Stop rogue what?....
Rogue antispyware apps?
With the exception of police pro and a couple of others there are a couple that will cleanse your system.
The techniques employed by rogue anti-spyware apps have become very sophisticated, they are designed now to force you into submission and perform an operating system reinstall rather than be uninstalled.
You can try running Malwarebytes Antimalware and SuperAntispyware to see if that removes the rogue. There are a couple of other apps to help you shut down processes to allow the apps to run too.
But in all, I can't say there is ONE that will do it.
Rogue antispyware apps?
With the exception of police pro and a couple of others there are a couple that will cleanse your system.
The techniques employed by rogue anti-spyware apps have become very sophisticated, they are designed now to force you into submission and perform an operating system reinstall rather than be uninstalled.
You can try running Malwarebytes Antimalware and SuperAntispyware to see if that removes the rogue. There are a couple of other apps to help you shut down processes to allow the apps to run too.
But in all, I can't say there is ONE that will do it.
There are many, many apps (virus, malware, adware etc.) that fall under the Rouge or Fake name when you get hit with the app that takes control of almost every app (.exe) on your computer. Malwarebytes is excellent ... if it will still run (it and every other antivurus etc. will not run with the current version going around).
Malwarebytes will run in Safe Mode, but updates can't be done in safemode and the current version does not get the rogue/fake version going around right now. Spybot S&D, AVG, Nortons, Mcaffee, etc. will just tell you that the executable is corrupt and can't run. Updates can't run because the executable is corrupt. There seems to be no way around this thing that morphs into a different variant almost daily. It seems there is no protection that actually works.
I build/repair/service computers and run into the virus problem very often. There is usually a way out, but this one seeems impossible.
I realise that people should backup their data, but reality is ... very few will do it on a regular basis.
There is a program called XXCLONE that I personally have used for years and it does a COMPLETE clone of your hard drive to a 2nd hard drive in your computer, which only requires swapping data cables and jumpers and it will boot as your original drive did. I have this program explained on another thread in this forum.
Thanks for your reply ... and if you can offer any more help, I would certainly appreciate it!
aford10
Distinguished
- Oct 2, 2008
- 926
- 0
- 19,310
Malwarebytes may be infected as well. Uninstall it. Boot into safe mode with networking. Download malwarebytes, install it, update it. It will update in safe mode with networking. Do a full system scan.
Once that's done, boot into normal windows. Download Avira and install, then restart and get back into safe mode with networking (Avira will only install in normal windows). Once in safe mode with networking, update Avira, and do a full system scan to double check that malwarebytes got everything.
Once that's done, boot into normal windows. Download Avira and install, then restart and get back into safe mode with networking (Avira will only install in normal windows). Once in safe mode with networking, update Avira, and do a full system scan to double check that malwarebytes got everything.
Thank you aford10 for your reply. Sorry if this has been posted for awhile ... I have been very busy and haven't got back to read the forum.
Basically, I have tried a good deal of what you suggest ... except downloading and running Avira. I have uninstalled Malwarebytes and downloaded the newest version to a memory stick. I then installed it in safe mode and ran the scan. It did find about a dozen infections, which were removed. I then used a registry cleaner called RegSeeker which I have used for years, cleaned up the registry and ran the scan again. This time, it found 1 entry called avscan which I removed again and scanned again, but this time looking only for avscan in the registry. This time it found 5 entries with avscan ... and I removed them again. I did this at least a dozen times with similar results.
Finally I googled my problem and came up with a number of forums giving basically the same answer. They all said that the rouge/fake had about 500,000 sites it could access and keep replacing at least one registry entry to again infect your computer. A full format and reinstall was the only answer they said ... and that was as far as I got with any google answers. I have done at least 6-7 reinstalls on various computers in my shop, and that does seem to be the only answer right now.
I will try your further advice to use safe mode with networking and downloading Avira and scanning and hope that's the answer.
Thanks again for your help ... and I will let you know how it goes ...
Rustee
Basically, I have tried a good deal of what you suggest ... except downloading and running Avira. I have uninstalled Malwarebytes and downloaded the newest version to a memory stick. I then installed it in safe mode and ran the scan. It did find about a dozen infections, which were removed. I then used a registry cleaner called RegSeeker which I have used for years, cleaned up the registry and ran the scan again. This time, it found 1 entry called avscan which I removed again and scanned again, but this time looking only for avscan in the registry. This time it found 5 entries with avscan ... and I removed them again. I did this at least a dozen times with similar results.
Finally I googled my problem and came up with a number of forums giving basically the same answer. They all said that the rouge/fake had about 500,000 sites it could access and keep replacing at least one registry entry to again infect your computer. A full format and reinstall was the only answer they said ... and that was as far as I got with any google answers. I have done at least 6-7 reinstalls on various computers in my shop, and that does seem to be the only answer right now.
I will try your further advice to use safe mode with networking and downloading Avira and scanning and hope that's the answer.
Thanks again for your help ... and I will let you know how it goes ...
Rustee
aford10
Distinguished
- Oct 2, 2008
- 926
- 0
- 19,310
It's very important to do it in safe mode with networking. There are minimal system resouces being used in that mode. Thus, there is less chance the infected file/program will be running. If you can get rid of it when it's not running, it can't re-infect the system.
I've never used RegSeeker. I'll take your word for it that it's sound. I personally use ccleaner. It's a very good program.
A fresh format is always an option, but i always keep it for the last option. Try the advice from step 1 in safe mode with networking. Good luck. Let us know how it goes.
I've never used RegSeeker. I'll take your word for it that it's sound. I personally use ccleaner. It's a very good program.
A fresh format is always an option, but i always keep it for the last option. Try the advice from step 1 in safe mode with networking. Good luck. Let us know how it goes.
laidback93
Distinguished
- May 18, 2009
- 5
- 0
- 18,510
I thought I would revive this thread as I was infected last week by rogue spyware. This one happened to be the "XP Anti Virus 2010" bug that turned out to be the most awful virus/malware I've ever got. It blocked out use of all my exe files. Next step was to try and do a system restore which apparently destroyed the boot sector of my Win XP installation. This damn thing is smart. It covers all the bases.
So my question is this: I have my main drive partitoned. First partition is the main windows install and the second is my backup with itunes, etc. Can I just reformat the first partition and get rid of the virus? I'd like to save my back up files on the second if possible. I was told I need to do a low level format to make sure the virus wasn't hanging out in some random sector.
If I can just get by using the format utility on the Windows disk that would be great.
Thanks!
So my question is this: I have my main drive partitoned. First partition is the main windows install and the second is my backup with itunes, etc. Can I just reformat the first partition and get rid of the virus? I'd like to save my back up files on the second if possible. I was told I need to do a low level format to make sure the virus wasn't hanging out in some random sector.
If I can just get by using the format utility on the Windows disk that would be great.
Thanks!
laidback93
Distinguished
- May 18, 2009
- 5
- 0
- 18,510
All I get after the post screen is "hard drive failure". Is there another method to boot into safe mode?
aford10
Distinguished
- Oct 2, 2008
- 926
- 0
- 19,310
That's not a good sign. Try booting off your windows disc. Use the R command to get into the repair console. At the command line type each of the following commands.
fixboot
chkdsk /r
The first command will replace your boot files. The second will scan your hard drive for errors and try to repair them.
laidback93
Distinguished
- May 18, 2009
- 5
- 0
- 18,510
Thanks for the helpful info! I'll try that. I've read that people had luck using Malwarebytes in safe mode to get rid of the bug.
laidback93
Distinguished
- May 18, 2009
- 5
- 0
- 18,510
I'll try the method you suggested. If that doesn't work I'll just do a reformat. Sounds like I have a good chance of getting stuck with that option anyways.
laidback93 ... in addition to the commands for the repair console as shown in aford10's last post, add the 3rd command fixmbr and type Y when it asks if your sure. This is the master boot record for the drive and may allow you to enter safe mode after tapping the F8 key continually when the BIOS first starts to load.
What I have been doing to make sure I have the latest updates for malwarebytes, is downloading the latest version and updating it on a USB memory stick. Then in safe mode, run it to see if it will clean out ALL the infections. Sometimes it works and sometimes it requires a format and reinstall. You never know until you try!
Rustee
What I have been doing to make sure I have the latest updates for malwarebytes, is downloading the latest version and updating it on a USB memory stick. Then in safe mode, run it to see if it will clean out ALL the infections. Sometimes it works and sometimes it requires a format and reinstall. You never know until you try!
Rustee
Hi,
I know this has been inactive for a while but hopefully this helps.
1 - Malwarebytes can be updated in safe mode by downloadin gthe MBam updates exe onto a pen drive and running it in safe mode. Hopefully that will help you and your customers
Alternatively do what we do. Install and run MBam on a PC.
Run the updates.
Copy the rules.ref file from the Mbam directory (or sub dir) to the same location on the infected machine.
Start MBam
This manually updates mBam for you.
2 - Without starting a Mozilla vs Opera Vs IE, vs chrome ... debate.
Use mozilla and add in the Noscript ad on. (noscript.net) It stops java script running on pages until you give it permission. you can give permanent permission to common pages but new pages need to be authroised either temporarily or permanently. It stops rogue ware dead. Noscript is the best add on we have found for any browser to protect you on the net.
All the browsers are vulnerable to rogues. We have seen all browsers hit by them but mozilla with no-script has kept us 100% safe so far.
3 - Dr Web cureit and superantispyware are worth looking at. They are both portable scanenrs and do a thorough one off job of clean up. They are an excellent addition to use after MBam.
Lastly - there is no safety using any product from the rogues. They dont act in a malicious way (that can be detected by antivirus - unless they do more than the rogue warnings) and unless the AV has an entry in the database for them they are aloost impossible to catch heurestically.
HTH
virusbusters.co.nz
I know this has been inactive for a while but hopefully this helps.
1 - Malwarebytes can be updated in safe mode by downloadin gthe MBam updates exe onto a pen drive and running it in safe mode. Hopefully that will help you and your customers
Alternatively do what we do. Install and run MBam on a PC.
Run the updates.
Copy the rules.ref file from the Mbam directory (or sub dir) to the same location on the infected machine.
Start MBam
This manually updates mBam for you.
2 - Without starting a Mozilla vs Opera Vs IE, vs chrome ... debate.
Use mozilla and add in the Noscript ad on. (noscript.net) It stops java script running on pages until you give it permission. you can give permanent permission to common pages but new pages need to be authroised either temporarily or permanently. It stops rogue ware dead. Noscript is the best add on we have found for any browser to protect you on the net.
All the browsers are vulnerable to rogues. We have seen all browsers hit by them but mozilla with no-script has kept us 100% safe so far.
3 - Dr Web cureit and superantispyware are worth looking at. They are both portable scanenrs and do a thorough one off job of clean up. They are an excellent addition to use after MBam.
Lastly - there is no safety using any product from the rogues. They dont act in a malicious way (that can be detected by antivirus - unless they do more than the rogue warnings) and unless the AV has an entry in the database for them they are aloost impossible to catch heurestically.
HTH
virusbusters.co.nz
trolling troll
Distinguished
- Jun 26, 2011
- 13
- 0
- 18,560
Yea. I can sometime's pinpoint a rogue by using my proccess's chart from task manager but then if not i go into safe mode and run mb and msse. Ive never had a hard drive message like that tho, and I have had ALOT of rogue viruses 
Thanks for the suggestions guys ... much appreciated.
We have now found the best way to remove Rogue or Fake, is to remove the infected hard drive from the infected tower. Connect as a slave on our own work computer and run a freshly updated Malwarebytes (full scan). Rouge found a way to hide in RUNNING files and using this system, you are not booting with the infected drive. Naturally, you need to tell MWBs to scan the slave drive (by hard drive letter). This usually gets every peice of the rogue virus ... except occasionally the restore points, so we delete all restore points by turning off restore scanning. After deleting all restore points, remember to turn it back on. We then put the HDD back in the original tower or laptop and boot. There is usually no sign of the Rogue, but we update and full scan with MSSE. If nothing is found, we happily do whatever else needs to be done and hand the computer back to the owner.
This has worked for us for a few months (and we are almost constantly cleaning virus crap from computers these days).
You need to be constantly aware of the ongoing changes to the way Rogue works in order to adjust your way to remove it.
Good luck whatever way works for you.
Rustee
We have now found the best way to remove Rogue or Fake, is to remove the infected hard drive from the infected tower. Connect as a slave on our own work computer and run a freshly updated Malwarebytes (full scan). Rouge found a way to hide in RUNNING files and using this system, you are not booting with the infected drive. Naturally, you need to tell MWBs to scan the slave drive (by hard drive letter). This usually gets every peice of the rogue virus ... except occasionally the restore points, so we delete all restore points by turning off restore scanning. After deleting all restore points, remember to turn it back on. We then put the HDD back in the original tower or laptop and boot. There is usually no sign of the Rogue, but we update and full scan with MSSE. If nothing is found, we happily do whatever else needs to be done and hand the computer back to the owner.
This has worked for us for a few months (and we are almost constantly cleaning virus crap from computers these days).
You need to be constantly aware of the ongoing changes to the way Rogue works in order to adjust your way to remove it.
Good luck whatever way works for you.
Rustee
Similar threads
TRENDING THREADS
-
-
-
-
Question Artifacts appearing on my screen, is it a faulty ram or dying gpu?- Started by kaicenter02
- Replies: 0
-
Question (pls help b4 someone finds) Lenovo laptop charges but battery level won't increase.- Started by TestyHat
- Replies: 2
-
Question Connecting TV, IPTV box, and laptop to soundbar.
- Started by Katia2024
- Replies: 29
Facebook
Twitter