Malware removal

[Martin ©¿©¬]

Hi
I downloaded a regcure program from a torrent site & my AV told me
there was a virus in it, so I stopped running it & removed the program

However, it was too late - I got malware
Installing MalwareBytes' Antimalware (MBAM) from
http://www.malwarebytes.org. got it sorted
The program is free.
(There is a paid version
but you don't need to buy it to remove malware.)

 

[FredW]

Hi
I downloaded a regcure program from a torrent site & my AV told me
there was a virus in it, so I stopped running it & removed the program

regcure is a register "cleaner".
- Why I don’t use registry cleaners
http://www.edbott.com/weblog/archives/000643.html
- Do I need a Registry Cleaner?
http://www.whatthetech.com/2007/11/25/do-i-need-a-registry-cleaner/

However, it was too late - I got malware
Installing MalwareBytes' Antimalware (MBAM) from
http://www.malwarebytes.org. got it sorted

http://www.malwarebytes.org/mbam.php

 

[Beauregard T. Shagnasty]

I downloaded a regcure program from a torrent site & my AV told me
there was a virus in it, ...

How about you post what the name of the program is, and other details,
so others may avoid it?

 

[Slarty]

Hi
I downloaded a regcure program from a torrent site & my AV told me
there was a virus in it, so I stopped running it & removed the program

However, it was too late - I got malware
Installing MalwareBytes' Antimalware (MBAM) from
http://www.malwarebytes.org. got it sorted
The program is free.
(There is a paid version
but you don't need to buy it to remove malware.)

A pointless report, since you don't mention what was caught and removed.

 

[Rube Bumpkin]

Hi
I downloaded a regcure program from a torrent site & my AV told me
there was a virus in it, so I stopped running it & removed the program

However, it was too late - I got malware
Installing MalwareBytes' Antimalware (MBAM) from
http://www.malwarebytes.org. got it sorted
The program is free.
(There is a paid version
but you don't need to buy it to remove malware.)

This confirms all of my bad feelings about torrent sites, and the folks
that use them. You can't trust one and the other doesn't give you enough
information to be useful.

RB

 

[Martin ©¿©¬]

A pointless report, since you don't mention what was caught and removed.

I don't know what was caught & removed
All I know is that I kept getting nag screens with a message saying
that c\:windows\system32\iifcYSMG.dll was missing & then
c\:windows\system32\lljjyOIGH.dll was missing too

I posted my problem on a Vista newsgroup & got this reply
..................................
A Google search for "iifcYSMG.dll" brought up nothing. When you don't
get any hits for a file name on Google, chances are high that it is a
malware file. Either you uninstalled the malware program or your
antivirus/antispyware program did. In any case, a reference was left
to the file in Startup. You can remove the reference by managing your
Startup.

Because you had one piece of malware, the chances are also high that
you had others. It would be a good idea to scan. I recommend
downloading and installing MalwareBytes' Antimalware (MBAM) from
http://www.malwarebytes.org. The program is free. (There is a paid
version but you don't need to buy it to remove malware.)

Manage Startup:

Start Orb>Search box>type: msconfig and when it appears in the Results
box above, right-click and choose "Run as Administrator".

If you are prompted for an administrator password or for a
confirmation, type the password, or click Continue. Then see what is
on the Startup tab. You don't need to restart immediately, but the
next time you do you'll get a dialog saying you've used the Utility.
Usually in Vista this will be blocked by Windows Defender and you'll
need to allow it so you can then tick the box that says in effect,
"don't bother me about this again".

The free Autoruns program is very useful for managing your Startup -
http://www.microsoft.com/technet/sysinternals/default.mspx - Autoruns

Malke
--
MS-MVP
..........................................................................................................
Seeing as how it worked for me I thought MalwareBytes could help
others who like me aren't that techie, but when they find a solution
to a problem like to share their good fortune with others

 

[Buffalo]

Martin ©¿©¬ @nohere.net wrote:

[snip]

Seeing as how it worked for me I thought MalwareBytes could help
others who like me aren't that techie, but when they find a solution
to a problem like to share their good fortune with others

So true. Another program (free) you should try is SuperAntiSpyware (SAS). If
you use MBAM and SAS to scan separately, you are pretty well scanned and
cleaned. SAS sometimes works best in Safe Mode while MBAM works best in
Normal Mode.
Try SAS in normal mode and if it finds something that it cannot remove, then
try it in Safe Mode.
Remember, before running either program, update its definitions.
It also usually helps to clear out your Recycled Bin and temp files,
including your Temporary Interner Files (TIF) before checking for malware.
Happy New Year to you.
Buffalo

 

[Bugsy]

Buffalo wrote:

How and/or why did you choose that nym? My curiosity bump got all rqaised
up for some reason.

Bugsy

(Before/if you should ask, m9ne is related to a family group.<g>)

 

[Buffalo]

Buffalo wrote:

How and/or why did you choose that nym? My curiosity bump got all
rqaised up for some reason.

Bugsy

(Before/if you should ask, m9ne is related to a family group.<g>)

Sorry, that is a secret that no one else knows.

 

[Buffalo]

And those that do know won't tell....

Unfortunately that is not quite correct. All those that 'knew' are now
deceased.
No, I had nothing to do with it!!!