mrmaxx 0 Report post Posted October 25, 2013 I'm trying to clean a colleague's personal machine and I keep running into the same problem -- stuff gets detected, but can't be removed by the tools I have. I'm using the "emergency antivirus" VipreRescue, and Malware Bytes, and MalwareBytes cleaned some stuff, and Vipre keeps finding stuff that it can't clean. Most of what is found appears to be search hijackers, and I found one app that appears to be a search hijacker and am trying to uninstall it now. Hopefully that'll fix it, but if not, I'm looking for suggestions. I haven't kept up with this field since I'm no longer active in the IT world... Share this post Link to post Share on other sites
turetzsr 0 Report post Posted October 26, 2013 ...Seems like you've done the right thing in trying various tools, as it is said that sometimes one will catch things others don't and vice-versa. Petzl's sig may be worth a look and then of course there's always Google searches -- that helped me when I had a search hijacker. If your colleague is one of us poor souls running Windows, don't overlook Microsoft's tools, such as MRT and Windows Defender. As a last resort, initialize the hard drive and reinstall everything that is known to be safe. Share this post Link to post Share on other sites
petzl 0 Report post Posted October 26, 2013 I'm trying to clean a colleague's personal machine and I keep running into the same problem -- stuff gets detected, but can't be removed by the tools I have. I'm using the "emergency antivirus" VipreRescue, and Malware Bytes, and MalwareBytes cleaned some stuff, and Vipre keeps finding stuff that it can't clean. Most of what is found appears to be search hijackers, and I found one app that appears to be a search hijacker and am trying to uninstall it now. Hopefully that'll fix it, but if not, I'm looking for suggestions. I haven't kept up with this field since I'm no longer active in the IT world... W1N7 32 bit here (helps to mention) Search hijackers are more difficult as they are just annoying malware not a security risk Look in Browser add-ons/Plugins (FF) OR "Manage Add-Ons (IE) to get name of search program Check in Control Panel "Uninstall or change a Program" and remove it To remove Malware and you use window's you need to "right click" antiimalware and select "run as administrator" Last resort FireFox has a reset button to default in Help/Troubleshooting Information (top right) Share this post Link to post Share on other sites
mrmaxx 0 Report post Posted October 26, 2013 W1N7 32 bit here (helps to mention) Search hijackers are more difficult as they are just annoying malware not a security risk Look in Browser add-ons/Plugins (FF) OR "Manage Add-Ons (IE) to get name of search program Check in Control Panel "Uninstall or change a Program" and remove it To remove Malware and you use window's you need to "right click" antiimalware and select "run as administrator" Last resort FireFox has a reset button to default in Help/Troubleshooting Information (top right) Thanks, Petzl. I just updated his Avast and it ran a boot scan and found some stuff that I'd uninstalled, but apparently it left some hooks in the registry. *sigh* I just hope I can get it clean so this crap doesnt' come back. I was hoping someone had another tool to suggest. Share this post Link to post Share on other sites
petzl 0 Report post Posted October 27, 2013 (edited) Thanks, Petzl. I just updated his Avast and it ran a boot scan and found some stuff that I'd uninstalled, but apparently it left some hooks in the registry. *sigh* I just hope I can get it clean so this crap doesnt' come back. I was hoping someone had another tool to suggest. Often you need to google name of malware/spyware and see if google can show you how to manually remove it from registry If recent just go back to a older restore point Copy past to windows explorer Control Panel\All Control Panel Items\Recovery Edited October 27, 2013 by petzl Share this post Link to post Share on other sites
mrmaxx 0 Report post Posted October 30, 2013 Often you need to google name of malware/spyware and see if google can show you how to manually remove it from registry If recent just go back to a older restore point Copy past to windows explorer Control Panel\All Control Panel Items\Recovery Yeah. Problem is I have no idea how long the malware was on the PC. If he brings it back, I'll just have to do as you suggest and Google the spyware name and see how to remove it. Share this post Link to post Share on other sites
Farelf 0 Report post Posted October 31, 2013 If you Google, I'm sure you'll get hits on the bleepingcomputer.com forums which, although not intended for commercial service use (I suppose), seems to guide users through a process using nowhijackthis (and often malwarebytes as well). Might be worth having a look at the Security section of http://www.bleepingcomputer.com/forums/ - all way out of my league but would appreciate your thoughts/impressions. S Share this post Link to post Share on other sites
petzl 0 Report post Posted October 31, 2013 If you Google, I'm sure you'll get hits on the bleepingcomputer.com forums which, although not intended for commercial service use (I suppose), seems to guide users through a process using nowhijackthis (and often malwarebytes as well). Might be worth having a look at the Security section of http://www.bleepingcomputer.com/forums/ - all way out of my league but would appreciate your thoughts/impressions. S All are good all often detect malware but don't completely remove it A couple of times with FireFox I have had to hit the reset to default button Just about every download now attempts to hijack your search engine even Flashplayer updates Share this post Link to post Share on other sites
Farelf 0 Report post Posted October 31, 2013 ...Just about every download now attempts to hijack your search engine even Flashplayer updatesJust about every time I run Malwarebytes these days (maybe once a month) it picks up P.U.P.s in temporary internet files. I'm guessing these are splashovers from those 'default' installations from unrelated updates which I always 'uncheck' (nothing to do with Clive Palmer, I'm sure - sorry rest of the world, Aussie joke). Diabolical liberties are routinely being taken with our systems, removing those vestiges probably just slows down the next update (but I kill them anyway, don't trust them, specifically disallowed their source and if ever I miss one of those checkboxes the plurry things will undoubtedly install at lightning speed, good argument to set browser to delete temp files on exit yet those are generally useful - not just spammers that spoil the internet). OK, rant finished, I'll get over it. Still a good idea to have a look at bleepingcomputer.com/forums (security) IMO, seem to be some very competent people assisting in that venue - it's about the process and re-iteration of checks, not just the software used. Share this post Link to post Share on other sites
mrmaxx 0 Report post Posted October 31, 2013 Just about every time I run Malwarebytes these days (maybe once a month) it picks up P.U.P.s in temporary internet files. I'm guessing these are splashovers from those 'default' installations from unrelated updates which I always 'uncheck' (nothing to do with Clive Palmer, I'm sure - sorry rest of the world, Aussie joke). Diabolical liberties are routinely being taken with our systems, removing those vestiges probably just slows down the next update (but I kill them anyway, don't trust them, specifically disallowed their source and if ever I miss one of those checkboxes the plurry things will undoubtedly install at lightning speed, good argument to set browser to delete temp files on exit yet those are generally useful - not just spammers that spoil the internet). OK, rant finished, I'll get over it. Still a good idea to have a look at bleepingcomputer.com/forums (security) IMO, seem to be some very competent people assisting in that venue - it's about the process and re-iteration of checks, not just the software used. Yeah... Already told my co-workers there were some "skeletons" left. I forgot to clear out the temp internet files. Duh. If he returns it to me, I'll definitely get with the Bleeping Computer folks to see what can be done about removing the rest of the trash. Share this post Link to post Share on other sites
Farelf 0 Report post Posted November 6, 2013 Oh yeah, try NPE.exe (Norton Power Eraser - free - from Symantec). It is sometimes recommended by the CBE (depending on the infection detected/suspected in a spambot zombie) and is completely hassle free (and uncludes "undo") - https://security.symantec.com/nbrt/npe.aspx I downloaded it some considerable time ago and had forgotten all about it. On a "geeky" computer it will most certainly come up with some false positives and maybe only the owner would recognise all of those as such - but anything removed can be restored (unless that facility is deliberately switched off at the start of the scans and why would you do that?). There's no single security solution that will do everything every time (or even most of the time) without intervention - virus and malware development is too dynamic for that. Share this post Link to post Share on other sites
mrmaxx 0 Report post Posted November 6, 2013 Oh yeah, try NPE.exe (Norton Power Eraser - free - from Symantec). It is sometimes recommended by the CBE (depending on the infection detected/suspected in a spambot zombie) and is completely hassle free (and uncludes "undo") - https://security.symantec.com/nbrt/npe.aspx I downloaded it some considerable time ago and had forgotten all about it. On a "geeky" computer it will most certainly come up with some false positives and maybe only the owner would recognise all of those as such - but anything removed can be restored (unless that facility is deliberately switched off at the start of the scans and why would you do that?). There's no single security solution that will do everything every time (or even most of the time) without intervention - virus and malware development is too dynamic for that. Wow... Norton/Symantec did something RIGHT? That's amazing. Last time I used Norton/Symantec, they were bloated, virtually useless anti-malware. Obviously at least some of it has changed. Share this post Link to post Share on other sites
Farelf 0 Report post Posted November 7, 2013 Wow... Norton/Symantec did something RIGHT? That's amazing. Last time I used Norton/Symantec, they were bloated, virtually useless anti-malware. Obviously at least some of it has changed. Well, it USED to be lean and mean when Peter Norton wrote all the code - perhaps NPE is a legacy, retained and maintained, from those times. Oh, I meant the CBL, where did CBE come from? I need another beverage. Share this post Link to post Share on other sites