malware removal

April 19th, 2021

well I got hold of a nasty and I can’t seem to get rid of it
I ran nod32 and got this
Operating memory � C:\Users\****\AppData\Roaming\Temp.exe – a variant of MSIL/Spy.Agent.JL trojan – unable to clean
I ran rkill and combofix in safe mode and it appears to find it and fix it but when I reboot, it’s right back again
what am I missing?

Answer #1
Well, There is a difference between viruses and spyware, So it’s not surprising that nod32 was unable to “clean” it (It’s not an infected file, It’s spyware! The whole file is malicious and was never clean to begin with.) If anything you should’ve opted for the delete option. rkill only terminates the process and that’s that (So it can just re-run itself later if it got a registry startup entry) You could try using killbox to delete it after reboot:
http://www.softpedia.com/get/Security/Secure-cleaning/Pocket-Killbox.shtml
But there’s a chance it wouldn’t work. Some spywares can be incredibly persistent and difficult to remove!
You’d be best just doing a clean OS reinstall really. Even if you manage to remove this one, How are you to know it’s all there is to it? Remember that no Antivirus provides 100% protection, Plus there are rootkits too.
Point is, You shouldn’t trust your OS now that it has already been infected! Things aren’t always as they seem and doing a clean reinstall would be the best approach IMO. Also, Better use a Linux Live CD to change all of your passwords/secret questions just to be on the safe side.
Answer #2
roger that, I knew that was the logical solution, just didn’t want to admit it to myself
Answer #3
try using malwarebytes, best free tool for spyware and malware, always does the job for me
Answer #4
boot in safe mode, use malwarebytes. this will defo sort it.
Answer #5
I knew that was the logical solution, just didn't want to admit it to myself
Happens to the best of us sometimes!
Doing a reinstall is quite a bother of course, But it’s the best way to get rid of known & unknown spyware really.
boot in safe mode, use malwarebytes. this will defo sort it.
You don’t know that for sure!
And as I already pointed out, There’s also a strong possibility that his PC is infected with more than one kind of spyware. Most people just automatically assume that if their AV tells em their PC is clean then it really is, Or that if it tells em there’s only X number of infected files then that’s all there is to it, But this is not always the case! AVs (And Anti-Malwares too for that matter) relies mostly on file signatures in order to detect Viruses/Spyware, And there are many different ways to get around em! So your AV isn’t necessarily telling you the truth when it tells you your PC is clean or that there’s only 1 infected file. There are also some very persistent spywares which cannot be easily removed, Plus rootkits which can make it even harder. It’s certainly possible to have more than one spyware infection at a time! It can be a file which was bundled with multiple kinds of em, Spyware which automatically downloads & executes additional ones, Or it can be manually uploaded later by the person behind it! Bottom line, Once you know for sure that you have a spyware infection, It’s not worth your time trying to remove it. Your time would be better spent reinstalling the OS (And changing all of your passwords/secret questions from a live cd or another clean PC of course)
Answer #6
if you follow this, you can clean it. http://forums.malwarebytes.org/index.php?showtopic=110354 the problem with wiping your hard drive and then reinstalling the OS is, it takes a long time to get it back to the way you want it, and if you do this every time you get a virus, you’ll be doing what the virus maker wants. if you knew all the entries that windows uses to run programs at startup, and were confident in changing them, and knew what files don’t belong in windows, it’s even easier to fix.. the easiest way to get rid of malware is not to get it in the first place. for instance, enable UAC, use a good antivirus, scan any files first before running them, and if you see the message from a webpage, saying something like “message from webpage, your computer is infected with a virus, click here to fix it” they are actually trying to get you to click on that(either yes or no, don’t matter) so they can get you to download the malware downloader!!. don’t click anything!. close the internet browser and delete the temporary internet files!!. and don’t go to that webpage again. this is a good start..
Answer #7
Malwarebytes aint what it was its not able to even detect certain malware infections i have recommended spyhunter 4 quite a few times here recently it has always worked where mbam fails here is a link to a cracked version from herehttp://www.google.com?t=18335689&highlight=
Answer #8
Malwarebytes aint what it was its not able to even detect certain malware infections i have recommended spyhunter 4 quite a few times here recently it has always worked where mbam fails here is a link to a cracked version from herehttp://www.google.com?t=18335689&highlight=that version is suspicious…http://www.google.com?p=76388262&highlight=#76388262
Answer #9
Malwarebytes aint what it was its not able to even detect certain malware infections i have recommended spyhunter 4 quite a few times here recently it has always worked where mbam fails here is a link to a cracked version from herehttp://www.google.com?t=18335689&highlight=that version is suspicious...http://www.google.com?p=76388262&highlight=#76388262
I believe its the crack/patch that is detected was the same for me i downloaded an earlier version a few months ago it gets removed by spyhunter on its first scan.
Answer #10
Malwarebytes will not get rid of it visit http://www.bleepingcomputer.com rather than trying to wing it and get yourself in a whole lot of trouble.
Answer #11
I did try Malwarebytes, and although it’s done well for me in the past, it did nothing this time. I just bit the bullet and did a complete reinstall.
Answer #12
I just bit the bullet and did a complete reinstall.
You made the right decision, It’s the only way to be truly safe!
Btw, You did change all of your Passwords/QAs too, Right?
Anyways, You might wanna start using a disk imaging app (I.E acronis true image) to make it easier in the future (So you wouldn’t need to reinstall from scratch!)

 

| Sitemap |