PDA

View Full Version : Antispywarexp 2009



W4BD
03-30-2010, 10:01 AM
Well my Buddy's laptop got "infected" with this SPYWAREXP 2009 and I have fought it for several hours now. I can't get Malwarebytes to load nor will Avast load nor will a program that I downloaded from a search to rid this puter of the is POS that just showed up the other day. Also I can't get the laptop to load is SAFE MODE. When I try to load in SAFE MODE all I get is a screen full of file locations. ANYBODY got any experience getting rid of this I call it a VIRUS.

KJ3N
03-30-2010, 11:19 AM
I would boot the machine with a live Linux distro and delete the folder and files associated with the program in question.

WØTKX
03-30-2010, 11:58 AM
Yea, mean people really suck, don't they! :wall:

If the infection is really bad (and done well) booting the infected machine and trying to get rid of crap may not work at all... so booting another operating system (somehow) to get to the drive is quite often the only way to fix it.

However this one is a common "gotcha" and the Malwarebytes' Anti-Malware utility should kill it. You may have to do a few more things besides that...

One of my favorite techie websites ( bleeping computer :lol: ) has some info:

http://www.bleepingcomputer.com/virus-removal/remove-xp-antispyware-2009

Go to the middle of this page to the section that reads:


Automated Removal Instructions for XP Antispyware 2009 using Malwarebytes' Anti-Malware:

Good luck in your Quest! ;)

http://sharetv.org/images/jonny_quest_1964-show.jpg

X-Rated
03-30-2010, 12:03 PM
Yea, mean people really suck, don't they! :wall:

If the infection is really bad (and done well) booting the infected machine and trying to get rid of crap may not work at all... so booting another operating system (somehow) to get to the drive is quite often the only way to fix it.

However this one is a common "gotcha" and the Malwarebytes' Anti-Malware utility should kill it. You may have to do a few more things besides that...

One of my favorite techie websites ( bleeping computer :lol: ) has some info:

http://www.bleepingcomputer.com/virus-removal/remove-xp-antispyware-2009

Go to the middle of this page to the section that reads:


Automated Removal Instructions for XP Antispyware 2009 using Malwarebytes' Anti-Malware:

Good luck in your Quest! ;)

http://sharetv.org/images/jonny_quest_1964-show.jpg
I went to college with the son of the mayor of Bethlehem, Raji Freij. Poor guy didn't remember the adventures he had with Johnny Quest when they were little.

w3bny
03-30-2010, 12:24 PM
Windows 2000 boot disk/cd...and select delete partition(s).

Start over.

Oh and tell the victim thats what he/she gets for downloading Deutche shietzhe pr0n. Then watch the facial expresions FTW. :shock:

WØTKX
03-30-2010, 12:39 PM
Don't tell him that, not yet!

Only twice have I EVER had to wipe an OS... and it's painful to do that for most users.

Windows 2K is a very useful flavor of Winders tho, isn't it? :mrgreen:

w3bny
03-30-2010, 01:38 PM
Windows 2K is a very useful flavor of Winders tho, isn't it? :mrgreen:

Actually... the best one was...ready...

NT4.0 boot disks. write protects removed. no virus possible. If you had to kill a disk because of oh...Satan Bug...yeah.. that or old Norton Disk Edit. wipe Sector 0 track 0 and then used nt4 boot disks.

WØTKX
03-30-2010, 03:27 PM
Well ja, I have that too. :snicker:

Been a long time since I had to use something fugly, like the Ranish utility.

W4BD
03-30-2010, 06:54 PM
Well I read over at the ZED about TRINITY RESCUE so I downloaded it along with MAGICDISK but so far I have not been able to open Trinity or do anything to recover the Laptop. I was trying to put it on a CD so I can boot and try and delete all this JUNK that's messing it up.

I refuse to post on the ZED anymore so I guess I will pester y'all now.

WØTKX
03-30-2010, 07:01 PM
Well, you ever hear a newbie hamster get on the local repeater and ask questions? Folks will fight over who's the best to help. IF it's an active repeater, that is... that's helping? :whistle:

The 'Zed is like that... so are lots of pipple. :roll:

If you can get the personal data out and start over, it's one way. I'm a persistent cuss, with more than one computer, and anything that gets me (it happens) really motivates me to repair the OS. So I have the luxury of another system I can always use if the main one gets diseased.

That being said, I have NEVER gotten a virus on a Linux box, without trying to do it on purpose.

ad4mg
03-30-2010, 07:20 PM
Well my Buddy's laptop got "infected" with this SPYWAREXP 2009 and I have fought it for several hours now. I can't get Malwarebytes to load nor will Avast load nor will a program that I downloaded from a search to rid this puter of the is POS that just showed up the other day. Also I can't get the laptop to load is SAFE MODE. When I try to load in SAFE MODE all I get is a screen full of file locations. ANYBODY got any experience getting rid of this I call it a VIRUS.
Easy workaround ... go to the C:\Program Files\Malwarebytes folder, and rename "mbam.exe" to "mbam.com". Then, double-click the file to run the program. Ditto for any other .exe that won't run.

The trojan prevents a number of .exe files from executing. Best to run the scan in safe mode. Ditto for the variants ... just fixed a machine with "Antispyware XP 2010" using Malwarebytes.

Remember to update Malwarebytes before the scan, and check the security center settings afterwards.

KG4CGC
03-30-2010, 07:21 PM
Well my Buddy's laptop got "infected" with this SPYWAREXP 2009 and I have fought it for several hours now. I can't get Malwarebytes to load nor will Avast load nor will a program that I downloaded from a search to rid this puter of the is POS that just showed up the other day. Also I can't get the laptop to load is SAFE MODE. When I try to load in SAFE MODE all I get is a screen full of file locations. ANYBODY got any experience getting rid of this I call it a VIRUS.
Easy workaround ... go to the C:\Program Files\Malwarebytes folder, and rename "mbam.exe" to "mbam.com". Then, double-click the file to run the program. Ditto for any other .exe that won't run.

The trojan prevents a number of .exe files from executing. Best to run the scan in safe mode. Ditto for the variants ... just fixed a machine with "Antispyware XP 2010" using Malwarebytes.

Remember to update Malwarebytes before the scan, and check the security center settings afterwards.
Thanks. Good to know. :agree:

W4BD
03-30-2010, 08:13 PM
Well we are so messed up now that when I try to start window normal I get the "Blue Screen of Death" so I can't get into it right now.

Of course he didn't get a Windows disk with the Laptop so I can't use it to boot. I tried to use my XP Home disk bit I don't want to mess up the Windows Pro that came on the Laptop. I got a Laptop of my own that came with Windows Pro and no disk so I guess these people like DELL and TIGER leave you hanging.

When I try to load "Safe Mode" I get a couple of pages of file locations and the only command that I have got to work is "Exit". He has a lot of Business data that he doesn't want to lose so wiping the disk is almost out of the question. I know that the data is missing in action right now but MAYBE we can figure out how to work this out but if we wipe the disk the data is Killed in Action.

I know NOTHING about LINUX so I don't have a clue where to start.

ad4mg
03-31-2010, 03:32 AM
Well we are so messed up now that when I try to start window normal I get the "Blue Screen of Death" so I can't get into it right now.

Of course he didn't get a Windows disk with the Laptop so I can't use it to boot. I tried to use my XP Home disk bit I don't want to mess up the Windows Pro that came on the Laptop. I got a Laptop of my own that came with Windows Pro and no disk so I guess these people like DELL and TIGER leave you hanging.

When I try to load "Safe Mode" I get a couple of pages of file locations and the only command that I have got to work is "Exit". He has a lot of Business data that he doesn't want to lose so wiping the disk is almost out of the question. I know that the data is missing in action right now but MAYBE we can figure out how to work this out but if we wipe the disk the data is Killed in Action.

I know NOTHING about LINUX so I don't have a clue where to start.
If you get to the point where data recovery is required before a reinstall, I can do this, using Linux and a SATA-USB adapter. I can mount any SATA or EIDE drive, 2.5" or 3.5", and copy any data from the HDD to DVD disks. This would require removing the HDD and shipping it here ... not totally without risk.

Better idea would be to find your local Linux Guru, and ask him to do this for you! Cables-to-go makes the necessary adapter, which comes with the cables and a PS, for about $20.

The data is easily recovered before any OS re-installation, and Dell will send you the recovery CD's, free, if the machine was registered. All you need is the service tag number, found on a sticker on the machine. Usually, the recovery routine is stored on the HDD in the form of a disk image, in a hidden partition, and is available during bootup, but I can't recall the keypress combination.

Let me know if I can help on the data recovery!

W4BD
03-31-2010, 01:59 PM
Well I have downloaded UBUTU 9.10 and a quick boot called MINI ISO and I unziped the mini and burned it to a CD and have not gotten the sick lap top to boot on it. I am going to try the full Ubutu and see if it will work. I tried the Mini in my Lap Top and it will not boot on the CD either. I am sure that both the Lap top's drives are working so I guess the problem is in my extraction and burning. If anybody has any help on how to extract and burn a bootable CD then please post it or email me or PM me.

WØTKX
03-31-2010, 02:55 PM
Forgive me, but just in case...

Is the laptop's BIOS set to boot from a CD first?

W4BD
03-31-2010, 03:22 PM
Well yes I did go in and set both of the Lap Tops to boot off the CD/DVD.

I just burned the full UBUTU 9.10 to a CD using winzip to unzip and InfraRecord to burn the CD's but my Lap Top will not boot off of it.

ANYBODY know how to make a XP PRO recovery disk? My Lap Top has XP PRO so I could make a boot disk off of it but I did a google earlier today but found everything except what I needed. XP Pro help is of no help either it seems.

If anybody can tell me where I am going wrong on trying to make boot disk with Ubutu or the Mini ISO please tell.

ad4mg
03-31-2010, 07:23 PM
Well I have downloaded UBUTU 9.10 and a quick boot called MINI ISO and I unziped the mini and burned it to a CD and have not gotten the sick lap top to boot on it. I am going to try the full Ubutu and see if it will work. I tried the Mini in my Lap Top and it will not boot on the CD either. I am sure that both the Lap top's drives are working so I guess the problem is in my extraction and burning. If anybody has any help on how to extract and burn a bootable CD then please post it or email me or PM me.
Download the .iso file, and use a CD creating program (Nero, Roxio, etc) to recreate the bootable disk from that .iso file. The current Ubuntu 32 bit iso is named "ubuntu-9.10-desktop-i386.iso", and is available here: http://www.ubuntu.com/GetUbuntu/download

Once the iso is properly burned to a CD, it should boot and run nearly any machine. You can have a look at the OS without making any changes to your computer!

Also, here is a very brief "howto" on using an iso file to create a CD: https://help.ubuntu.com/community/BurningIsoHowto

There are many free CD writer programs available for download ... a Google search of "iso burning software" turns up a bunch of free utilities!

W4BD
04-01-2010, 08:34 PM
Well I have UBUNTU running on the Laptop and I am having problems opening downloads. ARCHIVE MANAGER keeps looking for zip files and I have not figured out how to open an EXE file.


I didn't get to work on the Laptop until late this evening due to having to take my Boom Truck over to Fl. to work on an Irrigation system. I have to go to Al. Tomorrow and work on a system over there.

KC2UGV
04-01-2010, 08:50 PM
Well I have UBUNTU running on the Laptop and I am having problems opening downloads. ARCHIVE MANAGER keeps looking for zip files and I have not figured out how to open an EXE file.


I didn't get to work on the Laptop until late this evening due to having to take my Boom Truck over to Fl. to work on an Irrigation system. I have to go to Al. Tomorrow and work on a system over there.

EXE's don't open on Linux :(

What downloads are you trying to open?

W4BD
04-01-2010, 09:31 PM
Well I am trying to open MALWAREBYTES and AVAST. I need to scan for SPYWARE due to the ANTISPYWARE XP 2009.

I have the Malwarebytes on a flash drive opened but Archive Manager will not let it run even off the flash drive same with Avast.

I am having to learn UBUNTU just like I did WINDOWS. I guess I need to get some program that will open an EXE file. Or maybe zip up Malwarebytes and then maybe Archive will unzip it and it will run: Who knows?

W4BD
04-02-2010, 06:36 AM
Well I am writing this reply on the sick Lap Top running ubuntu. I am still not able to open MALWAREBYTES even though I tried to ZIP it. I guess if I was a GEEK instead of an old nasty welder I would know these things.

I have to leave shortly for Alabama to work on an irrigation system. I might get a chance to play around with this thing tonight and over the weekend.

ad4mg
04-02-2010, 06:50 AM
Well I am writing this reply on the sick Lap Top running ubuntu. I am still not able to open MALWAREBYTES even though I tried to ZIP it. I guess if I was a GEEK instead of an old nasty welder I would know these things.

I have to leave shortly for Alabama to work on an irrigation system. I might get a chance to play around with this thing tonight and over the weekend.
Hi, Bill. Malwarebytes, or any other Windows application will not run on Ubuntu, or any Linux OS. Different animals. The advantage to starting a Windows box in Ubuntu is the ability to copy files from the Windows hard drive to another media. Repairing the Windows installation will require starting that machine in Windows.

I'd have another go at attempting to start the machine in safe mode, and running Malwarebytes then. If it will not start in safe mode, it's likely that the operating system will have to be re-installed.

To recover data files, I use the Ubuntu CD to start the machine, then access the Windows drive to copy the data files to another media, usually a USB drive of some sort, all usually done before the drive is wiped clean by a re-installation of Windows.

If you can get the machine running in Windows in any manner (unplug the network cable to prevent further infection!), and Malwarebytes still refuses to run, use the file renaming scheme I mentioned earlier, as that particular Trojan and it's variants prevent the running of certain executable files, "mbam.exe" being one of them. Simply renaming that file to "mbam.com" will allow the program to run. Malwarebytes will fix eradicate this particular Trojan if you can get it to run!

This is a particularly nasty trojan, as it allows dozens of other trojans a way in to the system, so you may have taken on quite a task. Although I'm also a pipe welder, I've been waging war on computers since 1990, and this particular nasty has given me fits as well. In two cases recently, I've had to resort to gathering the data using Ubuntu, and re-installing Windows on the infected machines, but usually, I'm able to defeat the beast running Windows in safe mode. Give it plenty of time, safe mode can sometimes be quite slow to start. I'll usually let it try to start for 30 minutes or so before I surrender!

KC2UGV
04-02-2010, 07:54 AM
Well I am writing this reply on the sick Lap Top running ubuntu. I am still not able to open MALWAREBYTES even though I tried to ZIP it. I guess if I was a GEEK instead of an old nasty welder I would know these things.

I have to leave shortly for Alabama to work on an irrigation system. I might get a chance to play around with this thing tonight and over the weekend.

Ah, ok. So, since you're running live, and you have an internet connection, you can either:

*** Please read the disclaimer/warning at the bottom FIRST***

* Just retrieve files, and do a clean-wipe of the drive, and re-load winderz onto it.

or

* Try this:

At the desktop, hit <alt>-<f2>
In the box that pops up, type "gnome-terminal" and hit enter.
Now, you got a terminal window? Great! Now...
Type "sudo apt-get install clamav" <enter>
If it asks if you want to continue, press "Y"
Once that finishes, type this "freshclam"<enter>
It should update itself. Now, time for a scan:
Type "clamscan -r --bell -i /"<enter>
Go, grab a cup of coffee, or two or three, and check on it.

It should scan everything, and hopefully, it should be able to clean the Windows partition as well.


***DISCLAIMER*** I would highly recommend backing up all your files anyways, before trying to do this. Linux, has at times, been known to trash NTFS partitions (Windows formatted drives) since Micro$oft doesn't seem to want to give reliable documents on how to work with NTFS. You should be safe (I always work with NTFS partitions from Linux), but, better safe than sorry, in my book.

WØTKX
04-02-2010, 12:42 PM
I guess if I was a GEEK instead of an old nasty welder I would know these things.

Don't even start with that... you're on your way and learned a lot already. Besides, you're a metal geek, no? :mrgreen:

KC2UGV
04-02-2010, 01:12 PM
I guess if I was a GEEK instead of an old nasty welder I would know these things.

Even geeks gotta start learning somewhere.

Think about it: You already know more than 90% of the rest of the population of computer users.

W4BD
04-04-2010, 09:25 AM
Well JohnBoy who owns the sick Lap Top has decided to let somebody else try their luck in fixing it. The guy who does all of Seminole School System computer upkeep has now got the job which doesn't hurt my feelings a bit. I tried everything that I could and everything suggested to me on here except the CLAMAV route.

Anyway THANKS to all the help

ad4mg
04-04-2010, 09:58 AM
Well JohnBoy who owns the sick Lap Top has decided to let somebody else try their luck in fixing it. The guy who does all of Seminole School System computer upkeep has now got the job which doesn't hurt my feelings a bit. I tried everything that I could and everything suggested to me on here except the CLAMAV route.

Anyway THANKS to all the help
You'll lead a happier life for ridding yourself of that monster. I wager the new guy will try to recover the data, then wipe the drive and reinstall Winders. IT guys have little patience for these sorts of things, and at some point, it's no longer cost-effective to fight the battle.

I set a 3 hour limit on battling malware and viruses, then it's time to start over anew! :dance

KJ3N
04-04-2010, 11:32 AM
I set a 3 hour limit on battling malware and viruses, then it's time to start over anew! :dance
Light-weight. Quitter. :neener: :rofl:

WØTKX
04-04-2010, 11:39 AM
^^^^ What a killa hamstah you are... :naughty:

:lol:

ad4mg
04-04-2010, 02:28 PM
I set a 3 hour limit on battling malware and viruses, then it's time to start over anew! :dance
Light-weight. Quitter. :neener: :rofl:
Actually, I'm an old, fat (not quite heavyweight) man who runs Ubuntu Linux on my machines. I'm just not that much into pain and agony to suffer MS Windoze for longer periods ... :lol:

W4BD
04-04-2010, 06:18 PM
Well I have tried UBUNTU and to tell the truth I was not that impressed. Now to be fair about it I was running off the CD boot disk and I didn't have much of a clue as to any of the command keys. I guess if I set up a machine with it got a book and learned something about it I might be more impressed. I still have the boot disc and I may dig up an old puter and install and play with it some more. But it seems like my time is going to quite limited for a while as the irrigation season is starting and there's MONEY to be made from the Farmers.

Again THANKS to all who tried to help.

ad4mg
04-04-2010, 07:14 PM
Well I have tried UBUNTU and to tell the truth I was not that impressed. Now to be fair about it I was running off the CD boot disk and I didn't have much of a clue as to any of the command keys. I guess if I set up a machine with it got a book and learned something about it I might be more impressed. I still have the boot disc and I may dig up an old puter and install and play with it some more. But it seems like my time is going to quite limited for a while as the irrigation season is starting and there's MONEY to be made from the Farmers.

Again THANKS to all who tried to help.
Running off the "Live" CD is unimpressive ... it's slow, and unless you understand the concept of mounting drives, all you see is the file system on the CD.

And, there is a learning curve, even with Ubuntu, which is supposed to be the easiest flavor of Linux to use. It's not quite plug and play, and unless you learn the command set and how to use the terminal (much like DOS and a DOS window), you lose considerable functionality. The GUI is nice, but everything isn't available in the GUI. I've been playing with various flavors of Linux now for just about 2 years. I have Ubuntu running on 3 PC's, and one laptop. When properly configured, it's much faster than Windows, and you can perform nearly every task that you can in Windows. And, if you must run that Windows application, either Wine, or a virtual windows installation within Linux will do the trick.

I don't miss using Windows one bit, and the only time I use any Windows product is to run Flight Simulator.

To each his own ... Windows boxes are a nice source of extra income for me ... they always seem to get hosed by viruses, trojans, and malware. For that reason alone, I love Windows!

BTW - Linux is 99.9% immune to all the nasties circulating on the internet, but I don't expect that to last forever ...

n2ize
04-05-2010, 03:54 AM
Well I have tried UBUNTU and to tell the truth I was not that impressed. Now to be fair about it I was running off the CD boot disk and I didn't have much of a clue as to any of the command keys. I guess if I set up a machine with it got a book and learned something about it I might be more impressed. I still have the boot disc and I may dig up an old puter and install and play with it some more. But it seems like my time is going to quite limited for a while as the irrigation season is starting and there's MONEY to be made from the Farmers.

Again THANKS to all who tried to help.
Running off the "Live" CD is unimpressive ... it's slow, and unless you understand the concept of mounting drives, all you see is the file system on the CD.

And, there is a learning curve, even with Ubuntu, which is supposed to be the easiest flavor of Linux to use. It's not quite plug and play, and unless you learn the command set and how to use the terminal (much like DOS and a DOS window), you lose considerable functionality. The GUI is nice, but everything isn't available in the GUI. I've been playing with various flavors of Linux now for just about 2 years. I have Ubuntu running on 3 PC's, and one laptop. When properly configured, it's much faster than Windows, and you can perform nearly every task that you can in Windows. And, if you must run that Windows application, either Wine, or a virtual windows installation within Linux will do the trick.

I don't miss using Windows one bit, and the only time I use any Windows product is to run Flight Simulator.

To each his own ... Windows boxes are a nice source of extra income for me ... they always seem to get hosed by viruses, trojans, and malware. For that reason alone, I love Windows!

BTW - Linux is 99.9% immune to all the nasties circulating on the internet, but I don't expect that to last forever ...

Wow... its hard to believe that I've been using Linux since around 1995. 15 years !! I think I started with one of the Redhat Linux 1.0 versions running on a 166 mhz Pentium machine that cost me around $2000.00 back then. BTW I still have that machine, last time I tried it... about 5 or 6 years ago it still ran.

Back then redhat and slackware and debian were among the most popular distros. Redhat 1.0x was one of the first to use the rpm package manager and there was no online update management system or automagic dependency resolution and often you ended up on what we called the "dependency carousel". One package requires another which requires another ... which requires the one you were originally trying to install. And even with rpm's functionality was limited and you usually wound up having to download and compile tarballs (which I still do now and then). In those days I had no sound on the system, the X windows and window management was crude and very simplistic and often i worked in text mode from the console...indeed many programs still ran in that mode similar to DOS programs. To get full hardware functionality it was almost mandatory to config and compile your own kernel and even then, hardware support was limited. All configurations meant hand editing config files and sometimes program source files and recompiling. And if you mentioned Linux to anyone outside of a LUG they would scratch their heads and wonder what the heck you were talking about. In those days I was on dialup (as was almost everyone) and I remember improvising the system to use a program called "diald" to configure the modem to autodial in to the isp on demand i.e. whenever diald detected outgoing packets. Later on that dial on demand functionality was incorporated directly into pppd (point to point protocol daemon) and diald quickly fell out of vogue. (Anyone remember configuring SLIP and PPP protocols over dialup ?)

Things have come an incredibly long way since then and the landscape of Linux sure has changed. I just find it hard to believe that 15 years have passed since I started with all this.

WØTKX
04-05-2010, 09:14 AM
Well, SLIP on my PPP. :snicker:

I remember those days, but all my distros were from AT&T, SCO, and especially HP-UX.