Skip to comments.Use a Flash Drive to Rescue a Malware-Infested PC ( Antivirus Live )
Posted on 01/30/2010 10:19:14 AM PST by dr_lew
Theres a particularly nasty virus making the rounds right now. Its informally known as the Antivirus Live virus, as it bombards your PC with scary, real-looking security warnings and masquerades as a program Antivirus Live (pictured) that can protect and repair your system.
(Excerpt) Read more at blogs.bnet.com ...
It is very scary and seems like a hopeless situation, since it won't let anything run, including the task manager. However, I had immediate success using the advice of this article, which I read Friday from my work computer. I put the SUPERAntiSpyware product linked in the article on a thumbdrive and ran it while I was disconnected from the internet. I can't make an expert recommendation, but I did have success.
I didn't run in safe mode, but followed a tip I read in a long list of comments at How To Geek. With "Antivirus Live" infection, you have a 20 or 30 second grace period after Windows XP boot where you can bring up the task manager and see the malware initializer running as XXXXsysguard.exe ( XXXX is a variable alphameric string. ) I was able to kill it from the task manager, and it didn't come back while I installed and ran SUPERAntiSpyware from the thumbdrive, and by all appearances I am rid of the thing, but you never know! I was certainly pleased by the apparent quick and easy success after the many dire accounts of its tenacity, so I just thought I'd share this experience with FR.
This seems like a pretty widespread problem, but maybe that's just because I got it.
Thats been around a while, going by a lot of different names. It has also had a variant pretending to be Windows Defender and other things.
My niece got one and it took me a couple of hours to root it out and kill it. My real anti-virus was able to finally catch it on mine and qurantine it.
malwarebytes- free upload
for malware related help ...
my wife’s PC caught this form of comuter clap. It is now at the shop beng repaired. Had a partial fix in place with the thumb drive solution discussed, told her to stay off the internet and lo and behold, she tries to email someone and the thing crashed....
I received it last year. I was eventually able to clean out the virus. It appeared again last week and tried to install. I stopped the installation by immediately shutting down my PC. I restarted without any problems.
@dr_lew: Thanks for this article and advise. My PC got killed this week by the very same virus. The problem is that it blocks your access to the internet and control panel so you can’t get any help. Can you elaborate on how you killed it once you booted the computer back up. Thanks in advance.
Yeah, that’s what I do when things look weird - - I reach down to my stack and hold the button in for 5+ seconds until the thing shuts down.
The best bet is to make an image of your hard drive and make incremental backups onto an external hard drive. This way you can always revert back to a state of PERFECT. I use “Acronis True Image Home” and can honestly say it saved my and my familys butt numerous times. Although we all use an antivirus program, sometimes things get through. To restore an infected PC back to a state of perfect takes about 20 min. This is by far the best software investment I have ever made.
On a side-note. It is wise to password protect your passwords in firefox & IE. My son just had to reimage his hardrive to prevent any more security leaks in his browser. Seems that he picked up some sort of virus that pulled out and sent all his passwords to an ip address in Nigeria, resulting in a mass funding transfer parade. Cost him thousands. PASSWORD PROTECT YOUR PASSWORDS.
Had quite a time booting into safe mode with my wireless kbd.
I got it twice first time i got rid of it,second time bombarded with all you had plus viagra and porn pop ups..
Called wife at work she asked the IT guy what to do,download Spybot search and destroy for free,cannot remember what site but i am sure if you google it it will show..
Finally go online thru Mozilla Firefox,oh yeah AVG for a free anti-virus.
Not had a problem in 2 years..
My PC caught this crap about two weeks ago (think my kid clicked on something). I ran Microsoft Security Essentials AND Avast and wiped it out.
“...stopped the installation by immediately shutting down my PC...”
by saying that, I presume you mean hitting the switch rather than “shutting it down”, as in normal start-menu + shut down mouse clicks?
I got turned onto Malwarebytes by our IT team at work. It works well.
I was on the same site, and the same thing happened to me too. However, my McAfee caught it. So no issues over here.
The comments at How To Geek report variable success using Safe Mode to do this. I found these comments to be very helpful in making a judgement how to proceed. I couldn't even boot in Safe Mode using the F8 key, as recommended. I just got a blank black screen. So I tried the normal boot and kill procedure that I read of there, and this worked great for me.
Bookmarking for future reference if needed! Thanks
When someone is determined to have created and released malware or virii like this into the wild, they really should face life in prison without parole.
So far I’ve managed to avoid any truly nasty infections, but even the lesser ones I’ve dealt with have left me wanting to cause grievous bodily harm to the scum who wrote it.
My wifes computer caught this and it was a nightmare. finally I booted up in safe mode and was able to run system restore. Then I ran a complete virus/malware scan. That got rid of it.
I have Windows XP, which has a pretty good Task Manager. I just hit ctrl-alt-del as soon as possible, selected the task manager, scrolled down to highlight XXXXsysguard.exe, and selected "End process". I think I may have had to do it twice. It's a race against time, so be sure to stay cool, calm, and collected as you fumble around :-)
When I put the thumbdrive in, with the SUPERAntiSpyware on it, I used Windows Explorer ( not Internet Explorer! ) to run it, and as I said, it seemed to go very smoothly from there, ( not forgetting about unsetting "Proxy Server" in IE! )
I think my Safe Mode boot problems may have been because I put the thumbdrive in before the boot. It may look there for a boot image, or something.
I just got my computer back from the shop after getting this nasty thing.
Tried to shut down but wasn’t fast enough.
What a mess!
Thought my McAfee would have stopped it - it didn’t.
Take frequent incremental backups.
Oy Vey! Don't ask me about the lurid visions I was having already, Dr. Zoidberg!
I was wondering too, why there seems to be so little interest or discussion about the source and history of this thing, ( which is just the thing of the moment, I guess. It's an ongoing issue. ) I did notice that one of the counterfeit pop-up warnings had some very interesting grammatical irregularities. I jotted down, "Click here for the scan of you computer."
My tin hat is tingling off my head.
Another post that reminds me of how glad I am that I switched to Apple computers after 20+ years of putting up with Windoze. I have an online/all the time connection. In more than a year and a half of heavy internet use I’ve never had a virus, worm, or annoying malware. Now that you can run Windows programs under the MacOS as well as they run on a PC there’s no reason not to switch. No.. I don’t work for Steve Jobs. But, I think I spent a lot of time working for Norton, McAffey, AVG, and etc..
I solved this problem about 3.5 years ago. I bought the wife a Mac and used Ubuntu on my computer.
The iMac I bought for her works as well today as it did that day I bought it in 2006. Actually it works better with Snow Leopard on it.
I know all the arguments people make about Mac—too expensive, etc. But we simply haven’t had to spend a penny on anti-virus, nor a minute of time on removing viruses.
And I don’t see the need to replace that computer for years to come.
In the end, I would rather enjoy a worry free computing experience instead of all the stuff I see on this post.
I got that thing some days ago and my AVAST started yelling. I X-ed out and did a anti virus run and have been fine.
Life on an island with no access to modern (post 1900) technology.
Amen...running Linux Mint here....but I do have a laptop which has one job....Turbotax...
My computer was nailed by this 3 days ago. I took it to the pros and they cleaned it up for $70. Everything I tried didn’t work, including running the malwarebytes program. I’ll try this if it happens again.
I already had malwarebytes installed, but it couldn’t touch this new iteration. It blocked malwarebytes from working to isolate the virus.
That would work, as long as it were a rather desolate place where you had to work from before sun up to well after sun down for just basic survival.
And at that, I’d still want them to be flogged weekly for the duration of their existence.
Trouble with Avira is that the free version doesn’t scan emails
Read post 36
This is the first malware script I’ve been infected with in 10 years.
It was simple to get rid of....First I unplugged my network cable then shut down the computer. Since it won’t let you open any executable programs after it boots up into memory, after restart, I immediately opened MSCONFIG and disabled it under the startup tab. Rebooted and it was gone. Searched for all remnants and removed them. Fixed the corrupt proxy setting with Hijack this!. 15 minutes tops....Harmless bugger.
“This is the first malware script Ive been infected with in 10 years.”
You must not surf the net much, or you have incredible luck.
Actually I don’t think I’ve had a virus, trojan, worm, malware, script ever until this one and I’ve been online since Al Gore invented the internet. I don’t use an Anti-virus either. ;)
My brother in law, small cash register co owner, used the quick(grace) method to rid a customer of this bug.
I couldn’t get to the control panel on one of my customers PC. I booted to safe mode and used a flash drive to install Malwarebytes. I also ran the program from safe mode. Cleared it right up.
Ping for later.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.