3 replies to this topic

[JanSSI]

This threat cannot be removed by Malwarebytes because even if the program is killed (via RKill) when the Remove Selected is clicked, it launches again. It has obviously hijacked the Regedit process since you also cannot run that program unless it is renamed.

[Fatdcuk]

Hello JanSSI and welcome to the Research Center

Have you tried using Malwarebytes Chameleon tech yet ?
http://helpdesk.malw...nfected-systems

[JanSSI]

No I haven't! Thanks, I will try that this morning.

I used a trick I often employ where I put an inocuous program into the directory where the unkillable malware is and rename it to the name that the malware is using. Then when it launches (and does not realize that it has been found), the inocuous program launches instead. I was able to get Malwarebytes run through until the end after this. It found over 700 problems but when I tried to repair them, it kept trying to launch the malware and reported an error message that would keep popping up each time I cleared it.

One other note: I tried to clean this with a Rootkit tool from TrendMicro and it returned with 8 problems but said, ominously, that they could not be fixed.

[JanSSI]

That worked great! I did not know about the Chameleon program and it killed the malware (over and over) and got things working again.

You guys rock!