Privacy center malware

[young_one]

so i have a laptop that was completely infected by Privacy Center, meaning
that the only screen i could get to was the privacy center one, where you
either bought the so called program or you did nothing. I was able to use my
internet browser to run system restore to get my system out of the privacy
center lockout but now i have no internet access, cant run regedit or
taskmgr. The only removal tool that i am able to install and run is
malwarebytes anti malware which detects 5 registry entries as threats but
cannot be deleted. i was able to use reganalyzer to view my registry with it
but as soon as i erase the key that has "disableregistrytools" it comes right
back. i used GPedit.msc to rotate the tools by disable and enable and can get
it to work for just a second and then it goes back to being disabled. I
installed a Processes Explorer but wasn't able to find any of the known
Privacy Center related porcesses. i'm really not that computer literate, i've
gotten this far because i'm good at following instructions. Anyone have any
ideas as what to do? or what else could be causing this?

 

[PA Bear [MS MVP]]

Microsoft Malware Protection Center : Microsoft privacy portal a target of
rogue security software:
http://blogs.technet.com/mmpc/archi...line-a-target-of-rogue-security-software.aspx

NB: If you had no anti-virus application installed or the subscription had
expired *when the machine first got infected* and/or your subscription has
since expired and/or the machine's not been kept fully-patched at Windows
Update, don't waste your time with any of the below: Format & reinstall
Windows. A Repair Install will NOT help nor will installing Microsoft
Security Essentials, despite what the author of the above may imply)!

Microsoft PCSafety provides home users (only) with no-charge support in
dealing with malware infections such as viruses, spyware (including unwanted
software), and adware.
https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

Also available via...

Consumer Security Support home page
https://consumersecuritysupport.microsoft.com/

Otherwise...

1. See if you can download/run the MSRT manually:
http://www.microsoft.com/security/malwareremove/default.mspx

NB: Run the FULL scan, not the QUICK scan! You may need to download the
MSRT on a non-infected machine, then transfer MRT.EXE to the infected
machine and rename it to SCAN.EXE before running it.

2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
in Safe Mode with Networking, if need be:
http://onecare.live.com/site/en-us/center/howsafe.htm

2b. Vista or Win7=> Run this scan instead:
http://onecare.live.com/site/en-us/center/whatsnew.htm

3. Now run a thorough check for hijackware, including posting requested logs
in an appropriate forum, not here.

Checking for/Help with Hijackware:
• http://mvps.org/winhelp2002/unwanted.htm
• http://inetexplorer.mvps.org/tshoot.html
• http://www.mvps.org/sramesh2k/Malware_Defence.htm
• http://www.elephantboycomputers.com/page2.html#Removing_Malware

**Chances are you will need to seek expert assistance in
http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
http://www.spywarewarrior.com/viewforum.php?f=5,
http://www.dslreports.com/forum/cleanup,
http://www.bluetack.co.uk/forums/index.php,
http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

If these procedures look too complex - and there is no shame in admitting
this isn't your cup of tea - take the machine to a local, reputable and
independent (i.e., not BigBoxStoreUSA) computer repair shop.

 

[Daave]

so i have a laptop that was completely infected by Privacy Center,
meaning that the only screen i could get to was the privacy center
one, where you either bought the so called program or you did
nothing. I was able to use my internet browser to run system restore
to get my system out of the privacy center lockout but now i have no
internet access, cant run regedit or taskmgr. The only removal tool
that i am able to install and run is malwarebytes anti malware which
detects 5 registry entries as threats but cannot be deleted. i was
able to use reganalyzer to view my registry with it but as soon as i
erase the key that has "disableregistrytools" it comes right back. i
used GPedit.msc to rotate the tools by disable and enable and can get
it to work for just a second and then it goes back to being disabled.
I installed a Processes Explorer but wasn't able to find any of the
known Privacy Center related porcesses. i'm really not that computer
literate, i've gotten this far because i'm good at following
instructions. Anyone have any ideas as what to do? or what else could
be causing this?

The first thing I would try is use another PC to download the *free*
MBAM installation file:

http://www.malwarebytes.org/mbam.php

It might be helpful to rename the executable. That is, change it from
mbam-setup.exe to something like byebye.exe .

Copy it to a flash drive and then copy it again to your laptop. Install
the program and run it. You might need to do it first in Safe Mode then
a second time in normal mode.

More info:

http://www.bleepingcomputer.com/virus-removal/remove-privacy-center

If no joy, you could try the info in PA Bear's informative post,
including installing and running HijackThis and posting the log to an
appropriate forum for expert assistance. Then again, you might find that
a Clean Install would be a better use of your time (especially since the
Clean Install is the only way to be guaranteed 100% that your system
will be malware-free).

 

[Elmo]

So I have a laptop that was completely infected by Privacy Center, meaning
that the only screen I could get to was the privacy center one, where you
either bought the so-called program or you did nothing. I was able to use my
internet browser to run system restore to get my system out of the privacy
center lockout, but now I have no internet access, can't run regedit or
taskmgr. The only removal tool that I am able to install and run is
malwarebytes anti malware which detects 5 registry entries as threats but
cannot delete. I was able to use reganalyzer to view my registry with it,
but as soon as I erase the key that has "disableregistrytools", it comes right
back. I used GPedit.msc to rotate the tools by disable and enable, andcan get
it to work for just a second, and then it goes back to being disabled. I
installed Processes Explorer but wasn't able to find any of the known
Privacy Center related processes. I'm really not that computer literate; I've
gotten this far because I'm good at following instructions. Anyone have any
ideas as what to do, or what else could be causing this?

Burn BitDefender, or another program listed at the link below, to a CD
(using a working machine) and test the infected machine with it.
BitDefender also has a Rootkit checker on the Linux Desktop; run it if
you think that's the problem:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/

Download the executable rather than the .iso image, if one is available,
(though no .exe is available for BitDefender).

After the scan is run, if you elect to quarantine files, they're
quarantined to RAM and lost after you reboot. You'll need to copy any
quarantined files to the hard drive, a thumb drive or elsewhere before
exiting.

Then run these:

Malwarebytes© Corporation
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

SuperAntispyware
http://www.superantispyware.com/superantispywarefreevspro.html

 

[Toni]

so i have a laptop that was completely infected by Privacy Center, meaning
that the only screen i could get to was the privacy center one, where you
either bought the so called program or you did nothing. I was able to use my
internet browser to run system restore to get my system out of the privacy
center lockout but now i have no internet access, cant run regedit or
taskmgr. The only removal tool that i am able to install and run is
malwarebytes anti malware which detects 5 registry entries as threats but
cannot be deleted. i was able to use reganalyzer to view my registry with it
but as soon as i erase the key that has "disableregistrytools" it comes right
back. i used GPedit.msc to rotate the tools by disable and enable and can get
it to work for just a second and then it goes back to being disabled. I
installed a Processes Explorer but wasn't able to find any of the known
Privacy Center related porcesses. i'm really not that computer literate, i've
gotten this far because i'm good at following instructions. Anyone have any
ideas as what to do? or what else could be causing this?

The malware Privacy Center messes with the permissions with your registry. You need to
reset your registry permissions. Google "reset registry permissions" to find out how.