[opportunityman36]

OMG!!! this virus is really pissin me off!!!

hello guys. i need your help again please. i have this virus on my laptop PAVRM. It is spyware and it runs one of those fake anti virus scanners that tells you that your computer is infected and that you have to buy their software to clean your computer blah blah blah. i can not uninstall it becuz the malware corrupted my rundll32.exe file and every time i try to open any program it will tell me that the windows\system32\rundll32.exe file cannot be found or it will prompt me to choose a program to open the file with and it will ask me if i want to use internet explorer to open anyfile but the malware has also shut down my modem so i cannot access the internet. Also it wont let me use the add/remove application in the control panel or the system restore. My question is do you guys know of a good antispyware program that i can run from a flash drive cuz i cannot open any programs from the desktop due to the malware. Not even in safe mode. I am posting this from my desktop which is not infected. Any help you guys can give me will be greatly appreciated. Thank you in advance.

[Takaharu]

Those Windows Antivirus things are getting really elaborate now; if you manage to accidentally (or unknowingly) click on its application it installs itself, disables half a ton of stuff and is a real B to get rid of - no Task Manager, no Registry editor and it usually disables your Internet connection. When you look for the uninstall instructions you tend to see "open your Task Manager" then "delete these Registry settings".
I can't remember the exact place that I managed to get rid of everything but try finding and deleting the following:
Delete files:
Program Files\AV2010\AV2010.exe - Might not be there
Program Files\AV2010\svchost.exe - Might not be there
WINDOWS\system32\IEDefender.dll
WINDOWS\system32\wingamma.exe

Delete directories:
c:\Program Files\AV2010
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010

You'll also find a lot of places recommend Malwarebytes Anti-Malware. On its own, it used to get rid of Windows Antivirus but since they got to be more elaborate, it can't do it on its own. If you do delete the files that are used by the spyware, Malwarebytes AM is a good piece of software to used to scout through your system and find any loose ends.
However, when I last managed to get rid of the spyware (someone else's PC) I think Task Manager was still locked down. You might want to consider a reformat if its particularly bad for you.

[temeteus82]

I got a friend with the same crap, he got it via e-mail masked taht it came from his friend ..
Anyway it edits the default handling of the .exe file in windows registry ... I found a nice little fixexe.com file on the net that fixed that and then I ran AV software that cleaned the rest. This happened a long time a go so I can't recall where I got the file. But I think that Google is your friend in here...


[EDIT] Found site that might be useful to you : Windows XP File Assocation Fixes

[GigaWatt]

Takaharu and Temeteus explained it in detail... ... although if you ask me, i would go for the full format... if rundll32 was corrupted/infected, there is probably very little you can do about it... :S

if if you do happen to fix the problem, i recommend NOD32 AV Business Edition in combination with NetLimiter... i think you're probably familiar with NOD, and yes, it's a bit paranoid AV, but in the long run, it would help you save time looking for mallware/spyware alternatives... ... NetLimiter is probably the most comprehensive firewall/limiter i have ever come across... it's easy to use, you can configure it the way you like it (it has no auto config option like many firewalls do) and you can block particular apps, ports, addresses... in my opinion, it's as close as it gets to a perfect firewall...

[temeteus82]

Quote:

Originally Posted by GigaWatt

if rundll32 was corrupted/infected, there is probably very little you can do about it... :S

Actually it isn't... it is as I said windows registry in (HKEY_CLASSES_ROOT\.exe). The malware changes so that the windows is unable to run .exe's straight away...

F-Sececure had nice blog post about this...

[GigaWatt]

Quote:

Originally Posted by temeteus82

Actually it isn't... it is as I said windows registry in (HKEY_CLASSES_ROOT\.exe). The malware changes so that the windows is unable to run .exe's straight away...

F-Sececure had nice blog post about this...

aha... so actually, it's a registry setting rather than the rundll32 being corrupted/infected...

thanks, will keep in mind for future reference...

[charm_quark]

hi!, but just to note: that there is a command line alternative to everthing even uninstalling using "wmic", i dont think u'll have the run32dll problem when uninstalling (i think)

PS: teme nice site you found there!