Unstoppable malmare "security tool"

Long story short. My professional version of avast is not protecting against this malware / virus. I need help. I already have the latest update on avast. Used spy doctor and threatfire, the detected it however I have to buy those for it to get rid of it…and I already bought avast. So here is screenshot of what was picked up. Hopefully the names of the files will help find a cure?

The malware pretends to be helpful and it is called “security tool”(Which I never installed) offering to remove itself if I fork over $50 and personal information…which is just a trap. I went into safety mode to remove it as well as in regedit. But parts of it sill comes back…

Any idea what this thing is and when avast can find a solution. My computer is really falling a part here…not sure if I have to reformat soon… I’m lucky to even type this thing up. Any insight would be great. Thanks ???

-Brian Luk

http://www.brianluk.com/extra2/virus_scan.jpg

Welcome b_luk

Spyware Doctor and Registry Mechanic are not recommended and should be un-installed through Add/Remove programs.

Read about another person’s experience with those applications:
http://forum.avast.com/index.php?topic=49011.0

same problem solved
http://forum.avast.com/index.php?topic=49011.0

OBS: Yo…kenny faster

I would download the free version of MBAM (after uninstalling Spyware Doctor and Registry mechanic), install, update it, and run a scan.
Please post the scan results here.

Are you saying you are infected based on the Spyware Doctor scan result, or do you have other symptoms/popups? A screenshot of the rogue (rather than the other scanners) would be good. Can’t even see it in your system tray.

When I reconnect to the internet things seem to go bad and I lock up a bit.

The Security Tools is removed or most of it. I don’t have screenshots of that. That was the first sign of trouble.(I never installed that program in the first place) I then went to download.com (c.net supposedly legit site) to get Spyware Doctor to finish the job…which ended up not doing much. It had another program called PC tool , Registry Mech attached. Both are no good, and I tried my best to removed them as you guys suggested.

Here is the screenshots of what the Spyware Doctor found. It removes threats, ask for money, and the threat comes back.

http://www.brianluk.com/extra2/virus_scan2.jpg

My advast is fulled updated. Still not picking anything. I reg’ed it a few months ago with my two years subscription. So my license shouldn’t be an issue.

One of the scanner recommend on the post is not working. It installs but won’t run.
mbam-setup.exe

I get an error

Thanks for all the tips. Still sorting things out.

EDIT: …PC Tools still comes back even when I remove it! not in the un

If you have successfully installed MBAM, go to the installation folder (default is C:\Program Files\Malwarebytes’ Anti-Malware) and rename the main .exe (MBAM.exe) to something else, say, bluk.exe, then try to run it. Run a quick scan. When finished, have it remove everything found, and post the scan report. If it prompts you to complete removal on reboot, reboot promptly.

If it is “mbam-setup.exe” that won’t run, that means it is not installed, the installer is blocked. Try renaming the installer. If still no luck, try it again in safe mode.

There are hundreds, maybe thousands of rogue variants released each day. What’s surprising is that an AV actually picks any of them up, not that it misses the odd one. If you have the main executable of the rogue, you could try moving it to the Avast chest and then upload it to Avast for analysis, or zip it and email it to virus@avast.com with the description, and the password to unzip it in the body of the text. That would be appreciated.

SpywareDoctor and reg Mechanic aren’t rogues, but in my opinion they come close to the line, because of the “threats detected, but you must purchase to remove” thing.
I’ve read a lot of adverse reports about their performance, and (as with a lot of registry cleaners) propensity of Reg Mechanic to break things. I’d definitely uninstall both.
Revo uninstaller is good for stuff that doesn’t uninstall clean.
If you can’t stop Reg Mechanic or otherwise have problems uninstalling it, let me know, I’ll walk you through some steps that should work.

One of the problems with a lot of download sites, Cnet included, is that there are a large number of sponsored links available to click on. “Computer running slow? Click here for a free scan”, that sort of thing. And although they are not links to rogues software, mainly, they do tend to install these applications, like reg mechanic, which is a form of aggressive marketing. I don’t touch any of those sorts of things.
And a lot of perfectly legit things you might want to download, like for example, Ccleaner, comes with a Yahoo toolbar, unless you opt out.
This is (probably) not how you were infected with the rogue, but it probably is how you ended up with more PCTools stuff than you probably thought you were getting.

Threatfire is OK, useful, and works fine with Avast. I wouldn’t install the (optional) AV component.

Just seen your “edit”.
Which PCTools comes back, please?
Reg mechanic, SPywareDoctor, or Threatfire?
I wouldn’t uninstall Threatfire, but definitely would the other two.

Opps I removed the threatfire, that is the one with the consistent popups of warning but it locks up my computer more. But now I can use the internet more smoothly. However my avast is doing a lot more script blocking which is good.

No luck with the mbam-setup.exe. I tried renaming the exe file. It updated once and that’s it. So I uninstalled and reinstalled a version renaming the setup file. No luck.

Only virus program I have currently on right now is Avast.

Did you try the mbam installation/run in safe mode?
I am confused as to whether you have actually been able to get mbam installed and run once, or not.

Try an Avast boot time scan.

I installed the mbam in boot time scan. I have two version in fact on my computer. Either run properly, even after the renaming. One was lucky enough to update and afterwards, no functioning at all. Thanks for the tip though.

I’m not sure how to run a boot time scan. Where is there that option? Thanks. I’ll give it a try and if that doesn’t work, I’ll just reformat.

I installed the mbam in boot time scan
Does not make sense. It is not possible to install anything during a boot scan. What do you mean?

I don’t believe it is possible to have two versions of the same software installed in this case.
Are you using different user accounts? And are you on an admin account?

It’s more important to get MBAM working than schedule an Avast boot scan at this point.

Sorry I mean to say installed in “safety mode” I’m a bit stressed.

http://www.brianluk.com/extra2/two_folders.jpg

.

http://www.brianluk.com/extra2/two_version.jpg

Nothing happens when I click either exe…

If it makes any difference. I notice on my computer of my set preferences get toggled off and on. Example. My wallpaper is removed, windows layout changes from window classic to window pro layout. All this is happening when I’m using the same account in normal mode.

I understand, now.
OK, this is starting to get a little tricky for me.
Try Cureit. It will run from the download location. Run as Admin, if you don’t use an admin account.
This application does not update, it’s ready to go from downloading. DrWeb is good at removing nasty stuff.

Okay Thanks, I used Cureit. I tried it on normal account and admin in safety mode. I get the same error. I attempted an update in normal mode after those errors and I get a new one called 550 error directory moved. However I just downloaded the file and used it straight from the folder.

http://www.brianluk.com/extra2/error2.jpg

Put Threatfire back on the computer, if you can.
This one at least detected it, once it’s installed, run a full rootkit scan.

If this doesn’t work, I’d be looking at a BART cd. Or (since you have the Pro version of Avast) emailing support direct. The forum helpers here are volunteers, with varying degrees of ability. (I’m somewhere round midway, I guess.)
And hopefully someone else will post a bit of advice.

On this post, by Tech, is a list of places to download a BART CD. You’d need a clean computer to do that.
I’d try the Avira one first, or the DrWeb, just because I’ve read some success stories with those. Each linked page will have directions.

I’m a bit out of time. I’ll probably just be reformatting now for overkill. So I can sleep at night and reinstall all important programs I use in the morning.

I appreciate all the time and help/suggestions everyone gave me. If it comes back (which it shouldn’t after the reformat) I’ll take your suggestion Tarq57 and use the forums and tech support.

I have most of my important files backup before the bad stuff happen so I should be okay. On a lighter note I been working on a fun painting which I hope to finish after the computer is normal. Progress can be seen here:

http://www.conceptart.org/forums/showthread.php?t=169671

Thanks again for all your support.

nice work, b_luk… especially the subdued colour scheme and the heightened sense of drama.

quite surreal, really… given your current run-in with the malware dragon. :wink:

maybe the St. George tourist (that’s you, isn’t it?) will find his slaying powers in time and save the day from needless reformat?

good luck! will check back at your forum to see how the painting progresses.

greyshade, Thanks. The painting is all done now. Hopefully I won’t have anymore adventures with the mal-ware dragon.

http://www.brianluk.com/gallery/pictures/dragon_cropped_final.jpg

Since the format everything is running smooth. The suggested program mbam-setup.exe is also every helpful side by side with avast for things that might slip by. Thanks again.

Glad to hear you are up and running again. Stay safe, and live to fight another day! Your final rendering of the painting certainly seems to indicate that.

Do come back to share your adventures and the therapeutic effect of art in combating viral villains of the peace.