	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

7.6

WICKED VIRUS - relative of AntiVirus 2009 malware.

Asked by xuserx2000 in Anti-Virus

This one is wicked bad....

Obviously if you view my profile i'm not a noob here.... so please understand that this is no ordinary virus...the kind i've removed many times for others.

It all started when my wife downloaded Shareaza. AHHHH ! told her not to do that...but whatever... She hit a referral site that was malicious and used the zlob trojan method to infect my machine through the browser. IE 8 !! (real secure thanks ms)

Immediately after installing it, the desktop background changed, "WARNING YOUR COMPUTE IS INFECTED ...blah blah... the usual popups trying to sell you FAKE anti virus 2009...which i've seen before. SpyBot was disabled, Group policy was applied to prevent making changes to my profile, accessing regedit, viewing or changing folder options, and the control panel was inaccessible.

What make this one bad.... is that it has successfully disabled EVERY antivirus and EVERY anti-Malware program i've installed in an attempt to remove it. (Panda, AVG, SpyBot, McAfee, Norton, AntiVir, Trend Micro, Windows OneCare, and EVEN THE STANDALONE ANTIVIRUS REMOVERS !)

I can successfully install any one of these in safe mode...(after I fixed the damage to the registry that prevented launching executeables)...... . and when any of them try to do a scan, as soon as it "touches" a virus file or attempts to clean it, the virus sees this and is able to identify the process that is scanning it, then it shuts the process down, "TAKES OWNERSHIP" of the scanner executeable, removes my permissions no matter what user account I use, and marks it's program folder read only !

I was able to remove a small portion of this virus "Package".... however when I did this...the viruses are apparently designed to detect attempts to remove it, and it shuts the machine down instantly if a file does happen to be removed. Restarting normally it will restore the entire infection back before you even get to logon..

I'm at a loss on this one.....
After the virus steals the permissions... I am unable to take ownership back.

I've tried disabling the adminstrator account, and instead used a new account in safe mode...
NOTHING WORKS !....

Ideas ???

Get your answer NOW

Related Solutions

Keywords: WICKED VIRUS - relative of AntiVirus …

	Title
1	Registry errors: Primary references li…

Loading Advertisement...

20091111-EE-VQP-89 - Hierarchy / EE_QW_3_20080625

Hall of Fame

1. rpggamer...264,501
2. warturtle159,232
3. xmachine121,568
4. Admin3k95,624
5. David-Ho...76,727
6. johnb676736,082
7. optoma34,538
8. Computer...32,298
9. greyknigh...32,017
10. moh10ly28,014
11. surfer2423,430
12. JeremySB...19,636
13. MikeHolcomb19,486
14. legalsrl17,600
15. Jonvee17,494
16. IndiGenus16,830
17. ljones_cna16,825
18. dstewartjr14,680
19. jhyiesla14,398
20. NaturaTek13,331
21. torimar12,825
22. LeeTutor11,684
23. bRvO11,500
24. younghv11,462
25. thinkpads...11,310

1. rpggamer...732,346
2. IndiGenus287,259
3. warturtle159,232
4. Admin3k151,164
5. younghv126,007
6. xmachine122,968
7. David-Ho...102,152
8. phototropic85,780
9. moh10ly77,373
10. johnb676772,495
11. r-k71,908
12. Sheharya...49,873
13. legalsrl41,275
14. war138,050
15. optoma34,538
16. greyknigh...33,742
17. orangutang32,309
18. Computer...32,298
19. briancassin30,806
20. jimmymcp0229,920
21. rindi26,614
22. michko26,180
23. Tolomir25,100
24. jhyiesla25,098
25. surfer2423,430

WICKED VIRUS - relative of AntiVirus 2009 malware.

Asked by xuserx2000 in Anti-Virus

About this solution