Solved What is privacy protection? Fake virus program?

[executiV]

So I just tried to get Malwarebytes on my other computer and I do not see it doing anything, it asks if I want to download it, yet when I click the link I see no difference. Is this the correct thing to use:

Malwarebytes

that is the Webpage I am on

Also I called the # here:

http://www.spyware-experts.com/privacy-protection-removal/?gclid=CL6Y-JPO-KwCFUXf4Aod13dITQ

they said $99 to fix it. Is this legitimate?

 

[killjoy]

That's why I said to install malwarebytes with a usb key. And don't forget, you have to kill the virus service before it loads or it won't allow you to install malwarebytes.

If you don't know what I'm talking about, it's probably best to reinstall.

 

[Golden]

Hi,

Please follow the link I posted, or go directly to www.malwarebytes.org. Then under products, select the free version.

Since you are downloading from a different PC, you shouldnt have problems downloading it.

See below.

 

[killjoy]

Most of those rogue viruses won't let you do that Golden. Especially if he can't even right-click.

 

[killjoy]

That's about what I charge. The reason it's so expensive is that your system settings are probably hosed. Trust me, if your settings are that gone, it's better to reinstall.

 

[Golden]

So I just tried to get Malwarebytes on my other computer

He is trying to downlaod froma different, presumably non-infected computer - should easily be able to download.

 

[executiV]

I apologize for my many questions, but I do not see how I get malwarebytes onto the USB. I have two laptops here. The one WITHOUT the issue is what I'm trying to get the malwarebytes on, and I have a USB key inserted.

I clicked the above link, and right-clicked 'download now' to try to 'save as', but do not see it on the USB in the new file I made.

 

[killjoy]

If you attempt to fix this yourself, keep in mind you're probably going to have to fix windows update, several snap-ins, your hosts file is probably locked out, and so forth.

 

[executiV]

sorry guys, I see the responses late

So, I am better off using the disc included with the computer and starting off fresh?

 

[killjoy]

Yes. And you end up with a system that you KNOW is clean. Those Russian programmers are geniuses and there's no telling if you've succeeded or not.

 

[Golden]

Please follow the steps in post #38.

 

[killjoy]

What's he going to do when he gets the virus off? Go through life without a hosts file? Who needs windows update anyways right? He's too far gone. What are you going to do, analyze all his processes one by one? Ask for a readout of his services to make sure their running properly, from Australia?

But suit yourself.

 

[executiV]

Just want to let you both know I GREATLY appreciate your help.

I am still working on this and it seems best to do the re-install as killjoy recommended. Are you willing to explain how I accomplish that, I have very little experience with this as you can see.

 

[Golden]

What's he going to do when he gets the virus off? Go through life without a hosts file? Who needs windows update anyways right? He's too far gone. What are you going to do, analyze all his processes one by one? Ask for a readout of his services to make sure their running properly, from Australia?

But suit yourself.

Relax Killjoy - its easy to fix any re-directions and reset the hosts file using the Microsoft FixIt tool, if its even required....even from Australia.

You haven't read through the entire thread, perhaps you should.

A reinstall seems to be the preferred option, so over to you.

Regards,
Golden

 

[executiV]

I am still attempting to download Rkill, something on the "clean" computer stops the download process though. Should I turn off Windows firewall?

EDIT: I just checked and the good computer uses Windows XP and not Windows 7

 

[Corrine]

I am still attempting to download Rkill, something on the "clean" computer stops the download process though. Should I turn off Windows firewall?

EDIT: I just checked and the good computer uses Windows XP and not Windows 7

Hi, executiV.

The Privacy Protection rogue often comes bundled with the TDSS rootkit infection. As a result, if you are going to attempt to clean your computer, I suggest the first step be TDSSKiller:

Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista - W7 users: Right-click and select "Run As Administrator".
  If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
  If you don't see file extensions, please see: How to change the file extension.
• Click the Start Scan button. Do not use the computer during the scan!
• If the scan completes with nothing found, click Close to exit.
• If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
  • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
• A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C.
• Copy and paste the contents of that file in your next reply.

As to RKill, it doesn't make a difference that the clean computer is running Windows XP. Try this direct download link for the eXplore.exe named version of RKill eXplorer.

• Save rkill either directly to the USB stick or to your XP machine and transfer to the USB stick. Then transfer it to the desktop of the infected computer.
• Double-click rkill to run.
• A command window will open then disappear upon completion, this is normal.
• Please leave rkill on the Desktop until otherwise advised.
• Do NOT restart your computer after running rkill as the malware program(s) will start again.

Note: If you you receive security warnings about rkill, please ignore and allow the download to continue.

If you haven't yet, you need to follow the same procedure MBAM.

 

[executiV]

Thanks Corrine,

I have been working on it, all I have that seemed to complete was the rKill, here is what showed up after that:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 12/10/2011 at 23:20:15.
Operating System: Windows (TM) Vista Ultimate

Processes terminated by Rkill or while it was running:
F:\malwarebytes\kap.2
C:\Users\2~1\AppData\Local\Temp\2375665\5742018.exe

Rkill completed on 12/10/2011 at 23:20:18.

The Kaspersky scan didn't come up with anything, on the malwarebytes it said 2700 or so threats found, I didn't purchase it to clean the unit, though.

I also attempted a system restore after finally getting the unit to start in Safe Mode, I'm not sure if it is clean yet though.

 

[Golden]

Hi,

2,700 infections! You better post the log file here so we can see what is lurking on your system...

You don't need to purchase Malwarebytes in order to get it to clean your system. Use it to clean whatever it can after posting the logfile here. Follow Corinne's suggestions about TDSSKiller and then post back here.

Regards,
Golden

 

[executiV]

I attached the screen I have after running Windows Defender. The malware appears to still be in the system because the time/Date displayed in theDefender screen I attached was when the issue occured. Notce it says 'Action Taken: Permit' this leads em to believe the Privacy Protection malware is still in my computer

Still working on the other anti-malware programs etc.

EDIT: I'm attaching the window I see after using the tdsskiller link from post #56

Also I'm attaching the screen I thought said I have 2700 infections, it is the ARO 2011 screnshot

 

[Golden]

Hold on a second - Malwarebytes is NOT Aro2011! Aro2011 is a registry cleaner - forget Aro2011 alltogether, just steer clear of that. Registry cleaners, with the exception of one or two cause more problems than they claim to fix.

Run a full scan with Malwarebytes, then post that log.

Regards,
Golden