Windows 10: Even Malwarebytes couldn't handle this problem

Hi there

I was trying to fix a kid's computer that was so ridden with malware that only a total HDD WIPE (ALL HDD's not just the OS HDD) and fresh install would clean it --Malwarebytes found something like 240 warnings etc - but couldn't cleanse the computer even though it said all threats had been removed.

Kid had tried to install some Dinosaur Theme from Softonic or somewhere like that - I don't know where it came from.

However even after an attempt at cleansing IE11 kept popping up zillions of ads -- same with EDGE as well so goodness knows what the malware was doing. It also kept throwing up every so often that well known SCAM -- your computer is infected with Malware -- Phone XXX to fix it.

Whatever it was - I've NEVER seens a computer so badly infected --even after anti spyware and malware "cleansing" the popups still kept coming back together with the message requesting to ring a number to "cleanse the malware".

Disabling every possible setting in IE and EDGE didn't make any difference. This computer was so bad it made that old legendry piece of Malware called Bubbledock (you might have previously heard of) seem almost like a BENIGN program. !!!

Formatting the OS HDD and re-installing clean the OS DID NOT fix the problem as the infection obviously transmitted itself from another HDD.

Only CLEANING and entirely re-formatting ALL the HDD's and re--installing the OS worked.

So don't always rely on Malwarebytes (or any other piece of AV software) to protect 100% of the time.

Beware if you have kids who like Dinosaurs - watch what they download from the net.

I think all these AV companies should employ some of these kids in their labs -- I've never seen a piece of malware so bad and resistant to removal as that one !!!!! and I still haven't any idea where it came from. !!!!

Cheers
jimbo

:)

 

Microsoft Fix-it will not open when I select 'Fix Now' or 'Register Now' options.

I am trying to install Windows Fixit Tool. I haven't a clue how much it is, but if it would open I am sure I would find out. Anyway, my Malwarebytes keeps blocking it. It cites the dllrepair.dllrepair.safecart.com as being the problem. I add the IP address
as well as the task name and still no dice, so I closed Malwarebytes. When I tried again a window came up that showed a sad face and said something to the effect that safecart wasn't a secure server. Meaning, even with Malwarebytes off, I can't get to it.
I don't want to call because I'm not sure how much this product even is yet and don't want a hard sell on the phone. I just can't handle that today. Any ideas out there?

 

Windows defender virus threat & detection stops running at 11.00am every day. Anyone help please?

Downloaded and ran Malwarebytes. Quarantined many items. The registry ones it couldn't remove.

Unfortunately, problem still remains.

 

depending on the age of the kid

I wonder if they teach things like this is school, be careful with downloading apps from internet, don't click random links etc

Even after mentioning to people when installing software to read each screen carefully to avoid getting all the extra spam apps, they still just click Next, Next without reading whats on the screen

 

I've heard of this before on one of my magazines, try disabling the Internet connection, it's a well known scam to try and. Get money. Of you by phoning a number to unblock the malware - don't phone that number they will ask for you credit card details and then take a big amount of money and clean your PC, it's called Ransomware.

 

There are certain rootkits that are impossible to detect from within the OS itself. They're embedded at such a low level, and they hook into the API's of the OS and remove themselves from things like Process listings, file listings, etc... And yes, once you get something like this, the only way to deal with it is a complete reinstall.

 

Hi there

and as well as a complete re-install don't forget to FORMAT ALL HDD's that are connected to that system as well !!!! Thank goodness I hadn't connected that PC even to my LAN but kept it totally isolated.

BTW to all people running VM's -- it's also possible to get CROSS CONTAMINATION from the VM to HOST if you SHARE HDD's so be careful even when running VM's. (Works the other way around as well !!!)

Cheers
jimbo

 

Malwarebytes is not the be-all virus killer. I use many programs to fix infected computers. tdsskiller works for root kits, SuperAntispyware will find many issues Malwarebytes can't. IOBitUninstaller helps getting leftovers that Windows uninstaller doesn't get.

Sounds like you had your hands full. I find it entertaining trying to heal someones else's computer, not nearly as fun when it happens to me. lol

 

Hi there

I mention malwarebytes in particular as so many on this Forum seem to think that it's a 100% cure all for any malware. There may well be decent Enterprise versions of AV software that can deal with this stuff - but most consumer grade programs I wouldn't trust with the latest deep seated batch of infections.

I still think that if a computer is as deeply infected as that one I was dealing with it the only 100% guaranteed solution is a 100% Clean re-install.

Some people might consider this over the top but I also re-formatted the HDD's with a DESTRUCTIVE erase -- writing x'00 To every sector on the HDD's too.

At least while that job was running (5 hrs to clean 3 X HDD's) I could go down to the pub for a few glasses of Beer.

Cheers
jimbo

 

Ahh, gothca. *Wink

 

Hi there

Looking at your Sig -- I think even the H.Ghost (or H.Spirit) himself couldn't have suggested an easier solution !!!!!

I'm still curious to find where this stuff came from -- I think I've narrowed it down a bit. Would be a great TEST BED for AV testing.

I think you can understand why I didn't take an image of that machine BEFORE cleansing it -- even with a Stand alone bootable USB stick for the backup program. !!!!!!!!

Would have been a great Test bed though !!!!!.

Cheers
jimbo

 

HerdProtect would've been bound to find whatever was causing that. It also has a feature in the settings that reset all internet settings to their defaults. That's would've been worth a shot. Did check the add-ons/extensions? Dr. Web CureIt! is also good, but are obligated to upload suspicious files if use the free version.