So my girlfriend's computer is infected with Antivirus System Pro.
It won't allow her to open the task manager, or any other programs.
Every online source I've found has stated that you need to use the task manager to disable the currently running processes first. So what's up, is she fucked?
Edit: Ah, okay. Once the thing is actually here physically tomorrow, I'll try rebooting in safe mode. For now she's using a friend's computer.
Take a moment to donate what you can to
Critical Resistance and
Black Lives Matter.
Posts
There also the bootable CDs made by Antivirus program makers, but I'm not familiar with those. Maybe someone else here has more experience with those and can tell you if they also clean malware off a system.
I would highly recommend a safe-mode scan with a fully updated MalwareBytes AnitMalware as soon as you're able. MBAM picks up and rips out a lot of these horrid things very well.
But once it's safely near another computer, we can actually get down to it.
Edit: I actually may try to set her up with a separate data partition or maybe even an external backup drive, so she can reformat more easily as a way of eliminating these things.
After you have the PC clean make sure to install Microsoft Security Essentials.
This. While it's not an attractive option, a reinstall is faster than ever with Win 7. And if you've got a spare harddrive or just a slave drive with enough space you can backup media files and such to that before the format. This really is the best option so that you know the system is safe.
"Read twice, post once. It's almost like 'measure twice, cut once' only with reading." - MetaverseNomad
Again I don't know without seeing it if it is in the same family of worms or not.
WoWtcg and general gaming podcast
WoWtcg and gaming website
http://www.ubcd4win.com/
http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html
That doesn't always work, with group policies viruses/spyware etc can disable task manager, registry editor etc from working regardless of name changes. The more advanced ones will end processes which query running processes like attempting to list running processes or listing the registry. Some will detect certain names of the program running in memory, so say you rename taskmgr.exe to iexplore.exe a virus will look at the name of the program from its window name and if it matches say "Task Manager", "Process Explorer" etc then it will end that program.
This is exactly why I use a custom bartpe cd, I have various programs on there that I use when removing viruses etc from pc's. (regeditpe, hijackthis etc)
---
I've got a spare copy of Portal, if anyone wants it message me.
My girlfriends computer got infected with this. It's fucking impossible to remove. I hear that Malwarebytes works if it was installed before you got infected. It will physically prevent you from installing the program after the fact.
Reformatting is really your only option.
GT: Tanky the Tank
Black: 1377 6749 7425
Nah, easy fix. Rename malwarebytes' installer and install to C:\abbadszag1
Or install it to a thumbdrive on another machine and bring it on over. Rename the main EXE after you do it.
i've worked on three really bad cases in my school's IT dept in the last month where it just saved more time to backup and rebuild the machines rather than run endless malwarebytes/spybot scans. one of the machines would even bluescreen going into safe mode but would work fine in regular Windows.
steam | Dokkan: 868846562
This. Very this. Here's a good read on the topic. The article may be old, but it's still very relevant. See here.
Basically, there's no way to be sure you removed everything once something's on there.
You're really fooling yourself and setting your machine up to get fucked again.
Well at least you have an excuse to update to Win7 if she doesn't already have it.
Her 5 year old laptop doesn't have sufficient memory to run it.
Debatable. I've heard Win7 will run on anything XP can run on. Not sure if I believe that, however.
Won't work with some of the versions of this I've come across. It'll let you run the installer if you've renamed it, but it will delete the executable for MBAM as soon as the installer puts it there. Even if you install it in a non default directory. I eventually beat it by keeping that directory open in another window, and as soon as the executable appeared I renamed it before the virus found it.