Author Topic: I'm infected (tonite) by AntiMalware Go and can't run anything  (Read 3290 times)

0 Members and 1 Guest are viewing this topic.

Offline Coastlady

  • Jr. Member
  • **
  • Posts: 10
    • View Profile
Please help ~ I somehow got infected with AntiMalware Go and it's preventing me from running anything. I'm surprised I can even get on here. I was referred by GW Computer Forum (Zep - God bless him) but it's really got me over a barrel. Please help, I'm really afraid the longer it's on here the more damage it will do. I can't even use the initial instructions on this site I can down load but not run applications. Thanks ~

Offline R-C

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 2830
  • Laissez les bons temps rouler!
    • View Profile
Re: I'm infected (tonite) by AntiMalware Go and can't run anything
« Reply #1 on: March 01, 2011, 03:35:56 AM »
This is the link to her thread on GW.
Help! I've just been attacked by AntiMalware Go!
registered Linux user:476595
May inspiration fill your heart and hands, run down your legs onto your feet and cause Spontaneous Dancing! :dance:

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19650
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: I'm infected (tonite) by AntiMalware Go and can't run anything
« Reply #2 on: March 01, 2011, 02:22:16 PM »
Thanks for the link, R-C.

Hi, Coastlady.  Welcome to LandzDown Forum.

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.  

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Although your topic at G-W indicated you were able to scan with MBAM in Safe Mode, your topic here indicates otherwise.  Thus, I am providing complete instructions.

Please restart your computer and select Safe Mode with Networking. (To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. Windows will now boot into safe mode with networking and prompt you to login as a user.)  

Please start Internet Explorer, and when the program is open, do the following:
-- click on the Tools menu and then select Internet Options.
-- click on the Connections
-- click on the Lan Settings button tab
-- under the Proxy Server section, please uncheck the checkbox labeled "Use a proxy server for your LAN"
-- press the OK  button to close this screen. Then press the OK button to close the Internet Options screen.

Please download rkill from one of the following links and save to your Desktop:

One, Two,Three or Four
  • Double-click rkill to run.
  • A command window will open then disappear upon completion, this is normal.
  • Please leave rkill on the Desktop until otherwise advised.
  • Do NOT restart your computer after running rkill as the malware program(s) will start again.
Notes:

If you you receive security warnings about rkill, please ignore and allow the download to continue.

Next, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    Update Malwarebytes' Anti-Malware and
    Launch Malwarebytes' Anti-Malware
  • Click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, be sure Quick scan is selected, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  • Click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

NOTE:  If you need to restart your computer, it will be necessary to run RKill again in order to run MBAM.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Coastlady

  • Jr. Member
  • **
  • Posts: 10
    • View Profile
Re: I'm infected (tonite) by AntiMalware Go and can't run anything
« Reply #3 on: March 02, 2011, 01:57:02 AM »
Hi Corrine - thanks for the comprehensive response ~
You said "Although your topic at G-W indicated you were able to scan with MBAM in Safe Mode, your topic here indicates otherwise"
That's because I was really stressed last night and even this morning - there was no activity on this board & I went back to GW again and someone suggested opening 'restore' after going to safe mode which I did. The attack happened Monday evening so I restored back to last Thursday when everything was working O.K. Then I downloaded Spybot-Search & Destroy & Malwarebytes Anti-Malware & CCleaner - all this evening. Then I went back to GW to tell them what I did. Still don't know where such a horrible virus or whatever it was came from but I suspect StumbleUpon (maybe) or even FaceBook though I try to be careful with both. I told everyone at GW that when I started to stay with FireFox & not IE, I was changing my bookmarks and updating them. Some folders with many w/sites or photos or blogs were expired or otherwise gone. A few opened instead to something else ~ so I'm suspecting that could have caused an opening (for some dirty rat!) to hijack. I really don't know, wish I did.

My question now is: since I have done the above (running MBAM & Spybot & CCleaner) and everything seems O.K. - do I still need to go back over your previous instructions? I see you're not online so I'm going to be VERY  :confused: careful tonight and look for your instructions tomorrow. Also, please let me know if there are any more safeguards I can install to keep vermin like that away as much as possible. Thanks so much.

~ Ruth

Offline Eric the Red

  • ISO/IEC 27001:2013
  • Administrator
  • Hero Member
  • *****
  • Posts: 1618
  • Would somebody please pass me a beer!
    • View Profile
Re: I'm infected (tonite) by AntiMalware Go and can't run anything
« Reply #4 on: March 02, 2011, 09:51:53 PM »
Hi Ruth,

Don't assume that the computer is "fixed", these things are pernicious and we need to follow a tried and tested methodology to get you cleaned up. Corrine is the best but we need your help:

  • Please follow the instructions posted above and make sure that you post the requested logs in your next reply.
  • Do not take any action to resolve the issues that may be suggested on any other site, until you get the all clear in this thread - we need to be sure that the actions suggested here have not been compromised by other advice.

Thanks,
"The time to start running is around about the "e" in "Hey, you!" "

The information I provide is provided "AS IS" without warranty, and confers no rights.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19650
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: I'm infected (tonite) by AntiMalware Go and can't run anything
« Reply #5 on: March 02, 2011, 10:47:34 PM »
Thanks, Eric the Red.

Hi, Ruth. 

There is no way of knowing if your computer is clean without seeing any logs. 

Please download random's system information tool (RSIT).  If you do not have HijackThis installed on your computer, allow RSIT to download it:
  • Download RSIT by random/random from here and save it to your desktop.
    Note:  For users with 64-bit systems, please download RSIT from here.
  • Double-click RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).

Next, please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.