How Do I Unblock Anti-Virus/Anti-Malware Programs Which Have Been Blocked By Rogue Anti-Malware?

david323
david323 used Ask the Experts™
on
I have a Malware Defense infection on my Windows XP Home computer. I am trying to install Malwarebytes to disinfect. I am also trying to download and install AVG Anti-Virus. In both cases the virus simply will not let me run these programs. I was finally able to get Process Explorer installed and running, but evidently the virus is hiding itself under a legitimate name or service. How does a virus block programs from running? I remember something about killbits. Is that how they block programs? or do they do so some other way? if I cannot stop the virus, how do I unblock the legitimate anti-virus programs in order to scan and disinfect? I am working remotely too, so I cannot separately disinfect the drive from another drive, which would probably work. Any ideas? perhaps there is a particular legitimate anit-malware program which cannot be blocked by rogue anti-malware?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Windows safe mode maybe your friend in this case.
Top Expert 2009
Commented:
Run process explorer again.
In it ,hit options and select "verify image signatures"
Then hit view,select columns and check "verified signer"
Get a screen shot of process and attach images
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

Mohammed HamadaSenior IT Consultant
Commented:
To save your self time, Try to create your own Combofix USB which is able to disinfect your system in less time, This (SARDU) software is a great one, you can update definitions to any installed antivirus each time you hook up your USB Flash Mem to your computer.

Once you download the chosen softwares, the program will turn your flash into a bootable device and you can run it as if it's Kaspersky rescue CD.
Please check this link
http://techgurulive.com/2009/09/04/how-to-integrate-multiple-antivirus-rescue-disk-into-one-single-usb-flash-drive/

Author

Commented:
I did not know about that option in Process Explorer. I will utilize that in the future. And although I did say I was not able to access the drive remotely in my question, I will still credit the tip for the Combofix USB. This seems to be the only way now to kill viruses, when the drive is not live.
Top Expert 2009

Commented:
No prob, also "Hit options again and select "difference highlight duration" and set it to nine seconds" . Sometimes is also useful :)

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial