Solved

palladium virus - how to remove it?

Posted on 2011-02-14
13
1,293 Views
Last Modified: 2013-11-22

User opened a "u have a Fedex delivery" type email and now she has this.

What to do?

They have win xp
0
Comment
Question by:fcek
13 Comments
 
LVL 38

Expert Comment

by:younghv
ID: 34888631

Download, install, and run
CCleaner (www.ccleaner.com)

Malwarebytes (http://www.malwarebytes.org/mbam.php)
The instructions are included right in that link.

Read my Article here:
http://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_1940-BASIC-MALWARE-TROUBLESHOOTING.html
0
 
LVL 9

Expert Comment

by:wellhole
ID: 34888651
I recommend running Combofix. It solves most of my malware/spyware issues in half an hour.

http://www.infospyware.net/antimalware/combofix/
0
 
LVL 38

Accepted Solution

by:
younghv earned 500 total points
ID: 34888664
MBAM's forum actually has a detailed guide for how to remove this:
http://www.bleepingcomputer.com/virus-removal/remove-palladium-pro
0
 
LVL 38

Expert Comment

by:younghv
ID: 34888690
@fcek,
Please DO NOT follow the advice to use ComboFix.
There are some variants of malware that require its use, but "Palladium" is not one of them.

@wellhole - please do not tell our Members to use ComboFix as a first choice of malware remover. It is not always needed and you should never casually suggest it - the potential for computer system damage is far greater than with lesser tools.
0
 
LVL 38

Expert Comment

by:younghv
ID: 34888741
It should also be noted that you are better off downloading ComboFix from the site that actually has the instructions for using it:

"ComboFix" (http://www.bleepingcomputer.com/combofix/how-to-use-combofix).

0
 
LVL 23

Expert Comment

by:edbedb
ID: 34892537
Talk about overkill, I saw that palladium malware 2 days ago. It didn't even put up a fight.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 38

Expert Comment

by:younghv
ID: 34892653
@edbedb,
I concur.
My phone rings off the hook when something serious comes around, but I've not not a single customer call on this one.

I am seeing in on other forums though and MBAM seems to clean it right up.

Started loading MBAM-Pro on all my customer's computers about a year ago and it has been pretty amazing as a 'preventive' application.
0
 

Expert Comment

by:Navid_rvl
ID: 34893084
If u want a simpler solution that worked for me.

Here's how

First :1.Instal trojan remover and give a scan in safe mode if virus detected shows just click ok to take action.

Download link:  http://www.simplysup.com/tremover/download.html

2. then after it worked give a full computer scan in normal mode with bit defender online scanner

http://www.bitdefender.com/scanner/online/free.html

It could solve the problem easily. If still occurs repair widows.
0
 
LVL 38

Expert Comment

by:younghv
ID: 34893307

Navid_rvl,

Having never heard of "Simply Super" software, I thought I would check out the link.

No forums, no apparent support for the product, and no evaluation from any malware forum that I could find.

Do you have links to somewhere that I could learn more about it?
0
 
LVL 2

Expert Comment

by:Hapexamendios
ID: 34896070
Hi fcek,

I wouldn't disagree with any of the advice you've been given by esteemed experts.

However, remember to use your judgement when advised in a forum to install multiple pieces of software, there's the obvious possibility the "anti-malware" is itself a Trojan or stager for a rootkit (younghv touches on this diplomatically above). But that's not all; many anti-malware products include filter drivers which can, in certain circumstances, cause unexpected behaviour in Windows which is tricky to diagnose and resolve (other experts, this is in reference to the default value of the IRPStakcSize registry value in Windows).

Also, the type or brand name of the anti-virus product is not necessarily the determining factor in terms of which can clean what,. although it matters a great deal that any product is well-known and authentic. The entry point for this "crimeware" is, as per younghv's comments, vulnerabilities in the software on the computer, and in many circumstances your anti-virus can't constantly protect you if this hasn't been patched. Too many times this last ends up mistranslated into a p***ing contest between different security software, and one or other's perceived failure.

Rest assured that if a vulnerabillity exists on a computer, if a prospective attacker can reach it, and sometimes additionally if the user can be induced to do something they perhaps shouldn't, your anti-virus software will prove to be an irrelevant hassle to that attacker, regardless of its publisher, update status etc.

Conclusions (all obvious, but nevertheless need stating):

Always assess any software you're thinking of installing
Persuade your bosses that none of this security software will, on its own, mitigate the risk psoed by uneducated staff
Always attempt to scan an infected computer from safe, read-only media wherever possible, and ideally using a different operating system (which cannot be "hooked" by a virus designed for e.g. Windows).

I wish you luck, and if for some reason none of the advice from other experts resolves, post back and I'll take a turn :)
0
 

Author Closing Comment

by:fcek
ID: 34945644
This was perfect.
0
 

Expert Comment

by:JoeyTheGreat
ID: 35027212
just as a starter, log on and keep pushing ctrl alt delete to get into task manager before paladium can launch. next what I do, I open cmd by clicking to open program in task manager while holding the ctrl key. that opens command prompt. I then am usually set to be able to start killing the virus which can be found in task manager while deleting them from the hard drive using the command. I also use a combination of tools in cmd like tasklist taskkill etc. I then use sysinternals autoruns to get a rouh view of drivers, runs in registry,startups in start etc. Next you can use other anti malwares to finish off the unseens.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35027274
@JoeyTheGreat,

You may not have noticed that the problem was solved and the question already closed.

As a general rule, I find it much better to use automated tools for these functions - especially when they are well-documented and even have pictures to help those of us who need them
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Mitigations for tagging & aggregator sites to our site 4 143
Pfsense & Black list. 2 109
Upgrade Symantec EndPoint Protection 14 13 117
Twitching screen 11 78
You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now