Antivirus Live/SWP 2009 basically locked down my computer! Just curious if anyone else got infected with this? I kept getting a security alert not from McAfee but from a rogue malware virus acting as a Microsoft virus sortware program, which it definitely was NOT. It made my computer unable to open any program, even McAfee to scan and quarantine it!! That's the sad part. My McAfee software wasn't able to override it to even take care of the problem!!
Yes, I've got it on one of my computers too. I can't use it at all now.
McAfee failed completely....I need help!!! This is #*%%$^(&
In the spirit of not recreating the wheel, here is one of a hundred write ups on removing it. Perhaps it will help. If not, please write back, and we'll take a closer look at your system.
Heres my major problem, is that if I didnt have firefox on my laptop I wouldnt be able to get to this website, my IE is toast, the malware wont let me open tools then internet options to repair the broken parts or askew parts to get the downloads working.What to do now? ThanksMessage was edited by: leadtag on 1/1/10 10:20:42 AM CST
Please try the steps below:
Download ALL of the tools below on a friend or family member's, CLEAN computer and copy them to a CD or flash drive, then transfer them to the problem machine.
First, please download and run the following tool to help allow the removal programs below to run. (courtesy of Grinler at BleepingComputer.com)
There are 4 different versions. If one of them won't run then try to run the other one. Try running them in Safe Mode if "normal" Windows doesn't get it done..
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.
IMMEDIATELY after running the "Rkill" tool above, run/install the Malwarebytes and SuperAntispyware installer and update files from the links below which you've also copied to a CD or flash drive, and transfered to the problem machine. Do NOT restart the computer after running Rkill.
Once downloaded and before transferring Malwarebytes and SuperAntispyware to the problem machine, rename the program installer "mbam-setup.exe" file to something else like "Gogetum.exe", then copy the installer file and the update file to a CD or flash drive.. Transfer the file to the problem machine, then install the "Gogetum.exe" file, then run the update to get the program current.. After that, run a full system scan and delete anything it finds.
Malwarebytes Installer Download Link (Clicking on the links below will immediately start the download dialogue window.)
Malwarebytes Manual Updater link
Next, install and run a full system scan with the SuperAntispyware program and the manual updater from the links below. As before, you may need to rename the installer file to get the program to install.:
SuperAntispyware Manual Updater
In a few situations, in order for the program to run, it was also necessary to rename the main "mbam.exe" file also after installing it.. It resides in the C:\Programs Files\Malwarebytes Antimalware folder....
And because this particular variant tends to tinker with your internet settings, open "Control Panel/Internet Options", then click on the "Connections tab/LAN Settings button and UNCHECK the box next to "Use proxy server for your LAN". Perform this step in Safe Mode.
Hope this helps.
Message was edited by: Grif on 12/30/09 9:54:56 AM PST
@Grif, none of that stuff is working for me, rkill is blcoked, hijackthis is being blocked, everything is block, any suggestions??
After using the rkill file and malware mbam-rules and superantispyware as suggested by Grif I've stopped having the problem. Now my mcafee icon is black and so are many icons on my programs list.
Any suggestions as to what I should do about this? PErhaps I should post this as a new topic?
Look for these locations :
%UserProfile%\Local Settings\Application Data\[RANDOM]
%UserProfile%\Local Settings\Application Data\[RANDOM]\[RANDOM]sysguard.exe
Try to rename and restart the computer
Then Delete the same file,,,
Thank you for your reply- but it
sorry - can't find delete and slipped posted before I was done.Message was edited by: Sugar on 1/4/10 8:37:26 AM CST