Link to home
Create AccountLog in
Avatar of fcek
fcekFlag for Ireland

asked on

palladium virus - how to remove it?


User opened a "u have a Fedex delivery" type email and now she has this.

What to do?

They have win xp
Avatar of younghv
younghv
Flag of United States of America image


Download, install, and run
CCleaner (www.ccleaner.com)

Malwarebytes (http://www.malwarebytes.org/mbam.php)
The instructions are included right in that link.

Read my Article here:
https://www.experts-exchange.com/Virus_and_Spyware/Anti-Virus/A_1940-BASIC-MALWARE-TROUBLESHOOTING.html
Avatar of wellhole
wellhole

I recommend running Combofix. It solves most of my malware/spyware issues in half an hour.

http://www.infospyware.net/antimalware/combofix/
ASKER CERTIFIED SOLUTION
Avatar of younghv
younghv
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
@fcek,
Please DO NOT follow the advice to use ComboFix.
There are some variants of malware that require its use, but "Palladium" is not one of them.

@wellhole - please do not tell our Members to use ComboFix as a first choice of malware remover. It is not always needed and you should never casually suggest it - the potential for computer system damage is far greater than with lesser tools.
It should also be noted that you are better off downloading ComboFix from the site that actually has the instructions for using it:

"ComboFix" (http://www.bleepingcomputer.com/combofix/how-to-use-combofix).

Talk about overkill, I saw that palladium malware 2 days ago. It didn't even put up a fight.
@edbedb,
I concur.
My phone rings off the hook when something serious comes around, but I've not not a single customer call on this one.

I am seeing in on other forums though and MBAM seems to clean it right up.

Started loading MBAM-Pro on all my customer's computers about a year ago and it has been pretty amazing as a 'preventive' application.
If u want a simpler solution that worked for me.

Here's how

First :1.Instal trojan remover and give a scan in safe mode if virus detected shows just click ok to take action.

Download link:  http://www.simplysup.com/tremover/download.html

2. then after it worked give a full computer scan in normal mode with bit defender online scanner

http://www.bitdefender.com/scanner/online/free.html

It could solve the problem easily. If still occurs repair widows.

Navid_rvl,

Having never heard of "Simply Super" software, I thought I would check out the link.

No forums, no apparent support for the product, and no evaluation from any malware forum that I could find.

Do you have links to somewhere that I could learn more about it?
Hi fcek,

I wouldn't disagree with any of the advice you've been given by esteemed experts.

However, remember to use your judgement when advised in a forum to install multiple pieces of software, there's the obvious possibility the "anti-malware" is itself a Trojan or stager for a rootkit (younghv touches on this diplomatically above). But that's not all; many anti-malware products include filter drivers which can, in certain circumstances, cause unexpected behaviour in Windows which is tricky to diagnose and resolve (other experts, this is in reference to the default value of the IRPStakcSize registry value in Windows).

Also, the type or brand name of the anti-virus product is not necessarily the determining factor in terms of which can clean what,. although it matters a great deal that any product is well-known and authentic. The entry point for this "crimeware" is, as per younghv's comments, vulnerabilities in the software on the computer, and in many circumstances your anti-virus can't constantly protect you if this hasn't been patched. Too many times this last ends up mistranslated into a p***ing contest between different security software, and one or other's perceived failure.

Rest assured that if a vulnerabillity exists on a computer, if a prospective attacker can reach it, and sometimes additionally if the user can be induced to do something they perhaps shouldn't, your anti-virus software will prove to be an irrelevant hassle to that attacker, regardless of its publisher, update status etc.

Conclusions (all obvious, but nevertheless need stating):

Always assess any software you're thinking of installing
Persuade your bosses that none of this security software will, on its own, mitigate the risk psoed by uneducated staff
Always attempt to scan an infected computer from safe, read-only media wherever possible, and ideally using a different operating system (which cannot be "hooked" by a virus designed for e.g. Windows).

I wish you luck, and if for some reason none of the advice from other experts resolves, post back and I'll take a turn :)
Avatar of fcek

ASKER

This was perfect.
just as a starter, log on and keep pushing ctrl alt delete to get into task manager before paladium can launch. next what I do, I open cmd by clicking to open program in task manager while holding the ctrl key. that opens command prompt. I then am usually set to be able to start killing the virus which can be found in task manager while deleting them from the hard drive using the command. I also use a combination of tools in cmd like tasklist taskkill etc. I then use sysinternals autoruns to get a rouh view of drivers, runs in registry,startups in start etc. Next you can use other anti malwares to finish off the unseens.
@JoeyTheGreat,

You may not have noticed that the problem was solved and the question already closed.

As a general rule, I find it much better to use automated tools for these functions - especially when they are well-documented and even have pictures to help those of us who need them