Solved

palladium virus - how to remove it?

Posted on 2011-02-14
13
1,304 Views
Last Modified: 2013-11-22

User opened a "u have a Fedex delivery" type email and now she has this.

What to do?

They have win xp
0
Comment
Question by:fcek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 34888631

Download, install, and run
CCleaner (www.ccleaner.com)

Malwarebytes (http://www.malwarebytes.org/mbam.php)
The instructions are included right in that link.

Read my Article here:
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_1940-BASIC-MALWARE-TROUBLESHOOTING.html
0
 
LVL 9

Expert Comment

by:wellhole
ID: 34888651
I recommend running Combofix. It solves most of my malware/spyware issues in half an hour.

http://www.infospyware.net/antimalware/combofix/
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 34888664
MBAM's forum actually has a detailed guide for how to remove this:
http://www.bleepingcomputer.com/virus-removal/remove-palladium-pro
0
Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

 
LVL 38

Expert Comment

by:younghv
ID: 34888690
@fcek,
Please DO NOT follow the advice to use ComboFix.
There are some variants of malware that require its use, but "Palladium" is not one of them.

@wellhole - please do not tell our Members to use ComboFix as a first choice of malware remover. It is not always needed and you should never casually suggest it - the potential for computer system damage is far greater than with lesser tools.
0
 
LVL 38

Expert Comment

by:younghv
ID: 34888741
It should also be noted that you are better off downloading ComboFix from the site that actually has the instructions for using it:

"ComboFix" (http://www.bleepingcomputer.com/combofix/how-to-use-combofix).

0
 
LVL 23

Expert Comment

by:edbedb
ID: 34892537
Talk about overkill, I saw that palladium malware 2 days ago. It didn't even put up a fight.
0
 
LVL 38

Expert Comment

by:younghv
ID: 34892653
@edbedb,
I concur.
My phone rings off the hook when something serious comes around, but I've not not a single customer call on this one.

I am seeing in on other forums though and MBAM seems to clean it right up.

Started loading MBAM-Pro on all my customer's computers about a year ago and it has been pretty amazing as a 'preventive' application.
0
 

Expert Comment

by:Navid_rvl
ID: 34893084
If u want a simpler solution that worked for me.

Here's how

First :1.Instal trojan remover and give a scan in safe mode if virus detected shows just click ok to take action.

Download link:  http://www.simplysup.com/tremover/download.html

2. then after it worked give a full computer scan in normal mode with bit defender online scanner

http://www.bitdefender.com/scanner/online/free.html

It could solve the problem easily. If still occurs repair widows.
0
 
LVL 38

Expert Comment

by:younghv
ID: 34893307

Navid_rvl,

Having never heard of "Simply Super" software, I thought I would check out the link.

No forums, no apparent support for the product, and no evaluation from any malware forum that I could find.

Do you have links to somewhere that I could learn more about it?
0
 
LVL 2

Expert Comment

by:Hapexamendios
ID: 34896070
Hi fcek,

I wouldn't disagree with any of the advice you've been given by esteemed experts.

However, remember to use your judgement when advised in a forum to install multiple pieces of software, there's the obvious possibility the "anti-malware" is itself a Trojan or stager for a rootkit (younghv touches on this diplomatically above). But that's not all; many anti-malware products include filter drivers which can, in certain circumstances, cause unexpected behaviour in Windows which is tricky to diagnose and resolve (other experts, this is in reference to the default value of the IRPStakcSize registry value in Windows).

Also, the type or brand name of the anti-virus product is not necessarily the determining factor in terms of which can clean what,. although it matters a great deal that any product is well-known and authentic. The entry point for this "crimeware" is, as per younghv's comments, vulnerabilities in the software on the computer, and in many circumstances your anti-virus can't constantly protect you if this hasn't been patched. Too many times this last ends up mistranslated into a p***ing contest between different security software, and one or other's perceived failure.

Rest assured that if a vulnerabillity exists on a computer, if a prospective attacker can reach it, and sometimes additionally if the user can be induced to do something they perhaps shouldn't, your anti-virus software will prove to be an irrelevant hassle to that attacker, regardless of its publisher, update status etc.

Conclusions (all obvious, but nevertheless need stating):

Always assess any software you're thinking of installing
Persuade your bosses that none of this security software will, on its own, mitigate the risk psoed by uneducated staff
Always attempt to scan an infected computer from safe, read-only media wherever possible, and ideally using a different operating system (which cannot be "hooked" by a virus designed for e.g. Windows).

I wish you luck, and if for some reason none of the advice from other experts resolves, post back and I'll take a turn :)
0
 

Author Closing Comment

by:fcek
ID: 34945644
This was perfect.
0
 

Expert Comment

by:JoeyTheGreat
ID: 35027212
just as a starter, log on and keep pushing ctrl alt delete to get into task manager before paladium can launch. next what I do, I open cmd by clicking to open program in task manager while holding the ctrl key. that opens command prompt. I then am usually set to be able to start killing the virus which can be found in task manager while deleting them from the hard drive using the command. I also use a combination of tools in cmd like tasklist taskkill etc. I then use sysinternals autoruns to get a rouh view of drivers, runs in registry,startups in start etc. Next you can use other anti malwares to finish off the unseens.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35027274
@JoeyTheGreat,

You may not have noticed that the problem was solved and the question already closed.

As a general rule, I find it much better to use automated tools for these functions - especially when they are well-documented and even have pictures to help those of us who need them
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you thought ransomware was bad, think again! Doxware has the potential to be even more damaging.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question