• Announcements

    • xper

      MSFN Sponsorship and AdBlockers!   07/10/2016

      Dear members, MSFN is made available via subscriptions, donations and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, become a site sponsor and ads will be disabled automatically and by subscribing you get other sponsor benefits.
Sign in to follow this  
Followers 0
Jeremy

Out of the blue

3 posts in this topic

Removed.

Edited by Jeremy
0

Share this post


Link to post
Share on other sites

Yes, (brother's PC).

You'll need to get rid of it via Clean Install on another HDD then "MBAM" the offender before it can be used again. Lots of cleanup afterward even after being MBAM'ed.

The culprit was undoubtedly that file. Other files are just floating all over under wierd names and run again from the Registry ("runonce", part of the "cleanup").

BTW, you need LSPFIX because that's what's preventing the updates (I believe).

Since you already reloaded....

0

Share this post


Link to post
Share on other sites

The "Dr. Guard" program was the key. This is from the new strain of fake antivirus/antimalware programs. Some are smart, some are stupid. Most work extremely well (what they were designed to do that is) on XP, but not so much on Vista or 7. #1 thing, these programs use registry settings to block your programs. The first variation would only use the Image Execution Options lists. Renaming the installer and EXE bypassed this. The second wave would terminate programs that tried to open/modify/delete the files it used/needed. This even included Notepad or in some cases even explorer.exe. In these cases, if renaming does not work, only WinPE or NTFSDOS are your saviours. Then after you remove "part" of the problem, can you run Gmer or MBAM (still renamed to be safe) to remove some more.

Yet you described something on 7, which so far I have not encountered a problem removing. Rest assured, these programs are a lot easier to remove from Vista or 7 than XP. Also, never forget about using cacls (or xcacls) to change the ACLs on files you need, or files you don't want running. Denying SYSTEM access to files is often a great way to disable these programs.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.