Security shield badness

[Dean]

The laptop seems to have been infected with Security Shield #%^€, has anyone else had a computer infected with this?

[revengous]

reformat.

[Ash_Williams]

Do a System Restore, then run Malwarebytes. Guy at work's wife had the same one today and that's how we got rid of it.

[Joker]

Here is a semi manual method I use more than twice a day to clean up a system with an unknown virus/spyware. There are plenty of varients around so some skill is required at times, and removal of antivirus software can often present its own set of issues.

safe mode should let you boot without the spyware starting
msconfig - remove all spyware from startup and services
control panel/software and programs, remove anymore spyware/toolbars
remove java
remove any antivirus software (its likely been infected/disabled)
Normally it hides in either your appdata or programdata (msconfig gives you clues about where its hiding as any software being run from these locations is highly likey virus or spyware)
clean up temp files! (I prefer manually but disk cleanup util will do)
install and run malwarebytes
download and run tdskiller(malware bytes has issues detecting rootkits)
check task scheduler and remove crapware.
if its XP check the winlogon registry key for nasties.
system should be clean and ready to roll! reboot and check.
reinstall antivirus software and update (my pick is MS Security essentials atm)
reinstall java
check windows updates - these break for many reasons and indicate there are still issues if an update wont work. goodluck if you have a broken .net or manifest!

[Dean]

I haven't done a reformat for yonks

This is a pain in the ****

[Artful-dodgeR]

Once a year. Minimum. Gotta keep that windows drive clean yo.

[-Slayer-]

Install Malwarebytes Anti-Malware in safe mode then run it.

If you already have Malwarebytes Anti-Malware installed on the computer and the malware infection wont let you run it you can boot into safe mode and run it, or you could also run Malwarebytes Chameleon which sits in the Malwarebytes install folder, go into it and run chameleon.chm it will tell you what to do from there.

Malwarebytes is the superhero of PC protection, but even superheroes need a little help every now and then. If you already have malware on your computer, it may prevent you from running Malwarebytes Anti-Malware. Our superhero sidekick, Malwarebytes Chameleon, can help you run our program on an infected system.

Just click on the first button below and see if it runs. You'll know it's working if a black DOS window appears, slays malicious programs, and then starts Malwarebytes Anti-Malware. If the first button doesn't work, try the next one. If that one doesn't work, just keep trying until you find one that does! Then use Malwarebytes Anti-Malware as you normally would to run a Quick Scan and remove the malware.

Spybot - Search & Destroy is another good one to also have installed and run alongside Malwarebytes that way what one misses the other one gets, they compliment each other.

I run CCleaner for general cleaning.

Some other general tools you could look at been using these for years now, not really needed but I've found them handy over the years.

Registry Mechanic 11
AVG 2012 for antivirus
Cisco Network Magic Pro 5.5
Raxco PerfectDisk 10 Pro

I keep these lying around they can be handy.

Process Explorer
Process Monitor
CurrPorts
Trojan Remover (nothings beaten this one yet) you can use it free for 30 days.
Who Crashed (for reading windows mindump files)

If you don't have much on the laptop, seeing they have recovery partitions it's probably easier to redo windows as stated, but who's to say the problem is not going to rear up straight away again.

You need to ask yourself:
do you know roughly when you got the infection?
how did it come in? webpage, email, etc:
how many use the laptop and for what purpose?

As you need to guard against it doing it again.

If you want to run Malwarebytes Anti-Malware to it's full potential with live protection, grab me in IRC in the admins channel and we'll sort it out.

@Joker
tdskiller seems ok for free, going to look at that at that one for a couple of friends, Trojan Remover program does a huge range of rootkits and other stuff as well, but for most people it's not free I own it with lifetime upgrades of program and definitions.

There are a lot of different tools out there, that are probably better than what has been mentioned so far, but that's what forums are good for finding out new and wonderful things.

[Dean]

Thanks for the suggestions guise.

@slayer - The lappy is used for browsing type activities, not sure where I managed to pick up this **** (it wasn't from reviewing adult related educational material )

[brimlad]

@slayer - The lappy is used for browsing type activities, not sure where I managed to pick up this **** (it wasn't from reviewing adult related educational material )

A few months ago my wife got the smart hdd virus just by visiting the Blacket Homes website, as soon as she loaded the page the virus took hold; first time I've seen a virus that aggressive. Thankfully she wasn't browsing on an admin account so removal was straight forward, but seems to easy to get hit these days.

cheers

[tranquil]

I've seen this come in a few times recently at work. Safe mode and Malwarebytes removed it fine.

[Nekosan]

I decided to do a scan the other night just out of boredom and picked up a trojan that i've had for god knows how long, can't for the life of me think of where i got it.

[Otto-matic]

I will also put in a note for Kaspersky Rescue Disk, created from another PC though. Runs it's own OS and can update itself while running.

I'm getting really tired of cleaning this **** off the work computers. A lot of undetected stuff coming through recently

[cyclobs]

what's strange is i don't use any AV software yet haven't had any bad infection since the day i stopped using it :/

[v4moose]

I decided to do a scan the other night just out of boredom and picked up a trojan that i've had for god knows how long, can't for the life of me think of where i got it.

If u didnt even notice it, good chance I could have been a false positive, what was the name of the infected file?

Sent from my GT-I9300 using Crapatalk 2