Virus and orther security threats

I was trying to help one of my friendes with cleaning a malware called Security Tool . I ended with reinstalling the OS for him.
I followed this solution in security mode and user mode.
(I found the process with another noumber and was able to kill the process)
I tryed to edit registry entry too.

Tryes Windows defender (refused to start)
Tryed with Malwarebytes (full vertion). Malwarebytes refused to start.
My friend had a full vertion of McAfee Internet Security while the maleware infected him

My questinos are:
1. Why the Windows defender & Malwarebytes refused to start?
2. What could be the reson for McAfee was faild to deteced the malware?
3. Is the reinstallation of OS was the only way to clean these kind of malwares? If not, what are the options?


Who is Participating?
you can also boot into safe mode and run malwarebytes in safe mode.  Keep a copy of malwarebytes on a USB thumb drive for this.  Be sure to update the malwarebytes definitions before scanning, though.  New trojans and spyware are popping up fast.
To answer your questinos:
1. They are stubborn and don't like to do what they're told.
2. Because it's McAfee.
Ok seriously, the real reason is so unimaginative that I can barely type it without staying awake. Suffice to say the malware has some countermeasure for dealing with programs capable of terminating it.
3. A Virus (or whatever) scanner is only as good as its definitions so even if a computer came up clean, you can never really be 100% sure. Well maybe some of you can. If the computer is used for critical jobs or personal banking and whatnot I would never fully trust it again. Not only would I reinstall I would wipe that hard drive, 10 passes just to make sure and use a trusted image, not some crap you downloaded because you are cheap.
On that type of malware I usually start Task Manager before the malware starts then kill it. After that just run a scan with updated MalwareBytes. It can even be done by remote desktop connection.
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

1. Why the Windows defender & Malwarebytes refused to start?
These rogue family of antivirus usually has a random number process that stops most programs from running. If that process is stopped programs will then work. Sometimes it also comes with other nasties that target a particular security programs and renaming them to something else often works.

If .exes won't run in an infected system: 

2. What could be the reson for McAfee was faild to deteced the malware?
That's not surprising.... most resident antivirus can't detect these rogues... usually only anti-malware scanners can, e.g MalwareBytes etc.

3. Is the reinstallation of OS was the only way to clean these kind of malwares? If not, what are the options?
No, certainly not the only way. There are other ways, like running a tool that finds and stops the rogue process so scanners can then run.... tool that resets back to defaults those disabled utilities .e.g disabled regedit, disabled task manager etc.
You can then able to run tools like MalwareBytes, ComboFix etc to remove the infection fully.
Thomas Zucker-ScharffSolution GuideCommented:
It looks like your questions have been answered, but let me reiterate the answer to your second question: because it's McAfee!  
If your system is/was infected with a pest, malware, trojan, or virus your system will behave unexpectedly.  The best method to attempt resolution is to completely rule out the operating system by bypassing it.  To do so, you will need a rescue CD.  There are several that are out there, you might be able to create one, there are instructions and sites that can assist with that.  But the easiest way is to use a product that is FREE, and I have used successfully for several of my clients and on many workstations.

BitDefender (FREE Downloadable Rescue CD).  Available Here.

Instructions on the product.

Hope this helps.

PS.  This may sound like a "canned" response, it just might be.  However, it is the easiest and most effective method to resolve a situation like this.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.