LandzDown Forum

Please help ~ I somehow got infected with AntiMalware Go and it's preventing me from running anything. I'm surprised I can even get on here. I was referred by GW Computer Forum (Zep - God bless him) but it's really got me over a barrel. Please help, I'm really afraid the longer it's on here the more damage it will do. I can't even use the initial instructions on this site I can down load but not run applications. Thanks ~

This is the link to her thread on GW.
Help! I've just been attacked by AntiMalware Go! (http://ths.gardenweb.com/forums/load/comphelp/msg0222015117807.html?8)

Thanks for the link, R-C.

Hi, Coastlady.  Welcome to LandzDown Forum.

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.  

If you have questions regarding any of the instructions or problems running any tools, please let us know.

Although your topic at G-W indicated you were able to scan with MBAM in Safe Mode, your topic here indicates otherwise.  Thus, I am providing complete instructions.

Please restart your computer and select Safe Mode with Networking. (To do this, turn your computer off and then back on and immediately when you see anything on the screen, start tapping the F8 key on your keyboard. Using the arrow keys on your keyboard, select Safe Mode with Networking and press Enter on your keyboard. Windows will now boot into safe mode with networking and prompt you to login as a user.)  

Please start Internet Explorer, and when the program is open, do the following:
-- click on the Tools menu and then select Internet Options.
-- click on the Connections
-- click on the Lan Settings button tab
-- under the Proxy Server section, please uncheck the checkbox labeled "Use a proxy server for your LAN"
-- press the OK  button to close this screen. Then press the OK button to close the Internet Options screen.

Please download rkill from one of the following links and save to your Desktop:

One (http://download.bleepingcomputer.com/grinler/rkill.exe), Two (http://download.bleepingcomputer.com/grinler/rkill.com),Three (http://download.bleepingcomputer.com/grinler/rkill.scr) or Four (http://download.bleepingcomputer.com/grinler/rkill.pif)

• Double-click rkill to run.
  
• A command window will open then disappear upon completion, this is normal.
  
• Please leave rkill on the Desktop until otherwise advised.
  
• Do NOT restart your computer after running rkill as the malware program(s) will start again.

Notes:

If you you receive security warnings about rkill, please ignore and allow the download to continue.

Next, please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php) to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  Update Malwarebytes' Anti-Malware and
  Launch Malwarebytes' Anti-Malware
• Click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, be sure Quick scan is selected, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  (https://www.landzdown.com/proxy.php?request=http%3A%2F%2Fsecuritygarden.googlepages.com%2FMBAM_SR.png&hash=38adbab18bc0003ecf543fafb564e34dadece253)
• Click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Please post contents of that file in your next reply.

** Note **

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

NOTE:  If you need to restart your computer, it will be necessary to run RKill again in order to run MBAM.

Hi Corrine - thanks for the comprehensive response ~
You said "Although your topic at G-W indicated you were able to scan with MBAM in Safe Mode, your topic here indicates otherwise"
That's because I was really stressed last night and even this morning - there was no activity on this board & I went back to GW again and someone suggested opening 'restore' after going to safe mode which I did. The attack happened Monday evening so I restored back to last Thursday when everything was working O.K. Then I downloaded Spybot-Search & Destroy & Malwarebytes Anti-Malware & CCleaner - all this evening. Then I went back to GW to tell them what I did. Still don't know where such a horrible virus or whatever it was came from but I suspect StumbleUpon (maybe) or even FaceBook though I try to be careful with both. I told everyone at GW that when I started to stay with FireFox & not IE, I was changing my bookmarks and updating them. Some folders with many w/sites or photos or blogs were expired or otherwise gone. A few opened instead to something else ~ so I'm suspecting that could have caused an opening (for some dirty rat!) to hijack. I really don't know, wish I did.

My question now is: since I have done the above (running MBAM & Spybot & CCleaner) and everything seems O.K. - do I still need to go back over your previous instructions? I see you're not online so I'm going to be VERY  :confused: careful tonight and look for your instructions tomorrow. Also, please let me know if there are any more safeguards I can install to keep vermin like that away as much as possible. Thanks so much.

~ Ruth

Hi Ruth,

Don't assume that the computer is "fixed", these things are pernicious and we need to follow a tried and tested methodology to get you cleaned up. Corrine is the best but we need your help:

• Please follow the instructions posted above and make sure that you post the requested logs in your next reply.
• Do not take any action to resolve the issues that may be suggested on any other site, until you get the all clear in this thread - we need to be sure that the actions suggested here have not been compromised by other advice.

Thanks,

Thanks, Eric the Red.

Hi, Ruth. 

There is no way of knowing if your computer is clean without seeing any logs. 

Please download random's system information tool (RSIT).  If you do not have HijackThis installed on your computer, allow RSIT to download it:

• Download RSIT by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
  Note:  For users with 64-bit systems, please download RSIT from here. (http://images.malwareremoval.com/random/RSITx64.exe)
• Double-click RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).

Next, please download Security Check by screen317 from here (http://"http://screen317.spywareinfoforum.org/SecurityCheck.exe") or here (http://"http://screen317.changelog.fr/SecurityCheck.exe").

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.