Jump to content


Photo

More information on Profound Security (PROTECTOR-xxxx)


  • This topic is locked This topic is locked
3 replies to this topic

#1 JanSSI

JanSSI

    New Member

  • Members
  • Pip
  • 3 posts

Posted 11 July 2012 - 04:12 PM

This threat cannot be removed by Malwarebytes because even if the program is killed (via RKill) when the Remove Selected is clicked, it launches again. It has obviously hijacked the Regedit process since you also cannot run that program unless it is renamed.

#2 Fatdcuk

Fatdcuk

    Malware BBQ'er

  • Moderators
  • PipPipPipPipPipPip
  • 20,550 posts
  • Gender:Male
  • Location:127.0.0.1

Posted 11 July 2012 - 04:20 PM

Hello JanSSI and welcome to the Research Center :)

Have you tried using Malwarebytes Chameleon tech yet ?
http://helpdesk.malw...nfected-systems
Ade Gill
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 JanSSI

JanSSI

    New Member

  • Members
  • Pip
  • 3 posts

Posted 12 July 2012 - 06:41 AM

No I haven't! Thanks, I will try that this morning.

I used a trick I often employ where I put an inocuous program into the directory where the unkillable malware is and rename it to the name that the malware is using. Then when it launches (and does not realize that it has been found), the inocuous program launches instead. I was able to get Malwarebytes run through until the end after this. It found over 700 problems but when I tried to repair them, it kept trying to launch the malware and reported an error message that would keep popping up each time I cleared it.

One other note: I tried to clean this with a Rootkit tool from TrendMicro and it returned with 8 problems but said, ominously, that they could not be fixed.

#4 JanSSI

JanSSI

    New Member

  • Members
  • Pip
  • 3 posts

Posted 12 July 2012 - 12:48 PM

That worked great! I did not know about the Chameleon program and it killed the malware (over and over) and got things working again.

You guys rock!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users