Spyware Guard 2008 Malware. Tried a lot of things already.

[Tails Clock]

I use Windows XP service pack 3. I am stuck in Safe Mode with networking as normal mode gives me a BSOD. I had no anti-virus software at all.
I've downloaded Malwarebytes' Anti-Malware and installed it using the renaming method, but even when using that method I cannot run it. I've also been blocked from many many websites where you can download anti-malware programs. I got a friend to download and send me them though, but niether will install. They are Super Anti Spyware Pro and Adaware.
I can't run or install any of them. I've deleted the malware several times, every single file for it or that it has made and it just came back.
I used xblock.com/download/xclean_micro.exe and found and removed CnsMin and H'tKeysH@@k. I was then told to use majorgeeks.com/Malware_Removal_Tool_d4632.html but that website is blocked for me. Also I have no system recovery points.

 

[Kazi]

First RENAME your MBAM.exe and then run it again and see if it will load

quick scan

then update

then full

If this does not work, only real method left is format
as this virus is brutal

If you format
do this


INSTALL ANTIVIRUS SOFTWARE
INSTALL FIREWALL

 

[Tails Clock]

I didn't write it very well but I meant to say that I had tried that already too.
I really can't beleive a single file can defeat every program ever made to beat it.
I wish I could at least remember the name of the site it came from.
Thanks for all your help.

GUESS WHAT GUYS. MALWAREBYTES IS WORKING NOW.
I just did a quickscan and got rid of 12 or so things, they look a lot like ones I'd deleted before manually. I did not restart it afterwords like it said as I don't want to risk not being able to use it again. But I can't get it to update for some reason. It says my firewalls might be blocking it but normaly a message comes up asking me if I want to disable the program or not and one has not come up so I doubt it's my firewall. Maybe the malware is stopping it from updating? Any suggestions?

PS: For those who want to know how I got the program to finaly work, I just prayed hard, really. (To Satan, he's way nicer than god)

 

[mflynn]

OK!

Do this: https://www.techspot.com/vb/topic118177.html

Come back here and post results.

Mike

 

[Tails Clock]

Did what it said and now I CAN'T RUN AYTHING AT ALL. It asks me what I want to open it with instead... Now that I closed Malware Bytes I can't open it back up again...
I restarted because the malware bytes thing said to and also to try and get programs running again...to no avail.

This has messed my computer up, and a restart didn't fix it. how do I undo what this has done? I keep being asked what program to open .EXE's with.

EDIT: Oh right, PM the errors. sorry.

EDIT2: Couldn't send one even if I wanted to because the site has some silly restrictions.

 

[kimsland]

the site has some silly restrictions.

You may be confused
All support is freely provided on the forum
There is no need to PM or try to gain extra posts to PM

 

[Tails Clock]

ATTENTION all Malware pros it is hard to test this so if you see any errors or additions or improvements to the below please PM me and I will correct or add.

I'm more of an ***** for not reading the part where it said "Malware pros".
I guess I didn't really do anything wrong. But I'm still messed up thanks to that code which has done more harm than help.

 

[kimsland]

Carry out the following procedures..

1. Click Start‚ click run. In the Run box‚ enter CMD
2. In the Command window‚ enter the following commands (in red) at the prompt.
C:> assoc .exe=exefile
C:> ftype exefile=“%1” %*

If the Command window does not pop up‚ try the following procedure.

1. At boot up‚ when the computer first starts up‚ press and hold down F8 to display the Windows Advanced Options menu‚ release F8.
2. Highlight Safe Mode and Command Prompt. Press Enter.
3. When prompted select your Operating System Enter.
4. Log on as Administrator and the Command Prompt will appear. Execute each of the two commands below.>
C:> assoc .exe=exefile
C:> ftype exefile=“%1” %*

Restart normally

 

[Tails Clock]

If I was able to open the CMD just a while ago but can't now, will I somehow be able to by restarting in that mode? The reason I cannot open it now is because it too asks me what to open it with. I fear the code mflynn gave me has destroyed my pc. I cannot use CMD or any .exe anymore.

EDIT: tried putting your code into a .cmd file but it's the same as what happens to a .exe

 

[kimsland]

If the Command window does not pop up‚ try the following procedure.

1. At boot up‚ when the computer first starts up‚ press and hold down F8 to display the Windows Advanced Options menu‚ release F8.
2. Highlight Safe Mode and Command Prompt. Press Enter.
3. When prompted select your Operating System Enter.
4. Log on as Administrator and the Command Prompt will appear. Execute each of the two commands below.>
C:>assoc .exe=exefile
C:>ftype exefile=“%1” %*

Restart normally

Please try Safe Mode Command prompt
And let me know asap
The reason why I say this, is to place warning on the other thread

 

[Tails Clock]

It did get the CMD up, but I took longer because I realised I had to write the code down on paper as Explorer.exe wouldn't run and so I couldn't view the TXT file I'd made.
Also the code you gave did not work for me, I altered it to:
C:>assoc .exe=exefile
C:>ftype exefile=“%1” %*
It then worked and now I can use things again.

(the code is different in that I removed a space)

 

[rf6647]

fixx.cmd makes it better

The following was PM'd to mflynn. I hope you can follow this.

vb8177 report of usage
I experimented using the method. I could not use 'notepad'.

• 
  Restarted > safe mode with networking > re-opened thread
• Pasted command file into command prompt window. when completed, cmd window closed
• Attempted to call out ‘notepad’
  • Attempted to call out ‘notepad’ from the ‘start menu’ > ‘most recently used task list’ > notepad > prompted me for ‘application to be used’
• Attempted this method – Same result
  • start > all programs > accessories > Notepad > prompted me for ‘application to be used’

This was successful to create a file

• Open ‘cmd prompt’ window > edit > paste text into edit window > save file

Note: cmd prompt’ window also prompted me for ‘application to be used’. Browsed …\system32\cmd.exe.


I executed 'fixx.cmd' by dragging it to the 'command prompt' window.

 

[kimsland]

@Tails Clock

Thanks I edited above
This came from me trying to be too quick!

I am concerned that there were other changes as well. ie:

bat
com
scr
reg
pif
lnk
inf
vbs

Lets prove this, by testing another one
Please run any screen saver.
Actually I'll get one...

Start->Run-> C:\WINDOWS\system32\sspipes.scr

Please report back, this should take about a minute .

 

[Tails Clock]

@Tails Clock
->Run-> C:\WINDOWS\system32\sspipes.scr

Same problem. Asks me what to open it with.

 

[kimsland]

Well that's enough proof for me !

I'll inform mflynn, to fix the issue immediately

 

[kimsland]

The following was PM'd to mflynn. I hope you can follow this.

vb8177 report of usage
...

Sorry rf6647, I'm confused what you are talking about here

I have asked mflynn (through PM) to reply here when he's back on

 

[rf6647]

Kimsland

For 1st pass execution, Paste command file contents into 'command prompt' window hobbles the infection and the computer.

For 2nd pass, Create & Execute 'fixx.cmd' which rectifies the situation.

I used 'edit' in the 'command prompt' window to create & save the file.

There was a trick to opening the 'command prompt' window. When challenge appears 'Open With', browse to 'c:\windows\system32\cmd.exe' and 'ok'.

Since this member indicates problems with 'Explorer', this makes it difficult to execute 'fixx.cmd' by dragging into the 'command prompt' window.

However, using the fully qualified path!!filename in the command prompt window should work.

 

[Tails Clock]

my net or this site are messing up, it just deleted my post. Basically I understood RF and will try that if I ever get this problem again.
I had 10 bits of malware unrelated to spyware guard 2008 that I found on my 3rd of so scan, I will scan more now.
I still cannot update malware bytes.

Some time later: It found 5 files, they mention TDSS...

 

[mflynn]

Hello Tails Clock, Rich, Kim

I apologize for all inconveniences. That is the reason I asked the Malware Pros to help watch it as it was a new attempt to help with this problem.

Issue has been corrected. It had to do with the double %%'s (now removed) these are required only when run from a Batch or CMD file as discovered by Rich.

Rich If you have Attachment space if you want to Attach to my thread the Batch/CMD file that worked I would appreciate it. As I have no more attachment space left as it is consumed by Fixit!

Mike

 

[Tails Clock]

I went to your topic and was unable to DL the attachment. Will it fix the damage done by the previous code I entered?
I also can't run .cmd files so even if I could DL it I'd still be unable to use it.
What do I need to enter into the Command prompt to go back to running all my files again?

 

[mflynn]

Yes it would!

But you do not need to download the attachment.

The Copy and paste operation, has been fixed and will now correct all. And should allow you to proceed with the cleanup.

You should do this from Safe Mode Networking and go straight to MBAM and SAS before the Malware gains control again.

But then get back and post all remaining issues we need to handle.

Mike

 

[Tails Clock]

I ran the fix thingy in my CMD and all seems good and fine, except that I can't tell what it did. MalwareBytes still wont update and I still can't run it using it's proper name.
Is there something else I'm meant to be doing after running your fix? Is the fix even meant to allow me to update Malware Bytes?
Maybe it has something to do with me net. Ever since I got the malware my net has been pretty bad and disconnecting a bit, but that should still let me update the program. Also I recently got the full version of Malware Bytes but I STILL can't update it or enable it's protection feature.

 

[kimsland]

Special case where after installing MBAM and SAS they will not update or run
Read here: https://www.techspot.com/vb/topic116603.html

Failing that, try here: https://www.techspot.com/vb/post684649-3.html

Then continue: UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

 

[Tails Clock]

I quick scanned after I used the fix and this is my log.
I have not tried those two links you gave about getting rid of TDSS yet but am going to do that now.

 

[kimsland]

Thanks
Due to finding and removing Malwares :grinthumb
You will need to update Malwarebytes again, and then run another full scan
Irritating I know, but Malware can hide other malware, and therefore multiple scans required (before restarting and running HJT, a few hours from now )