Virus and orther security threats

I was trying to help one of my friendes with cleaning a malware called Security Tool . I ended with reinstalling the OS for him.
I followed this solution in security mode and user mode. http://www.2-spyware.com/remove-security-tool.html
(I found the process with another noumber and was able to kill the process)
I tryed to edit registry entry too.

Tryes Windows defender (refused to start)
Tryed with Malwarebytes (full vertion). Malwarebytes refused to start.
My friend had a full vertion of McAfee Internet Security while the maleware infected him

My questinos are:
1. Why the Windows defender & Malwarebytes refused to start?
2. What could be the reson for McAfee was faild to deteced the malware?
3. Is the reinstallation of OS was the only way to clean these kind of malwares? If not, what are the options?


Thanks

Adsayaa
AdsayaaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

corvus187Commented:
To answer your questinos:
1. They are stubborn and don't like to do what they're told.
2. Because it's McAfee.
Ok seriously, the real reason is so unimaginative that I can barely type it without staying awake. Suffice to say the malware has some countermeasure for dealing with programs capable of terminating it.
3. A Virus (or whatever) scanner is only as good as its definitions so even if a computer came up clean, you can never really be 100% sure. Well maybe some of you can. If the computer is used for critical jobs or personal banking and whatnot I would never fully trust it again. Not only would I reinstall I would wipe that hard drive, 10 passes just to make sure and use a trusted image, not some crap you downloaded because you are cheap.
0
edbedbCommented:
On that type of malware I usually start Task Manager before the malware starts then kill it. After that just run a scan with updated MalwareBytes. It can even be done by remote desktop connection.
0
nole172Commented:
you can also boot into safe mode and run malwarebytes in safe mode.  Keep a copy of malwarebytes on a USB thumb drive for this.  Be sure to update the malwarebytes definitions before scanning, though.  New trojans and spyware are popping up fast.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Discover the Answer to Productive IT

Discover app within WatchGuard's Wi-Fi Cloud helps you optimize W-Fi user experience with the most complete set of visibility, troubleshooting, and network health features. Quickly pinpointing network problems will lead to more happy users and most importantly, productive IT.

rpggamergirlCommented:
1. Why the Windows defender & Malwarebytes refused to start?
These rogue family of antivirus usually has a random number process that stops most programs from running. If that process is stopped programs will then work. Sometimes it also comes with other nasties that target a particular security programs and renaming them to something else often works.

If .exes won't run in an infected system:
http://www.experts-exchange.com/articles/Software/Internet_Email/Anti-Virus/CAN%27T-RUN-EXES-IN-AN-INFECTED-SYSTEM.html 

2. What could be the reson for McAfee was faild to deteced the malware?
That's not surprising.... most resident antivirus can't detect these rogues... usually only anti-malware scanners can, e.g MalwareBytes etc.

3. Is the reinstallation of OS was the only way to clean these kind of malwares? If not, what are the options?
No, certainly not the only way. There are other ways, like running a tool that finds and stops the rogue process so scanners can then run.... tool that resets back to defaults those disabled utilities .e.g disabled regedit, disabled task manager etc.
You can then able to run tools like MalwareBytes, ComboFix etc to remove the infection fully.
0
Thomas Zucker-ScharffSolution GuideCommented:
It looks like your questions have been answered, but let me reiterate the answer to your second question: because it's McAfee!  
0
c_a_n_o_nCommented:
If your system is/was infected with a pest, malware, trojan, or virus your system will behave unexpectedly.  The best method to attempt resolution is to completely rule out the operating system by bypassing it.  To do so, you will need a rescue CD.  There are several that are out there, you might be able to create one, there are instructions and sites that can assist with that.  But the easiest way is to use a product that is FREE, and I have used successfully for several of my clients and on many workstations.

BitDefender (FREE Downloadable Rescue CD).  Available Here.
http://download.bitdefender.com/rescue_cd/

Instructions on the product.
http://www.bitdefender.com/KB417-en--Using-the-BitDefender-Rescue-CD.html

Hope this helps.

PS.  This may sound like a "canned" response, it just might be.  However, it is the easiest and most effective method to resolve a situation like this.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.