Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus is locking programs and preventing scans

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus is locking programs and preventing scans

Unread postby bfauvelle » August 5th, 2009, 6:12 pm

My desktop computer has a virus that has completely shutdown or disable several programs on my machine. It started with disabling McAfee scanning capabilities and Windows Defender. It then shutdown permanently Internet Explorer when I was trying to run an online scanner. I cannot get into Internet Explorer at all now. It either does not respond to clicks or says that I don't have the appropriate permissions to access the program.

I then discovered that I can backdoor into the internet with Google Earth. It worked for a little while and I ran the Trend online scanner for a few hours before Google Earth crashed just during the Spyware scan. Google Earth is now locked with the same message.

I have downloaded the set-up files from my laptop and install them on my desktop using a USB swap drive with no success:
1) Firefox - downloaded fine but immediately crashed upon opening. It may open briefly but immediately crashes.
2) AVG - downloaded fine and performed a complete scan during Windows Safe mode. Found one item: Trojan Horse Generic14.PJL, which it said was moved to the virus vault. AVG scanning now does not respond or function.
3) Ad-Aware - downloaded fine but immediately crashed during first use.
4) Malwarebytes' Anti-Malware - downloaded fine but immediately crashed. It is now an unusable program, similar to IE.
5) Spybot Search & Destroy - downloaded fine but immediately crashed. Will not scan at all.
AND THE BIG ONE:
6) HiJackThis - downloaded fine but immediately crashed after the first scan. The program is now unusable (on my desktop). I set-up the program on my swap drive and ran the program and it will attempt to scan continuously but will crash after a couple of seconds.

I have Opera on my computer but I have not tried it yet. I'm hesitant since it might be one of my last options to the internet. It is not my default browser.

Some suspicious files flagged by McAfee during real-time scan: Freddy55.exe, Freddy56.exe, PWS-LDPinch (Trojan), Artemis!A486652FDD25 (Trojan), Generic.dx!bsf (Trojan), BackDoor-DOQ.gen.e (Trojan), Generic Downloader.x!nu (Trojan) - this one said that it was removed by restart was required, Generic FakeAler.d!gen (Trojan) - file rcfbm.exe, Artemis!8B411E3716FA (Trojan) - file yedfjdy.exe; There are others, which I can name if it is helpful.

I am currently not connected to the internet on the affected computer. I am going to start preparing to remove picture files and other keeper files in the event that I need to reinstall windows and start over.

Any help would definitely be appreciated. This one looks like a toughy (at least it does on my end).

Thanks in advance!!
bfauvelle
Active Member
 
Posts: 2
Joined: August 4th, 2009, 10:34 pm
Advertisement
Register to Remove

Re: Virus is locking programs and preventing scans

Unread postby NonSuch » August 6th, 2009, 5:35 am

Unfortunately, one or more of the identified infections on this system is a Backdoor Trojan.

Backdoor Trojans are the most dangerous and most widespread type of Trojan. Backdoor Trojans provide the author or "master" of the Trojan with remote "administration" of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.

I would counsel you to disconnect this PC from the Internet immediately and keep it disconnected. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

In addition to the backdoor Trojan that has been identified, this system is afflicted with other infections. This machine is obviously seriously infected and, even if it were stable enough to run the programs that would be needed in order to attempt cleaning it, it could never be considered to be truly clean, secure, or trustworthy without a reformat and reinstallation of the operating system. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system would be highly unlikely to regain any semblance of stability or reasonable functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows operating system.

Prior to reformatting the system, you may back up important documents and pictures. I suggest you avoid backing up to USB devices such as external hard drives or USB drives, which can be easily infected and in turn reinfect your newly cleaned system and/or any other computer with which it comes in contact. It would be safer to backup your data to CDs or DVDs. No programs or executable files should be saved as they would likely be infected, and all data files should be scanned with anti-virus and anti-spyware programs prior to being returned to the hard drive after it has been reformatted.

We're sorry we did not have more encouraging news for you.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Re: Virus is locking programs and preventing scans

Unread postby bfauvelle » August 6th, 2009, 12:35 pm

Thank you so much for the thorough response. I was afraid that the end result would be to reformat the computer but it is good to get an expert's opinion prior to doing so. The computer for the most part has been disconnected from the internet since I noticed issues. I will not reconnect it until the reformatting is complete.

I am being very careful in backing-up personal files.

Luckily we didn't do much personal banking on that computer. The accounts we did access don't have any weird activity and we have already changed the passwords. Our main concern would be our previous year tax returns, which have our SSN in the program.

That leads me to two questions:

1) We are likely going to get some sort of identity protection now that this event has happened, such as LifeLock. Do you have any suggestions or preferences as to what company to use?

2) This infection happened while we had McAfee virus protection software. When we reformat the computer, do you suggest that we reinstall McAfee or do you suggest a more secure virus/malware/spyware software to run real-time and whole computer scans?

Thanks again!
bfauvelle
Active Member
 
Posts: 2
Joined: August 4th, 2009, 10:34 pm

Re: Virus is locking programs and preventing scans

Unread postby NonSuch » August 6th, 2009, 2:58 pm

You're very welcome. :)

Regarding your questions:

  1. I have no recommendations regarding identity protection services. I would advise that before you make your final selection you search the internet for reviews and the opinions of everyday users of the service. Paid ads are meaningless when making such selections.

  2. While a computer virus is malware that can copy itself and infect a computer without the permission or knowledge of the owner, Trojans, just like the one in the Trojan War for which they are named, do not just come barging into your computer with a full frontal attack, they instead trick you into opening your gates and bringing them inside. Once inside, they do their dirty work.

    New malware infections are discovered every hour of every day. Antivirus companies write "definitions" (like vaccine) for those infections as quickly as possible; however, it is understandably extremely difficult to create a definition to stop an infection that has not yet been created. Many antivirus developers try to do this to a certain degree by using heuristics, whereby the antivirus product looks for certain "earmarks" and, if found, may sound an alert and/or quarantine the suspicious file. It is not advisable to make these heuristics overly sensitive, lest they begin to erroneously identify good files as bad files.

    It is important that we do not regard our antivirus and/or antimalware products as bullet-proof protection against any and all malware, as that only serves to give us a false feeling of security and makes us much more vulnerable to malware attacks. There is no antivirus, nor security suite, that can protect you against the biggest danger faced by any computer... the person sitting in front of the keyboard. ;) We must, therefore, be ever vigilant.

    If you have a preference for a particular antivirus product, then use that one. Personally, I like an antivirus that is not bloated and has a small "footprint." If an antivirus slows my computer down, or is too intrusive, then that one is not for me. Use the one you like, but whichever one you choose, no matter how good it is, it will immediately become useless if its definitions are not kept up to date, so the subscription must never be allowed to elapse.

I hope this information is helpful. :)
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California

Re: Virus is locking programs and preventing scans

Unread postby NonSuch » August 13th, 2009, 1:57 am

As the resolution of this issue requires a reformat, and there have been no further questions posted regarding that process, this topic is now closed.

You can help support this site from this link:
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 482 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware