While I appreciate the irony..
March 26, 2009 5:51 PM Subscribe
I've been attacked by some malware called "Spyware Protect 2009". Have you guys seen this before? Screenshot and symptoms inside - hoping someone can help me kill this thing.
This is what it looks like in action.
Note than NONE of the balloons or popups you see are from any of the legitimate security software on my computer, they're all from the malware. The popups show up every minute or so, and there's even a system tray icon for this non-existent piece of software now.
It's also done something strange to Task Manager - the border around the center of the window is gone; I can't see or access the File menu, for example.
I'm running Spybot with the latest definitions, but that scan is going to take a while. Anybody got any experience dealing with this thing?
This is what it looks like in action.
Note than NONE of the balloons or popups you see are from any of the legitimate security software on my computer, they're all from the malware. The popups show up every minute or so, and there's even a system tray icon for this non-existent piece of software now.
It's also done something strange to Task Manager - the border around the center of the window is gone; I can't see or access the File menu, for example.
I'm running Spybot with the latest definitions, but that scan is going to take a while. Anybody got any experience dealing with this thing?
Response by poster: Shit. This is the computer with 3 years of pictures and mp3s that I kept saying I'd get an external hard drive to back up for months now. Can I transfer all that stuff to an external HDD without risking taking the virus with it, then f-disk?
posted by CRM114 at 6:05 PM on March 26, 2009
posted by CRM114 at 6:05 PM on March 26, 2009
Best answer: The other posters have it -- reformatting and reinstalling is your best bet. If you opt to chance it by attempting a removal, Google yields some reasonable results, such as http://www.2-spyware.com/remove-spyware-protect-2009.html.
Hopefully, you have good backups; if not, look into something like Mozy, JungleDisk (my preference), Carbonite, or any of the other good tools out there and save yourself some hassle the next time around. At least in this case, you should be able to save some data.
posted by ellF at 6:07 PM on March 26, 2009
Hopefully, you have good backups; if not, look into something like Mozy, JungleDisk (my preference), Carbonite, or any of the other good tools out there and save yourself some hassle the next time around. At least in this case, you should be able to save some data.
posted by ellF at 6:07 PM on March 26, 2009
Best answer: You may have to format, maybe.
But first, fuck Spybot - honestly, fuck it. It was good three years ago. It's not anymore.
I work in IT, and we live and die with Malwarebytes Anti-Malware.
Download it from here:
http://www.malwarebytes.org/
It's a great tool, and I've yet to meet something that it couldn't rip out and totally demolish.
posted by kbanas at 6:09 PM on March 26, 2009 [11 favorites]
But first, fuck Spybot - honestly, fuck it. It was good three years ago. It's not anymore.
I work in IT, and we live and die with Malwarebytes Anti-Malware.
Download it from here:
http://www.malwarebytes.org/
It's a great tool, and I've yet to meet something that it couldn't rip out and totally demolish.
posted by kbanas at 6:09 PM on March 26, 2009 [11 favorites]
Best answer: Detailed instructions for getting rid of this nasty are available here: http://www.malwarebytes.org/forums/index.php?showtopic=12374
(note: I've not gotten bit with this, so I can't say that I've personally tried this - but the instructions at least LOOK solid).
posted by deadmessenger at 6:14 PM on March 26, 2009
(note: I've not gotten bit with this, so I can't say that I've personally tried this - but the instructions at least LOOK solid).
posted by deadmessenger at 6:14 PM on March 26, 2009
Seconding Malwarebytes Anti-Malware. It's always done the trick for me, and I recommend it in most virus threads. Run it several times, though, to make sure you get everything. Formatting should be an absolute last resort. I've run into tons of viruses and problems and with (sometimes a LOT of) work, I've never had to do it.
Additionally, if you're still having problems, there are some manual removal steps here, but several of the comments point to Malwarebytes being capable of removing it.
posted by HonorShadow at 6:18 PM on March 26, 2009 [1 favorite]
Additionally, if you're still having problems, there are some manual removal steps here, but several of the comments point to Malwarebytes being capable of removing it.
posted by HonorShadow at 6:18 PM on March 26, 2009 [1 favorite]
I got something similar to this - I got a new drive in a USB enclosure, took the drive out, swapped the infected drive into the enclosure. I re-imaged the PC and copied files - pictures, home movies, etc - off the USB drive. As long as you don't execute anything on the old drive, you should be OK. Also, install an anti-virus after you re-image. it helps a little at least. ALso, I now have a bigger drive in my system.
posted by GuyZero at 6:20 PM on March 26, 2009
posted by GuyZero at 6:20 PM on March 26, 2009
1.) Disable Windows System Restore
2.) Download and install Malware Bytes
There are some new Spyware infections that will prevent you from running/scanning with Malware Bytes. If this is the case, you *might* get lucky enough to rename the MalwareBytes executable and then get it to run/scan successfully.
If you can't (get MalwareBytes to run).. then my suggestion would be to physically remove your hard drive, hook it up to an external adapter, and scan it from a friends machine. This may be a complete pain in the ass, but its a whole lot less painful than Formatting.
Most of the recent "AntiVirus2009" variants that I've come across can be removed with Malware Bytes and get you back to a clean system without formatting. (Yes - I know the only 100% sure way is to Format and start over.. but is that realistic for most home users? no. )
After cleaning the system, I generally recommend NOD32 antivirus, Firefox with adblock/scriptblock and possibly things like Windows Defender.
Dont get discouraged. Spyware is beatable.
posted by jmnugent at 6:21 PM on March 26, 2009
2.) Download and install Malware Bytes
There are some new Spyware infections that will prevent you from running/scanning with Malware Bytes. If this is the case, you *might* get lucky enough to rename the MalwareBytes executable and then get it to run/scan successfully.
If you can't (get MalwareBytes to run).. then my suggestion would be to physically remove your hard drive, hook it up to an external adapter, and scan it from a friends machine. This may be a complete pain in the ass, but its a whole lot less painful than Formatting.
Most of the recent "AntiVirus2009" variants that I've come across can be removed with Malware Bytes and get you back to a clean system without formatting. (Yes - I know the only 100% sure way is to Format and start over.. but is that realistic for most home users? no. )
After cleaning the system, I generally recommend NOD32 antivirus, Firefox with adblock/scriptblock and possibly things like Windows Defender.
Dont get discouraged. Spyware is beatable.
posted by jmnugent at 6:21 PM on March 26, 2009
I just cleaned off a PC with this and a few viruses on it this week for a friend's dad. I found that disabling system restore, installing Malware Bytes, installing an up-to-date free anti-virus program (the one they had was out of date by 3 years, worse than worthless because it gave them a false sense of security) booting into safe mode and scanning for malware and viruses took care of it. Once that was done, I booted back into regular mode and scanned everything once again and I got zero positives.
posted by SirOmega at 6:25 PM on March 26, 2009
posted by SirOmega at 6:25 PM on March 26, 2009
Best answer: Formatting is overkill. I just cleaned this off a coworkers computer today as well. Go to task manager and kill the sysguard.exe process to remove the running program from your screen.
Then run Malware Bytes. Did a quick scan there. That will clean up the executables and the registry entries this makes.
Then did a full scan, it found nothing, then scanned with Spybot S&D and that also found nothing.
That computer looks pretty clean now as far as I can tell.
posted by gatorbiddy at 6:32 PM on March 26, 2009 [1 favorite]
Then run Malware Bytes. Did a quick scan there. That will clean up the executables and the registry entries this makes.
Then did a full scan, it found nothing, then scanned with Spybot S&D and that also found nothing.
That computer looks pretty clean now as far as I can tell.
posted by gatorbiddy at 6:32 PM on March 26, 2009 [1 favorite]
Oh and an extra tip if you ever get infected with something and it won't allow Malware Bytes to run, just change the filename of mbam.exe to something else like tempmbam.exe and then it will lauch and run successfully.
posted by gatorbiddy at 6:38 PM on March 26, 2009 [1 favorite]
posted by gatorbiddy at 6:38 PM on March 26, 2009 [1 favorite]
If you double click the border of the task manager, the menu should reappear. +1 for MalwareBytes. I'll also mention SuperAntiSpyware. There is a chance of backing up without bringing the virus along, but I would say formatting because it's less time-consuming.
posted by ThirstyEar2 at 6:41 PM on March 26, 2009
posted by ThirstyEar2 at 6:41 PM on March 26, 2009
Response by poster: I'm in the middle of doing exactly what gatorbiddy prescribed right now on the infected laptop. The quickscan made all the evident symptoms go away.
In a couple of weeks (I'm about to make a big move so I was kind of planning on this anyway) I'm going to take ellF's advice and upload all of my pictures and mp3s to cloud storage, then format and reinstall XP.
Anyone have any more suggestions of thoughts on storage solutions? JungleDisk looks good but I'd love to hear any other opinons.
posted by CRM114 at 6:49 PM on March 26, 2009
In a couple of weeks (I'm about to make a big move so I was kind of planning on this anyway) I'm going to take ellF's advice and upload all of my pictures and mp3s to cloud storage, then format and reinstall XP.
Anyone have any more suggestions of thoughts on storage solutions? JungleDisk looks good but I'd love to hear any other opinons.
posted by CRM114 at 6:49 PM on March 26, 2009
crapmatic: "It's been said before a hundred times on other virus threads... if you are certain you're infected, the only real insurance is reinstalling the OS."
tdreyer: "+1 for formatting"
ellF: "The other posters have it -- reformatting and reinstalling is your best bet."
No, no, no, no, NO. I've gotten my share of viruses over the years, and I've never had to reformat my machine. It's total overkill, and should be a last resort.
Dump Spybot, pick up a more competent program like Malwarebytes, and scan, scan, scan. If that doesn't work, search online for the particulars of your infection -- you should find forum posts and such from others with the same bug. Most of the time they will have discovered a solution that you can try, too.
Trust me on this... I had a nasty infection a few weeks ago -- the first recommendation was to nuke it from orbit, but I eventually managed to remove it completely with information gleaned from an online help forum. And if that little bugger can be gotten rid of, anything can.
posted by Rhaomi at 7:44 PM on March 26, 2009 [1 favorite]
tdreyer: "+1 for formatting"
ellF: "The other posters have it -- reformatting and reinstalling is your best bet."
No, no, no, no, NO. I've gotten my share of viruses over the years, and I've never had to reformat my machine. It's total overkill, and should be a last resort.
Dump Spybot, pick up a more competent program like Malwarebytes, and scan, scan, scan. If that doesn't work, search online for the particulars of your infection -- you should find forum posts and such from others with the same bug. Most of the time they will have discovered a solution that you can try, too.
Trust me on this... I had a nasty infection a few weeks ago -- the first recommendation was to nuke it from orbit, but I eventually managed to remove it completely with information gleaned from an online help forum. And if that little bugger can be gotten rid of, anything can.
posted by Rhaomi at 7:44 PM on March 26, 2009 [1 favorite]
Best answer: Anyone have any more suggestions of thoughts on storage solutions? JungleDisk looks good but I'd love to hear any other opinons.
JungleDisk seems to be pretty popular as these things go, (I've talked to people who use it and are very happy with the cost-per-byte, and the ease-of-use) but the adage is "If you don't have it twice, you don't have it." I'm maybe overboard about backups, but I'd grab an external USB, as well. They're incredibly cheap these days. I got a 500 gb Free Agent Pro for about $100.00 6 months ago. They're even cheaper than that without Firewire, if you shop. $79.00 or $89.00, if you can find a sale.
posted by Devils Rancher at 7:44 PM on March 26, 2009
JungleDisk seems to be pretty popular as these things go, (I've talked to people who use it and are very happy with the cost-per-byte, and the ease-of-use) but the adage is "If you don't have it twice, you don't have it." I'm maybe overboard about backups, but I'd grab an external USB, as well. They're incredibly cheap these days. I got a 500 gb Free Agent Pro for about $100.00 6 months ago. They're even cheaper than that without Firewire, if you shop. $79.00 or $89.00, if you can find a sale.
posted by Devils Rancher at 7:44 PM on March 26, 2009
I had great success using Avast! to clean my computer of a similar infection and keep it bug-free for a few months now. And it's free!
posted by gnutron at 8:12 PM on March 26, 2009
posted by gnutron at 8:12 PM on March 26, 2009
Response by poster: Thanks all for the outpouring of advice and thinking. Very useful, all around. Malwarebytes (which I'd never heard of prior to this thread) seemed to do the trick: the second complete system scan picked up nothing, and I ran all of the other security software on the laptop just to be sure. Symptom-free.
Thanks all!
posted by CRM114 at 8:25 PM on March 26, 2009
Thanks all!
posted by CRM114 at 8:25 PM on March 26, 2009
Are you running anti-virus? I see a red shield in your corner. If you dont then install AVG free.
On top of that I recommend Windows Defender. Especially if you are prone to viruses.
posted by damn dirty ape at 9:37 PM on March 26, 2009
On top of that I recommend Windows Defender. Especially if you are prone to viruses.
posted by damn dirty ape at 9:37 PM on March 26, 2009
Response by poster: I was running AVG, but I hadn't updated my definitions this week, hence the red shield.
I am not prone to viruses! What kind of guy do you think I am? ;)
posted by CRM114 at 4:38 AM on March 27, 2009
I am not prone to viruses! What kind of guy do you think I am? ;)
posted by CRM114 at 4:38 AM on March 27, 2009
I had this on my computer and spent WEEKS trying most of the suggestions above. The virus got past Norton, disabled Task Manager, and Malwarebyte couldn't get it. After much frustration trying numerous fixes, I transferred my important documents and pics to a thumb drive and reformatted. After putting my docs back on, everything seems fine. It will take awhile to get all my software back on. Microsoft Office reinstalled without making me buy a new copy. This is the worst crap I have ever seen.
posted by tamitang at 6:23 AM on March 27, 2009
posted by tamitang at 6:23 AM on March 27, 2009
And you better not be surfing under your Admin ID...
posted by Guy_Inamonkeysuit at 6:47 AM on March 27, 2009
posted by Guy_Inamonkeysuit at 6:47 AM on March 27, 2009
This thread is closed to new comments.
posted by crapmatic at 5:59 PM on March 26, 2009 [2 favorites]