palladium virus - how to remove it?

Posted on 2011-02-14
Medium Priority
Last Modified: 2013-11-22

User opened a "u have a Fedex delivery" type email and now she has this.

What to do?

They have win xp
Question by:fcek
LVL 38

Expert Comment

ID: 34888631

Download, install, and run
CCleaner (www.ccleaner.com)

Malwarebytes (http://www.malwarebytes.org/mbam.php)
The instructions are included right in that link.

Read my Article here:

Expert Comment

ID: 34888651
I recommend running Combofix. It solves most of my malware/spyware issues in half an hour.

LVL 38

Accepted Solution

younghv earned 2000 total points
ID: 34888664
MBAM's forum actually has a detailed guide for how to remove this:
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

LVL 38

Expert Comment

ID: 34888690
Please DO NOT follow the advice to use ComboFix.
There are some variants of malware that require its use, but "Palladium" is not one of them.

@wellhole - please do not tell our Members to use ComboFix as a first choice of malware remover. It is not always needed and you should never casually suggest it - the potential for computer system damage is far greater than with lesser tools.
LVL 38

Expert Comment

ID: 34888741
It should also be noted that you are better off downloading ComboFix from the site that actually has the instructions for using it:

"ComboFix" (http://www.bleepingcomputer.com/combofix/how-to-use-combofix).

LVL 23

Expert Comment

ID: 34892537
Talk about overkill, I saw that palladium malware 2 days ago. It didn't even put up a fight.
LVL 38

Expert Comment

ID: 34892653
I concur.
My phone rings off the hook when something serious comes around, but I've not not a single customer call on this one.

I am seeing in on other forums though and MBAM seems to clean it right up.

Started loading MBAM-Pro on all my customer's computers about a year ago and it has been pretty amazing as a 'preventive' application.

Expert Comment

ID: 34893084
If u want a simpler solution that worked for me.

Here's how

First :1.Instal trojan remover and give a scan in safe mode if virus detected shows just click ok to take action.

Download link:  http://www.simplysup.com/tremover/download.html

2. then after it worked give a full computer scan in normal mode with bit defender online scanner


It could solve the problem easily. If still occurs repair widows.
LVL 38

Expert Comment

ID: 34893307


Having never heard of "Simply Super" software, I thought I would check out the link.

No forums, no apparent support for the product, and no evaluation from any malware forum that I could find.

Do you have links to somewhere that I could learn more about it?

Expert Comment

ID: 34896070
Hi fcek,

I wouldn't disagree with any of the advice you've been given by esteemed experts.

However, remember to use your judgement when advised in a forum to install multiple pieces of software, there's the obvious possibility the "anti-malware" is itself a Trojan or stager for a rootkit (younghv touches on this diplomatically above). But that's not all; many anti-malware products include filter drivers which can, in certain circumstances, cause unexpected behaviour in Windows which is tricky to diagnose and resolve (other experts, this is in reference to the default value of the IRPStakcSize registry value in Windows).

Also, the type or brand name of the anti-virus product is not necessarily the determining factor in terms of which can clean what,. although it matters a great deal that any product is well-known and authentic. The entry point for this "crimeware" is, as per younghv's comments, vulnerabilities in the software on the computer, and in many circumstances your anti-virus can't constantly protect you if this hasn't been patched. Too many times this last ends up mistranslated into a p***ing contest between different security software, and one or other's perceived failure.

Rest assured that if a vulnerabillity exists on a computer, if a prospective attacker can reach it, and sometimes additionally if the user can be induced to do something they perhaps shouldn't, your anti-virus software will prove to be an irrelevant hassle to that attacker, regardless of its publisher, update status etc.

Conclusions (all obvious, but nevertheless need stating):

Always assess any software you're thinking of installing
Persuade your bosses that none of this security software will, on its own, mitigate the risk psoed by uneducated staff
Always attempt to scan an infected computer from safe, read-only media wherever possible, and ideally using a different operating system (which cannot be "hooked" by a virus designed for e.g. Windows).

I wish you luck, and if for some reason none of the advice from other experts resolves, post back and I'll take a turn :)

Author Closing Comment

ID: 34945644
This was perfect.

Expert Comment

ID: 35027212
just as a starter, log on and keep pushing ctrl alt delete to get into task manager before paladium can launch. next what I do, I open cmd by clicking to open program in task manager while holding the ctrl key. that opens command prompt. I then am usually set to be able to start killing the virus which can be found in task manager while deleting them from the hard drive using the command. I also use a combination of tools in cmd like tasklist taskkill etc. I then use sysinternals autoruns to get a rouh view of drivers, runs in registry,startups in start etc. Next you can use other anti malwares to finish off the unseens.
LVL 38

Expert Comment

ID: 35027274

You may not have noticed that the problem was solved and the question already closed.

As a general rule, I find it much better to use automated tools for these functions - especially when they are well-documented and even have pictures to help those of us who need them

Featured Post

NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Your business may be under attack from a silent enemy that is hard to detect. It works stealthily in the shadows to access and exploit your critical business information, sensitive confidential data and intellectual property, for commercial gain. T…
2017 was a scary year for cyber security.  Hear what our security experts say that hackers have in store for us in 2018.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question