Biting the hand that feeds you?

[Anvil2k11]

folks,

WARNING – NEW SUPERMALWARE?

caught one which is the “best” one I’ve ever came across and

seem to be programmed by an utmost OS and scanner insider!

behaviour like the Antispyware 2011 fake or Antivirus tool 2009 fake

but I never installed those (I am using Comodo Firewall/Antivirus.)

hence never had a scan screen like the latter do.

Behaviour:

- XP Task Manager displays 684181392:1865955543.exe (see attach)

(unkillable process, constant number probably varies on other devices)

- it shut’s down all!!! malware scanner down after scanning a few files.

renaming MB or Hijack et al (as suggested in the www) does not help at all.

(in my opinion it blocks all fast readings to the TOC/FAT32/NTFS-TOC)

- all sorts of so called process killers (pskill, ultimative, Cleaner8 etc etc)

messaging “process killed” but that nasty thing is still active and displayed.

- XP ProcessExplorer or XP ProcessViewer do not display any

processes.

- safe mode does not make any difference

- it seems to flag e.g. Malwarebytes or Hijack and if you want to start

them again (even after a switch off) they will not do it, Admin though.

you may re-install them but you’ll come back to square one:

"Windows cannot access the specified... you may not have appropriate

permission to access", or some other messages of that kind.

- it leaves some digits as traces in the registry but deleting the

key does not make any difference at the time and is rewritten

on reboot

- in my case it first rerouted to sites than knocked of www

accees entirely (stalls and ends up in time out)

- USB installs do not help the scanner

shuts everything down there too.

- Malwarebytes or any others "helpers" do not offer a

portable scanner which can be used on the

affected drive once booted from a BartPEXP.

(fear for their revenue?, in my opinion that

virus will make MB become useless)

Well done you unknown bast****, I surrender to and

will install a new OS. but I doubt you that

are a private person, too clever, too much of

knowledge of an OS where even big non-MS companies

struggle to comply with.

would be nice to get some information what is was

and how to protect in the future.

regards

Damian

[1PW]

Hello Anvil2k11:

If it happens again, or if the system is sill infected, please consider opening a topic here and read the FAQ.

No infection is too tough for these folks.

HTH

[Anvil2k11]

@1PW

sorry mate, don't you think I made such efforts

here to inform others to have it diminished by

"post it there" "or read the FAQ"?

1st

I've gone through all FAQ's to get it sorted

2nd

the suggestion deriving from my post is quite clear:

MB SHOULD PROVIDE US WITH A SCANNER/KILLER WHICH WORKS

OFFLINE FROM A WRITE PROTECTED DRIVE SCANNING OTHER DRIVES.

NOT ASKING FOR A DOWNLOAD JUST KILLING!!!

[Anvil2k11]

@1PW

thanx for the welcome

[AdvancedSetup]

Hello Damian Welcome to Malwarebytes,

From the sounds of it you probably have the ZeroAccess rootkit infection. You will require assistance in removing it which can be provided by one of the choices below.

Here are the steps needed to get your computer cleaned....

Please read the following so that you can begin the cleaning process:

You have 3 Options that you can choose from as listed below:

• Option 1 —— Free Expert advice in the Malware Removal Forum
  
• Option 2 —— Paying customer -- Contact Support via email
  
• Option 3 —— Premium, Fee-Based Support

OPTION 1

As we don't deal with malware removal in the

General Malwarebytes' Anti-Malware Forum

, you need to start a topic in the

Malware Removal forum

so a qualified helper can help you fix any malware related problems/infections you may have.

• Please read and follow the
  directions here
  , skipping any steps you are unable to complete. Then post a
  NEW topic here
  .
  
  
• After posting your new post, make sure under
  options
  , you select
  Track this topic
  and choose
  Immediate Email Notification
  , so that you're alerted when someone has replied to your post.
  
  
• One of the
  expert helpers
  there will give you one-on-one assistance when one becomes available.
  
  
• Please refrain from making any further changes to your computer such as (Install/Uninstall programs, use special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
  
  

NOTE:

Please DO NOT post back to (bump) your topic within the first 48 hours.

Replying to your own posts changes the post count and helpers are looking for topics with zero replies. If you reply to your own post helpers may think that you're already being helped and thus overlook your post.

• If there is no reply from any experts after 48 hours, you can reply to the topic, asking for help again.
  
  
  Or
  
  
• You may send a Private Message to a Moderator asking for assistance.
  
  

OPTION 2

Alternatively, as a paying customer, you can contact the help desk at

support@malwarebytes.org

or

here

.

OPTION 3

If you would like to use our Malwarebytes Premium Services, Comprehensive solutions to all your computer support needs—from installation and set-up to troubleshooting and tune-ups go to our

Malwarebytes Premium Services

support site.

Please be patient, someone will assist you as soon as it is possible.

PS: Please use the "ADDREPLY" button instead of other ones when you start replying.

[Anvil2k11]

cheers Ron,

as written I went through all sorts of forums

(including yours, renamed rebooted etc)

just imagine on a travel like many others - all of the sudden you

cannot surf the web decently because you been rerouted or

even denied access - no reading FAQ's no download, no other

devices to do are not applicable. I came home today after two

weeks abroad to post it on my PC - a point which applies to many others

too.

I have to consider MB is clever enough to deal with

all kinds of krab and the answer to the ultimate

"why not providing us with a bootable/portable untouchable MB?"-question

is still disregarded here. that raises a concern of a MB's primary

(sorry to say) commercial gain.

anyway, waiting for a newer solution is time wasting in my case,

have to go on Monday abroad again and will reinstall XP.

please just tell me how to have protection in

the future or better -

provide us with a protected bootable version like

TrueImage does with its rescuer.

suggestion to tackle MB's revenue concerns:

only for sale to those who bought a MB basic version.

that's it - nothin' more to say

kindest regards

Damain

[AdvancedSetup]

Well not sure what you mean by getting help here - you don't have any posts in the HJT forum having someone help you with this but that's up to you.

You can read the following which should be of some help for prevention.

http://forums.malwarebytes.org/index.php?showtopic=9365