Tag Archives: spyware

Remove Viruses, Malware and Rootkits – Google Chrome won’t start

A friend started to get alerts and warnings that it was his PC was infected with viruses. Despite best efforts to remove them using a cacophony of tools, most of which detected elements of an infection, things just didn’t seem to be quite right with the system. The most notable thing being Google Chrome wouldn’t start – even after a re-install. The final piece of the puzzle was the PC being infected with a TDSS rootkit which appears to be quite prevalant out there.

Having solved the PC woes, here’s some things that I noted as we went through the process, particularly if Google Chrome won’t start (Chrome seems particularly susceptible to infections):

  • Remove the rootkit with a tool like Rootkit RevealerKaspersky TDSS rootkit removal tool or Sophos AntiRootkit
  • Remove the virus(es) using an anti-virus tool like AVG Anti-Virus, Microsoft Security Essentials or some other reputable anti-virus tool
  • Use Malwarebytes Anti-Malware and / or SuperAntiSpyware to remove spyware/malware
  • Check that your system is not directing internet traffic through a malware proxy; In Windows go to “Internet Options” > “Connections” > “LAN Settings” and make sure that if the “Proxy Server” is checked that it’s something you recognise. If you don’t recognise or are not sure about it, uncheck this box.
  • Check your HOST file hasn’t been altered. Go to $WINDOWS (e.g. C:\WINDOWS) > System32 > Drivers > etc   – edit the “HOSTS” file. This will have an entry referring to localhost but anything that has other website URLs may be suspect. Consider removing them.
  • Check your Windows Startup; Go to Start > Run > type msconfig – Click on the “Startup” tab and check each entry – those with blank or what appear to be random text entries could be virus/malware related (e.g. TklERc01). Uncheck them as needed.
  • If you want to check a file using a multitude of virus checker, try VirusTotal (http://www.virustotal.com) – this is a great little site to help understand potential threats.

Hopefully the above will help you either remove threats or avoid them. If you want to be extra-safe, try Sandboxie if  you’re not confident the file you’re running is free of issue.

(Please rate / comment if this article helped you!)

Malware Nasty – Antimalware Doctor

Been hit by the Antimalware Doctor – a fake anti-malware (or an anti-anti-malware) that infects your PC and starts to affect your access to websites and other such nastyness then this guide is for you!

What is AntiMalware Doctor?

It’s a spoof program that will alert you that your computer is infected by viruses or other such stuff and will offer to fix them if you buy the program.

The reality is your computer is probably not infected as the program suggests. Instead these are fake alerts to get you to hand over cash for a program that doesn’t do anything (i.e. Antimalware Doctor). A screen shot of this rogue POS is here.

How do I get rid of it?

The easiest way is install Malwarebytes Anti-Malware (download link).

If you’re feeling particularly techie then you can also check the this link which has a comprehensive run-down of how to remove it.

The final straw for some people is that it will also change the way your internet connection is configured; for IE users, go to Tools > Internet Options > Connections > LAN settings. There will be a check against the “Use a Proxy Server…” entry. Uncheck that (as well as following the other removal steps) and you should be good to go.

Still having issues?

If you’re still having trouble then there could be other infections on your PC, even after running MalwareBytes Anti-Malware, check that your system isn’t affected by running an Anti-virus scan, or check out McAfee’s Stinger which will detect and clean. Also check out AVG Anti-virus if you want a decent, free anti-virus program.