Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 



Sign in to follow this  
Jeremy

Out of the blue

Recommended Posts


submix8c    89

Yes, (brother's PC).

You'll need to get rid of it via Clean Install on another HDD then "MBAM" the offender before it can be used again. Lots of cleanup afterward even after being MBAM'ed.

The culprit was undoubtedly that file. Other files are just floating all over under wierd names and run again from the Registry ("runonce", part of the "cleanup").

BTW, you need LSPFIX because that's what's preventing the updates (I believe).

Since you already reloaded....

Share this post


Link to post
Share on other sites
Tripredacus    286

The "Dr. Guard" program was the key. This is from the new strain of fake antivirus/antimalware programs. Some are smart, some are stupid. Most work extremely well (what they were designed to do that is) on XP, but not so much on Vista or 7. #1 thing, these programs use registry settings to block your programs. The first variation would only use the Image Execution Options lists. Renaming the installer and EXE bypassed this. The second wave would terminate programs that tried to open/modify/delete the files it used/needed. This even included Notepad or in some cases even explorer.exe. In these cases, if renaming does not work, only WinPE or NTFSDOS are your saviours. Then after you remove "part" of the problem, can you run Gmer or MBAM (still renamed to be safe) to remove some more.

Yet you described something on 7, which so far I have not encountered a problem removing. Rest assured, these programs are a lot easier to remove from Vista or 7 than XP. Also, never forget about using cacls (or xcacls) to change the ACLs on files you need, or files you don't want running. Denying SYSTEM access to files is often a great way to disable these programs.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×