Windows 10: Even Malwarebytes couldn't handle this problem

  1.    16 Aug 2015 #1

    Even Malwarebytes couldn't handle this problem


    Hi there

    I was trying to fix a kid's computer that was so ridden with malware that only a total HDD WIPE (ALL HDD's not just the OS HDD) and fresh install would clean it --Malwarebytes found something like 240 warnings etc - but couldn't cleanse the computer even though it said all threats had been removed.

    Kid had tried to install some Dinosaur Theme from Softonic or somewhere like that - I don't know where it came from.

    However even after an attempt at cleansing IE11 kept popping up zillions of ads -- same with EDGE as well so goodness knows what the malware was doing. It also kept throwing up every so often that well known SCAM -- your computer is infected with Malware -- Phone XXX to fix it.

    Whatever it was - I've NEVER seens a computer so badly infected --even after anti spyware and malware "cleansing" the popups still kept coming back together with the message requesting to ring a number to "cleanse the malware".

    Disabling every possible setting in IE and EDGE didn't make any difference. This computer was so bad it made that old legendry piece of Malware called Bubbledock (you might have previously heard of) seem almost like a BENIGN program. !!!

    Formatting the OS HDD and re-installing clean the OS DID NOT fix the problem as the infection obviously transmitted itself from another HDD.

    Only CLEANING and entirely re-formatting ALL the HDD's and re--installing the OS worked.

    So don't always rely on Malwarebytes (or any other piece of AV software) to protect 100% of the time.

    Beware if you have kids who like Dinosaurs - watch what they download from the net.

    I think all these AV companies should employ some of these kids in their labs -- I've never seen a piece of malware so bad and resistant to removal as that one !!!!! and I still haven't any idea where it came from. !!!!

    Cheers
    jimbo
      My ComputerSystem Spec

  2.    16 Aug 2015 #2

    depending on the age of the kid

    I wonder if they teach things like this is school, be careful with downloading apps from internet, don't click random links etc

    Even after mentioning to people when installing software to read each screen carefully to avoid getting all the extra spam apps, they still just click Next, Next without reading whats on the screen
      My ComputerSystem Spec

  3.    16 Aug 2015 #3

    I've heard of this before on one of my magazines, try disabling the Internet connection, it's a well known scam to try and. Get money. Of you by phoning a number to unblock the malware - don't phone that number they will ask for you credit card details and then take a big amount of money and clean your PC, it's called Ransomware.
      My ComputerSystem Spec

  4.    16 Aug 2015 #4

    There are certain rootkits that are impossible to detect from within the OS itself. They're embedded at such a low level, and they hook into the API's of the OS and remove themselves from things like Process listings, file listings, etc... And yes, once you get something like this, the only way to deal with it is a complete reinstall.
      My ComputerSystem Spec

  5.    16 Aug 2015 #5

    Mystere said: View Post
    There are certain rootkits that are impossible to detect from within the OS itself. They're embedded at such a low level, and they hook into the API's of the OS and remove themselves from things like Process listings, file listings, etc... And yes, once you get something like this, the only way to deal with it is a complete reinstall.
    Hi there

    and as well as a complete re-install don't forget to FORMAT ALL HDD's that are connected to that system as well !!!! Thank goodness I hadn't connected that PC even to my LAN but kept it totally isolated.

    BTW to all people running VM's -- it's also possible to get CROSS CONTAMINATION from the VM to HOST if you SHARE HDD's so be careful even when running VM's. (Works the other way around as well !!!)

    Cheers
    jimbo
      My ComputerSystem Spec

  6.    17 Aug 2015 #6

    Malwarebytes is not the be-all virus killer. I use many programs to fix infected computers. tdsskiller works for root kits, SuperAntispyware will find many issues Malwarebytes can't. IOBitUninstaller helps getting leftovers that Windows uninstaller doesn't get.

    Sounds like you had your hands full. I find it entertaining trying to heal someones else's computer, not nearly as fun when it happens to me. lol
      My ComputerSystem Spec

  7.    18 Aug 2015 #7

    Brian Berg said: View Post
    Malwarebytes is not the be-all virus killer. I use many programs to fix infected computers. tdsskiller works for root kits, SuperAntispyware will find many issues Malwarebytes can't. IOBitUninstaller helps getting leftovers that Windows uninstaller doesn't get.

    Sounds like you had your hands full. I find it entertaining trying to heal someones else's computer, not nearly as fun when it happens to me. lol
    Hi there

    I mention malwarebytes in particular as so many on this Forum seem to think that it's a 100% cure all for any malware. There may well be decent Enterprise versions of AV software that can deal with this stuff - but most consumer grade programs I wouldn't trust with the latest deep seated batch of infections.

    I still think that if a computer is as deeply infected as that one I was dealing with it the only 100% guaranteed solution is a 100% Clean re-install.

    Some people might consider this over the top but I also re-formatted the HDD's with a DESTRUCTIVE erase -- writing x'00 To every sector on the HDD's too.

    At least while that job was running (5 hrs to clean 3 X HDD's) I could go down to the pub for a few glasses of Beer.

    Cheers
    jimbo
      My ComputerSystem Spec

  8.    18 Aug 2015 #8

    jimbo45 said: View Post
    Hi there

    I mention malwarebytes in particular as so many on this Forum seem to think that it's a 100% cure all for any malware.

    Cheers
    jimbo
    Ahh, gothca.
      My ComputerSystem Spec

  9.    18 Aug 2015 #9

    Brian Berg said: View Post
    Ahh, gothca.
    Hi there

    Looking at your Sig -- I think even the H.Ghost (or H.Spirit) himself couldn't have suggested an easier solution !!!!!

    I'm still curious to find where this stuff came from -- I think I've narrowed it down a bit. Would be a great TEST BED for AV testing.

    I think you can understand why I didn't take an image of that machine BEFORE cleansing it -- even with a Stand alone bootable USB stick for the backup program. !!!!!!!!

    Would have been a great Test bed though !!!!!.

    Cheers
    jimbo
      My ComputerSystem Spec


  10. Posts : 615
    Windows 10 Enterprise x64 (build 10586)
       30 Aug 2015 #10

    HerdProtect would've been bound to find whatever was causing that. It also has a feature in the settings that reset all internet settings to their defaults. That's would've been worth a shot. Did you check the add-ons/extensions? Dr. Web CureIt! is also good, but you are obligated to upload suspicious files if you use the free version.
      My ComputerSystem Spec


 

Related Threads
Solved the handle is invalid HELP! in User Accounts and Family Safety
Hey guys, So i just started up my laptop and i tried logging in but it won't let me. I type in my password perfectly, but it keeps giving the handle is invalid message. What is this. So basicly i can't get into my computer. Can't pass the login...
Solved the handle is invalid HELP! in General Support
Hey guys, So i just started up my laptop and i tried logging in but it won't let me. I type in my password perfectly, but it keeps giving the handle is invalid message. What is this. So basicly i can't get into my computer. Can't pass the login...
Do I need windows defender on if I have malwarebytes installed? in AntiVirus, Firewalls and System Security
ty in advance
I noticed problems with my build 10074 install (upgraded from 8.1 - not a clean install) and found that it was getting progressively worse (mostly internet problems). I also noted that MBAE had started posting a notice that it was protecting...

Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 02:03.
Find Us