Privacy Protection Malware

I have a laptop that is infected with some malware called Privacy Protection. I have tried booting up in Safe Mode with networking, I can't access the internet anymore, I can't execute any file with a .exe file extention. I'm just stuck. I've ran Malware bytes, it didn't find anything but it wasn't updated because I can't get to the internet. I ran TDS Killer the first time it found a couple infected files and fixed those. Now when I run it, It doesn't find anything.

Please Help...
Laballa1Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

taphopeCommented:
Does it still pop up the infection?  
you can try running a few things manually.  If running windows xp, press the Windows key + r to bring up a run dialog.  Type in command.com and press enter.  It will bring up a command prompt.  
type in regedit.  
hit enter.
expand out, hkey_classes_root/exefile/shell/open/command
on the right pane it should have it listed as "%1" %* for both items listed.  
most likely it will be ok, some of these I have seen hijack the exefile and some dont.  
Once you close out regedit, run explorer.exe from the command prompt.  
Unhide the files and folders.  
go to c:\documents and settings\all users\local settings\application data
look for files there that make no lick of sense whatsoever.  typically I have seen these show up as random numbers and letters.  Rename them and add .bad to the end of them.  
close out the windows explorer window.
at the command prompt again, type in "netsh i i r r" and press enter.  then "netsh winsock reset catalog" and press enter (without the quotes).  
reboot the computer.  
then try your MBAM update and scan.

If you do not feel comfortable renaming the files, list the files and folders that are found here.  
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
taphopeCommented:
Also on a side note you can check here too for a removal guide:
http://www.bleepingcomputer.com/virus-removal/remove-privacy-protection

0
Laballa1Author Commented:
I followed all the steps Taphope outlined in the first post. I'm not getting the pop ups anymore after I rebooted. I still can't get to the internet. When I check the Wireless Network Connection Status it says connected. In the Activity section there are no packets being sent or received. the Signal Strength is Excellent. I don't know what to do. I can't update Malware Bytes.
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Russell_VenableCommented:
Take a look at this article & download fixncr.reg.

This will take care of the EXE problem.

For internet connectivity I would suggest you try Disable proxy settings first. If that does not work. You can flush your DNS settings by doing the follow as a administrator  on a command prompt(Elevated if Vista/W7+):

ipconfig /renew
arp -d *
nbtstat -R
nbtstat -RR
ipconfig /flushdns
ipconfig /registerdns
netsh dhcp show server

Open in new window

This resets your adapters and flushes your cache. If that doesnt work you can always uninstall your network adapters and let the operating system detect, reinstall network adapters after you reboot. I would have my Recovery disk on hand for this operation though... Things can go bad.

You can do the follow to do so:
Right click on My Computer Icon
Click on Hardware (W7 - "Manage" is shown instead)
Click on Device Manager
Find network adaptors in the list, right click and uninstall.
Restart the computer. 

Open in new window

0
taphopeCommented:
Run MBAM again as well.  Sometimes running that again will fix the exe issue the second time around.  may need to run it from a command prompt though.  I have had that happen as well.  
Also click start, run, type inetcpl.cpl
see if there is a proxy configured, or a blank proxy.  
Also run Hijackthis (found here at : http://www.trendmicro.com/ftp/products/hijackthis/HijackThis.exe
Have it generate a log file and post it here as well.  Could be other issues or residual stuff from the initial removal.
0
Laballa1Author Commented:
Thank you both for your help. I finally figured out that the firewall was blocking acess. Once I enable acess, I was able to update MBAM and run it and get everything cleaned up.

Thanks again for your assistance. I will be keeping the kids away from the computer for now on ;)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.