Rogue spyware with a twist

[Matallica]

Got this little nasty last night. I have had these annoying rogue spyware viruses in the past and a quick safe mode - malwarebytes as got rid of them but this latest one seems different.

In the past when I boot into safe mode the annoying Rogue spyware hasnt loaded up but this time it as. Also whilst in safe mode Iam unable to open any programs (IE, Firefox, malwarebytes etc)

It leaves me pondering what to do. Iam currently on another machine so I can download software to a USB stick. Its just really annoying that no programs are opening on the affected machine.

Any help would be great, the Rogue spyware is called : Vista anti-spyware

Thanks

 

[tomos]

bootable usb/cd/dvd AV and anti spyware?

take drive out and attach as 2ndry in other PC to scan and clean?

 

[Matallica]

bootable usb/cd/dvd AV and anti spyware?

Sorry what do you mean?

take drive out and attach as 2ndry in other PC to scan and clean?

Not really an option at the moment!


I wonder if trying to open Malwarebytes on a USB will do the trick

 

[Crowort]

I bet it is messed up the registry values for file associations. If so making this a .reg file and merging it will reset them.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]

[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]

[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[-HKEY_CLASSES_ROOT\secfile]

 

[Matallica]

I vaguely remember doing something like that in the past, I copy and paste the above into notepad and name the file fix.reg and save as all files, then open it I beleive. Then it allows me to open files again?

Cheers

 

[Deleted member 77746]

When stuff like this happenes I don't even waste time scanning as you seriously don't know whats hidden. I format the machines to be on the safe side.

 

[Matallica]

Suppose your right but I cant really format at the moment. I dont have some stuff backed up

 

[j.col]

When stuff like this happenes I don't even waste time scanning as you seriously don't know whats hidden. I format the machines to be on the safe side.

i usually do this ^ but
have you tried combofix, that seems to get rid of most nasties

 

[Deleted member 77746]

i usually do this ^ but
have you tried combofix, that seems to get rid of most nasties

By the time some of them do full scans a format + dinner could have been done

 

[Matallica]

Oh yea Combofix, forgot about that one. Ill download it now. Cheers

Anyone know when I make the fix.red file (notepad) will I be able to open files again ?

Thanks

 

[Crowort]

It should yes. Yes you copy that into notepad, name it whatever.reg, save as, select all files. Then either double click it or right click and select merge. It just puts the info for running .exe files back to the windows default. This should allow you to run your AV / malware software at least in safe mode.

 

[Matallica]

Thanks Crowort

I have my USB stick fully loaded now. Would you run the file/program Malwarebytes from the stick or would you copy and paste them?

Cheers

 

[Matallica]

Another thing does anyone know how the rogue spyware (in my case Vista anti-spyware) manages to run in safe mode ?

 

[Deleted member 77746]

Another thing does anyone know how the rogue spyware (in my case Vista anti-spyware) manages to run in safe mode ?

Cleverly designed.

 

[Matallica]

All seems clear now after running Malwarebytes. I seem to have a damaged Windows Defender though I get this error when trying to open it in Control Panel

Application failed to initialize 0x80070006. The handle is invalid

Any clues ?

Cheers

 

[Matallica]

Just a wonder, is Windows Defender even needed if I have Avira ?

Thanks