I am following the "Required Reading - Home User Assistance Malware Troubleshooting" guide and am stuck on the first step. Operating in Safe Mode with Networking, McAfee and Windows are updated, but McAfee is "red". Specifically,
- Realtime scanning is disabled.
- Spyware and potentially unwanted program scanning is disabled.
- IM scanning is disabled.
- Script scanning is disabled.
- SystemGuards protection is disabled.
- Buffer overload protection is disabled.
The instructions in the guide are to post the list of unprotected items. Any ideas how to proceed?
Were you not able to run even the McAfee stinger?
Until one of the experts shows up, you might try the free version of MBAM at www.malwarebytes.org (the download will take you to a mirror site, such as majorgeeks.com -- that's safe).
In order to get it to run, you might have to rename the exe file, since the malware sometimes blocks it even from installing.
Extra tips on how to outsmart the pest are at their forums: http://forums.malwarebytes.org/.
Once you get it installed, be sure to update the definitions and run it (start with a Quick Scan) and let it clean what it finds.
You may need a Full Scan afterwards.
Also: it may be helpful/necessary to disable system restore before cleaning, since the malware can hide in restore points. WARNING:
doing so will remove all your existing restore points, so be sure to turn it back on when you are clean.
One note: despite the advice posters here sometimes give, MBAM should only be run in normal mode, not safe mode. So, if you cannot get it to install or run, try posting at their forum, as they are very quick to respond.
Another good, free program for rogues is SuperAntispyware.
Pretty much the same procedure.
Please post back and let us know how it goes,
Thanks for the tip to malwarebytes. Geekpolice also had a good thread. Finally found three random and obviously unwanted files in the start-up system config. I couldn't get the various anti-virus porducts to find or delete them, but I turned them off and got control of my computer again. I think I'm 90% there.