Rogue spyware with a twist

Associate
Joined
20 Jan 2005
Posts
567
Location
Where the wild things are
Got this little nasty last night. I have had these annoying rogue spyware viruses in the past and a quick safe mode - malwarebytes as got rid of them but this latest one seems different.

In the past when I boot into safe mode the annoying Rogue spyware hasnt loaded up but this time it as. Also whilst in safe mode Iam unable to open any programs (IE, Firefox, malwarebytes etc)

It leaves me pondering what to do. Iam currently on another machine so I can download software to a USB stick. Its just really annoying that no programs are opening on the affected machine.

Any help would be great, the Rogue spyware is called : Vista anti-spyware

Thanks
 
bootable usb/cd/dvd AV and anti spyware?

take drive out and attach as 2ndry in other PC to scan and clean?
 
I bet it is messed up the registry values for file associations. If so making this a .reg file and merging it will reset them.

Code:
Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]

[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]

[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[-HKEY_CLASSES_ROOT\secfile]
 
I vaguely remember doing something like that in the past, I copy and paste the above into notepad and name the file fix.reg and save as all files, then open it I beleive. Then it allows me to open files again?

Cheers
 
When stuff like this happenes I don't even waste time scanning as you seriously don't know whats hidden. I format the machines to be on the safe side.

i usually do this ^ but
have you tried combofix, that seems to get rid of most nasties ;)
 
Oh yea Combofix, forgot about that one. Ill download it now. Cheers

Anyone know when I make the fix.red file (notepad) will I be able to open files again ?

Thanks
 
It should yes. Yes you copy that into notepad, name it whatever.reg, save as, select all files. Then either double click it or right click and select merge. It just puts the info for running .exe files back to the windows default. This should allow you to run your AV / malware software at least in safe mode.
 
Thanks Crowort

I have my USB stick fully loaded now. Would you run the file/program Malwarebytes from the stick or would you copy and paste them?

Cheers
 
Another thing does anyone know how the rogue spyware (in my case Vista anti-spyware) manages to run in safe mode ?
 
All seems clear now after running Malwarebytes. I seem to have a damaged Windows Defender though I get this error when trying to open it in Control Panel

Application failed to initialize 0x80070006. The handle is invalid

Any clues ?

Cheers
 
Back
Top Bottom