Web sites, other instances of your browser open to display Web site advertisements.
- Your Web browser's home page unexpectedly changes.
- Web pages are unexpectedly added to your Favorites folder.
- New toolbars are unexpectedly added to your Web browser.
- You cannot start a program.
- When you click a link in a program, the link does not work.
- Your Web browser suddenly closes or stops responding.
- It takes a much longer time to start or to resume your computer.
- Components of Windows or other programs no longer work.See:
http://support.microsoft.com/kb/827315/en-us
"Unexplained computer behavior may be caused by deceptive software".
1. Run the Microsoft Windows Malicious Software Removal Tool2. Download ATF Cleaner by Microsoft MVP Atribune from http://www.atribune.org/
- Double-click ATF-Cleaner.exe to run the program.
- Click Select All found at the bottom of the list.
- Click the Empty Selected button.
- Click Exit on the Main menu to close the program.
- Shutdown/restart the computer.
3. Next, download Malwarebytes' Anti-Malware to your desktop.
[Malwarebytes' Anti-Malware was created by a Microsoft MVP and is free for personal use].
- Double-click mbam-setup.exe and follow the prompts to install the program.
- At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select Perform full scan, then click Scan.
- When the scan is complete, click OK, then Show Results to view the results.
- Be sure that everything is checked, and click Remove Selected.
4. Download, install, update and run: SUPERAntispyware (freeware)
- How do I download and install SUPERAntiSpyware?
- Customer Service and Product Support (FAQs)
5. If still no joy see and follow carefully:
"Checking for/Help with Spyware, Malware and Hijackware"In the event you need further assistance with malware removal, I suggest you follow the instructions at one of the ASAP Member sites that provides malware removal assistance.
Part of this Guided Help courtesy of my colleague MVP Consumer Security Corrine
Hope this helps,
Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003.
~ My Blog: http://blogs.dotnethell.it/vincent/- 已編輯Vincenzo Di RussoMVP2009年5月9日 上午 08:59
- 已編輯Vincenzo Di RussoMVP2009年5月9日 上午 09:12
- 已變更類型Ken - Former Support Engineer 2009年5月9日 下午 03:53This is a Discussion, not a question
所有回覆
Guided Help Part Two
When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in conjunction with some other utilities).
HijackThis will NOT fix anything on its own, but it will help you to both identify and remove any hijackware / spyware with assistance from an expert.
Download: http://aumha.org/downloads/hijackthis.exePost your log to:
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://forums.spybot.info/forumdisplay.php?f=22,
http://aumha.net/viewforum.php?f=30,
or another appropriate forum for review by an expert in such matters
If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
Or you might consider deleting the User Profile altogether (although I wouldn't and trust the security of all other Profiles).
Courtesy of my colleague Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
Hope this helps,
Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003.
~ My Blog: http://blogs.dotnethell.it/vincent/- Update: Guided Help Part Two
When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe ) is the preferred tool to use (in conjunction with some other utilities).
Recently, many of the security help forums have begun moving away from HijackThis (HJT) as an initial tool, finding it useful only for a general idea of possible issues. Malware today is often not visible in a HJT log. In addition, preliminary cleaning often results in the issue not being visible in a HJT log.
As a result, it is suggested that anyone seeking additional assistance pay particular attention to the preliminary requirements of the site where they are obtaining help. It is particularly useful to the analyst if a clear and concise explanation of the nature of the problem is provided along with all requested logs.
The help sites are very busy. As a result, it may be a few days before a response is received. It is advisable that you track your topic so you will know when an analyst has replied. Because many of the sites track new help requests by zero (0) responses, it is not recommended that you "bump" your post. Most sites have a place to post if you think your problem has been overlooked.
It is important to note that many of the tools used at the security help forums are extremely powerful. If used incorrectly can turn your expensive computer into a large paperweight. For that reason, it is advisable that you seek help at an established, recognized site with trained analysts and not attempt to use specialized tools or fixes without proper guidance. You can find Microsoft MVPs and other trained analysts at the following help sites:
ASAP Member Forums Providing Log Analysis
Dansk - Danish
Spywarefri
Deutsch - German Spezifisch deutschsprachige Computerhilfe-Foren (german-language sites to get help from):
a-squared Anti-Malware Sie haben Probleme mit a-squared Anti-Malware? Fragen Sie hier unsere Experten!
English
247Fixes
5 Star Support
a-squared Anti-Malware If you have problems with a-squared Anti-Malware?
Amazingtechs
Atribune.org
BestTechie
Bluetack Internet Security Solutions
CyberAnswers.org
D-A-L Computer Help
Freedomlist
Gladiator Security
LandzDown
Lockergnome
Log'N'Rock
MalwareBytes
MalWare Removal
NutnWorks
Security Cadets
Security Central
Smokey's Security Forums
SpyWare BeWare!
SpywareInfoForum
Subratam.org
Techmonkeys
Tech Support Forum
Tech Support Guy
TeMerc Internet Countermeasures
The Spykiller
WhatTheTech
Windows Forum
Español - Spanish Sitios de ayuda contra el spyware en idioma español
a-squared Anti-Malware Tiene problemas con a-squared, con la página de inicio de a-squared o con algún Malware en especial? Siéntase libre de pedir ayuda.
InfoSpyware
ForoSpyware
Finnish Suomalaisia sivuja mistä saada malwaren poisto-apua (Finnish sites to get help from):
Virustorjunta
Français - French Voici des forums français sur lesquels vous trouverez une aide rapide et efficace :
a-squared Anti-Malware Vous avez des problèmes avec a-squared Anti-Malware ou avec certain Malware? Demandez ici à nos experts!
Assiste.com
Zebulon
Italiano - Italian
a-squared Anti-Malware Hai problemi con a-squared Anti-Malware o con malware speciale? Chiedi pure aiuto.
Alground Research Center
Nederlandstalig - Dutch Op deze Nederlandstalige forums wordt U snel en efficiënt geholpen :
Hijackthis.nl
Nucia / Anti Spyware Offensief
PCHelper
Portuguese
Linha Defensiva
Serbian/Croatian
MyCity
non-ASAP Forum Providing Log Analisis
Deutsch - German Spezifisch deutschsprachige Computerhilfe-Foren (German-language sites to get help from):
HijackThis.de Support Board
Protecus
Rokop Security
TrojanBoard
English
Asksomeone.net
Aumha.org
BleepingComputer
Dell Community Forum - HJT room
Geeks to Go
Safer-Networking
SpywareHammer
Spyware Warrior
Français - French
IDN - Infos-Du-Net
Vista-XP.fr
FS - Futura-Sciences
PCA - PC-Astuces
Génération Nouvelles Technologies
Telecharger.Com/01net
Nederlandstalig - Dutch
BlueMedicine
Minatica.be
Corrine, Microsoft MVP This posting is provided "AS IS" without warranty, and confers no rights.- 已編輯Corrine -MVP, 版主2009年5月9日 下午 04:04Updated List
- Hi Corrine,
thank you very much for your update!
Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003. ~ My Blog: http://blogs.dotnethell.it/vincent/ - You're welcome. I thought providing a list of some of the known international help sites would aid people needing further assistance. The trick is to remember to keep the list updated. :)
Corrine, Microsoft MVP This posting is provided "AS IS" without warranty, and confers no rights. - Hi again Corrine,
I agree with you ;-)
Now I hope that one MSFT - Moderator makes this thread "Sticky", thanks!
Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003. ~ My Blog: http://blogs.dotnethell.it/vincent/ - I'm sorry but should have said that I'm using my laptop to post this message and be on the net, the problem is with my
Dell desktop (Vista)....
Karen - Hi Karen0451
Please go to your original Post
http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/e4b33e63-d298-4ca7-ab66-56fba9c56117
If you need to download/reinstall Internet Explorer, you can do it on your laptop, burn it to a CD then re-install it on the Desktop.
http://www.microsoft.com/windows/internet-explorer/?ocid=ie8_s_d69beac7-83c7-4a58-a655-68831a2e474a
Were you successfull in removing the Virus/Malware?
Ken
Microsoft Answers Support Engineer
Visit our Microsoft Answers Feedback Forum and let us know what you think. - Thank you MSFTs and Moderators for making this thread sticky!
Cheers,
Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003. ~ My Blog: http://blogs.dotnethell.it/vincent/ - An Excellent post Mr. Di Russo ^5
Typically, I run the MRT tool (Microsoft Windows Malicious Software Removal Tool, or, mrt.exe, for those that do not know) from an elevated (Administrator) command prompt.
During the monthly patching cycle, the mrt is updated in the system32 directory as I'm sure you know. This file is larger than the one offered by Microsoft on the page you listed. I realize that Microsoft recommends using the method you have described but, I feel the version in the system32 directory has more definitions and I am not aware that it is "targeted" by malware authors. Please correct me if I am wrong.
I'll quote a part from:
http://support.microsoft.com/?kbid=890830#Faq
The easiest way to download and run the tool is to turn on Automatic Updates. Turning on Automatic Updates guarantees that you receive the tool automatically every month. If you have Automatic Updates turned on, you have already been receiving new versions of this tool monthly. The tool runs in quiet mode unless it finds an infection. If you have not been notified of an infection, no malicious software has been found that needs your attention.
I did Google to see if this the mrt is targeted and came up empty, pretty much. I have also not seen any blogs from cnet, zdnet or slashdot about this. It also happens, sometimes, that a user is blocked from the Internet by malware and cannot get updates to any malware removal program.
I highly believe in the mrt so I am going to suggest the following for running the mrt locally:
Open an Administrator command prompt: Pres the Orb or start key, Or, use the Windows key and type:
cmd
Press all these keys together: CTRL+SHIFT+ENTER and deal with UAC as required.
type, in the command box that opens:
mrt and press enter.
In the windows that opens, click next then, choose the radio button for Full scan and click next.
Allow the tool to complete. This may take quite a while, depending.
If an infection is found, follow the on screen instructions.
If an infection is not found, press Finish.
I would also like to add Windows Defender to your list. It is continually being improved. It has also been given a thumbs up by one malware author:
http://blogs.zdnet.com/security/?p=2385
and
http://blogs.technet.com/mmpc/archive/2008/10/10/malware-writer-wants-an-eye-to-eye-with-us.aspx
I am open to a dialogue about this posting. I will follow all advice given about this post and, if so requested, delete it.
Kind Regards,
Avatar
edit: I forgot to mention this can be done from the Recovery Enviroment.- 已編輯Avatarrrr 2009年5月18日 下午 03:29added another option
I've just posted my own question about adserv cookies but your posting may be able to help me. Will the steps you suggest remove adserv cookies and block them in future?
- Hi orouka,
I see your post: Windows defender not detecting or blocking Adserve cookies
See if this thread helps:
http://www.lavasoftsupport.com/index.php?showtopic=23414
Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003. ~~~ My MVP Profile: https://mvp.support.microsoft.com/profile/Vincenzo - Vincenzo, thanks for your help. It worked!
I'm very new at this stuff and you really helped.
Gary - Hi Gary,
You're welcome. Glad to help and thank you very much for your feedback.
Cheers,
Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003. ~~~ My MVP Profile: https://mvp.support.microsoft.com/profile/Vincenzo - I have tried this but it it detected nothing. Tried to download malwarebytes but my anti-virus bloked it, i am using Kaspersky. Does Kaspersky offer a feature to solve these advert pop-up problems? I'm new to all this so any help is much appreciated.
- Hi, Dal T
Kaspersky is not likely to block MalwareBytes Anti-Malware. I suggest that you try a couple on-line scans. Follow the instructions provided at the links below.
http://onecare.live.com/site/en-US/default.htm
http://www.eset.com/onlinescan/
Corrine, Microsoft MVP This posting is provided "AS IS" without warranty, and confers no rights. - grazie mille, Vincenzo!
I worked feverishly today to try to remove "Personal Antivirus" from a system for a customer--one that would be a problem to backup/reformat/reload. Your posting worked great! In particular the Malwarebytes software solved the problem. It worked even with the system logged in and running. I had first removed the HDD and scanned with ESET NOD32 to remove viruses and it did find over 100 infections, but was unsuccessful at removing "Personal Antivirus" once I reinstalled it to the original computer.
--BizMD - Hi BizMD,
You're welcome. Glad to help and thank you very much for your feedback.
Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003. ~~~ My MVP Profile: https://mvp.support.microsoft.com/profile/Vincenzo - Hi Vincenzo,
I noticed that these instructions are on the Vista thread. What should I do with a computer (Dell laptop Inspiron 8600) with Win XP?
Thank you,
JG - JG,
You can follow these directions also for Windows XP.
Hope this helps,
Vincenzo Di Russo - Microsoft MVP Windows Internet Explorer, Windows Desktop Experience & Security - Since 2003. ~~~ My MVP Profile: https://mvp.support.microsoft.com/profile/Vincenzo - sir i tried hijackThis ..it shows "C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE" is "NASTY"now what to do? i was thinking to delete this folder but couldn't find this file in C:\Program Files....plz help
sir i tried hijackThis ..it shows "C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE" is "NASTY"
now what to do? i was thinking to delete this folder but couldn't find this file in C:\Program Files....plz help
HijackThis is an analysis tool and does not diagnose programs on the computer. That said, MyWebSearch has been classified as malware, spyware, spyware, adware, or other potentially unwanted software. I suggest that you start with Add/Remove Programs for an uninstall option. If there is no uninstall option, you can use WinPatrol to remove the browser hijack. http://www.winpatrol.com/bho.html . WinPatrol is free for personal use. There is also a one-time license purchase option for WinPatrol PLUS. See http://www.winpatrol.com/ .
Corrine, Microsoft MVP (Consumer Security). This posting is provided "AS IS" without warranty, and confers no rights.- Hi there. I received the Antivirus Pro 2010 virus on my computer this weekend. Unfortunately, it has taken control of my computer. I had read that I could delete the actually application by deleting it from my harddrive (manually since I could not get into Explorer-internet). I found and deleted it but my computer still is having issues. It now will load up and then after 5 minutes it does a restart. Also, I can not get into other applications. It seems to be a memory issue when looking at the error quickly.
What can I do to get rid of the remaining virus if I can't get into applications and the internet?
Thank you
Terri - Hi,
You can follow the instructions here. And you can download programs on another computer
and transfer them to your machine via removable media.
Remove Antivirus Pro 2010 (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-pro-2010
Download malwarebytes and scan with it, run MRT, and add Prevx to be sure it is gone. (If Rootkits run UnHackMe)
Download - SAVE - go to where you out it - Right Click on it - RUN AS ADMIN
Malwarebytes - free
http://www.malwarebytes.org/
Run the Microsoft Malicious Removal Tool
Start - type in Search box -> MRT find at top of list - Right Click on it - RUN AS ADMIN.
You should be getting this tool and its updates via Windows Updates - if needed you can download it here.
Download - SAVE - go to where you out it - Right Click on it - RUN AS ADMIN
(Then run MRT as above.)
Microsoft Malicious Removal Tool
http://www.microsoft.com/downloads/details.aspx?FamilyID=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en
-----------------------------
also install Prevx to be sure it is all gone.Prevx - Home - Free - small, fast, exceptional CLOUD protection, works with other security programs. This is
a scanner only, VERY EFFECTIVE, if it finds something come back here or use Google to see how to remove.
http://www.prevx.com/PCmag - Prevx - Editor's Choice
http://www.pcmag.com/article2/0,2817,2346862,00.asp
--------------------------------------------
Here are some online free scanners to help if needed :
http://www.eset.com/onlinescan/
http://www.kaspersky.com/virusscanner
Other Free online scans
http://www.google.com/search?hl=en&source=hp&q=antivirus+free+online+scan&aq=f&oq=&aqi=g1
--------------------------------------------
Also do these to cleanup general corruption.
Run DiskCleanup - Start - All Programs - Accessories - System Tools - Disk Cleanup
Start - type this in Search Box -> COMMAND find at top and RIGHT CLICK - RUN AS ADMIN
Enter this at the prompt - sfc /scannow
How to analyze the log file entries that the Microsoft Windows Resource Checker (SFC.exe) program
generates in Windows Vista cbs.log
http://support.microsoft.com/kb/928228
Run checkdisk - schedule it to run at next start and then Apply OK your way out then restart.
How to Run Check Disk at Startup in Vista
http://www.vistax64.com/tutorials/67612-check-disk-chkdsk.html
-----------------------------------------------------------------------
If any Rootkits are found use this thread and other suggestions. (Run UnHackMe)
http://social.answers.microsoft.com/Forums/en-US/InternetExplorer/thread/a8f665f0-c793-441a-a5b9-54b7e1e7a5a4/
Hope this helps.
Rob - Bicycle - Mark Twain said it right.- 已編輯SpiritX 2009年10月24日 下午 06:07
- Rob,
Thank you for the information. I believe you are stating that I will need to use removable media in order to download the application from my laptop to my desktop. What would be the best to purchase since I do not have this currently? And where should I purchase this?
Thank you again!! - Hi,
You can do some of that without extra programs. Run MRT and checkout the guide.
CD - DVD - USBThumb Drives - USB external drives.... whatever is best solution for your systems.
Good Luck
Rob - Bicycle - Mark Twain said it right. - "Download ATF Cleaner by Microsoft MVP Atribune from http://www.atribune.org/"
when i open this hyperlink there is a warning "Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only"
Is there a way to do this for vista? - Thank you very much!
- Hi, Mattcb09.
Yes, you need to right-click the .exe file and select "Run as Administrator", allowing the UAC elevation prompt. As Atri indicated here :
Notes for Windows Vista users:
On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator"
Prefetch has been disabled on Windows Vista. As I'm not sure the effects that emptying prefetch on Windows Vista will have for the time being it I won't enable that function.
Corrine, Microsoft MVP (Consumer Security). This posting is provided "AS IS" without warranty, and confers no rights. - I've had the same problem as many others have listed... ie8 and unwanted websites opening themselves. The most common one I get is
http://dati.pzzz.org:8081/lt/1plus1.html?pid=15&mid=21904&channel=23&extra=-1&pt=df&clientid=1256628524
This is a new laptop and I've only installed Windows and updated to ie8 so it's not a problem with anything I've loaded, and I haven't visited any other sites than those I used to with my old laptop running ie7.
Rather than mess around downloading this, opening that, checking with this, cross referencing with that... I've got a better idea.
I'm just going to stop using ie and switch to Google Chrome or Mozilla Firefox instead!
I hate ie 8 and will not use it again... I've never had a problem like this with either of the other two browsers I've named!
