Malware that kills AM scanners

Lately, when cleaning up computers I've been coming across a new type of malware that either kills the installation or prevents anti-malware scanners from running. Specifically, I like to use MBAM and SuperAntiSpyware for the heavy lifting and both of these programs have been rendered useless. Even if I can get them installed they will not run in either normal mode or SAFE mode. I've tried renaming the executables, but this doesn't help. Any thoughts about how to deal with this? So far I've just moved on to Plan B, which is save the data and format the drive, but if there's a methodology to beat these bugs I'd like to know about it.

 

no there is not cause malware writers are very complicated always come
with some thing new to attack antivirus/antispywares/antimalwaresthe best solution save data and format fresh from scratch and start thinking that prevention is better than the cure
note:sorry if i was rude

 

I clean a lot of infected pc's and rarely have to reinstall an OS from scratch.

Typically when TDSServ, Seneka, and other nasty malware blocks MBAM, SAS, Combofix, and other reputable tools from running I whip out the good Dr. (Web). After the Dr. removes some infections I'll "show hidden devices" in the device mgr. and disable/uninstall rogue drivers. Afterwards the aforementioned tools will typically start working properly. The Avira rescue CD also works well, however be sure to download a fresh copy before using it.

 

My own preferred method is to boot from a BartPe cd (Ubcd4Win).This gives you an environment from which to run the included AM tools (Avira,Kaspersky,SAS,A2,Dr Web...) that is isolated from the infected system.It's a very effective method of removing deeply embedded malware and the only reliable way to remove rootkits without a reinstallation.

 

I have made a rule in SSM that protects all my security software from termination.

 

Sorry if this is a dumb question, but is there an easy or straightforward way to know which drivers are rogue? Or do you just look at all of them and view their system properties to make a decision? I'm thinking a typical PC might have several dozen drivers, and the average user probably wouldn't have the foggiest which were valid or not.
(Actually, the average user perhaps wouldn't even know what a driver is...)

 

I've been using a BartPE rescue disk for data recovery, but not for disinfection. I have UBCD4Win and need to experiment with it to see if it will be a good "field" tool. I'm often under tight time constraints which is not optimal for malware cleaning. Sometimes it's faster to just grab the data and wipe the system. But when I can take the system home and not worry about how long the scans take I like to give cleaning a chance. There is some small satisfaction in beating malware

 

I know what you mean there,time is always an issue.I learned a long time ago that while cleaning a system of malware is personally satisfying it's not always the best use of available time.As for UBCD4Win,if I was only allowed one tool for repairing systems it'd be that one for sure,indispensible to me.There's so much more to it than just malware scanners,it comes with a load of very useful stuff.

 

I really would like to know, if Prevx Edge would be strong enough. Maybe their support would give you a one-week license to try...

 

Its my experience that they are very helpful. They are active here in Wilders - drop them a message and Im sure they will oblige.

 

TDSServ rootkit probably, I had several infections with this malware lately.

Just download SDFIX unpackit and copy to C drive by using Linux live CD than boot into safe mode, it usually does not load GUI however you can get task manager by clicking ctrl-alt-del, go to File, New Task and run RunThis.bat it will start SDFIX and after that you can run SAS or CounterSpy, these 2 remove this rootkit easy.

 

Hi Victek123

then reading your posts, ubcd4win would serve you well with the sas plug-in. There are others but how about building and personalising your own livecd.

Talking about malware that kills there was one around when sas was taking off (cannot recall the name atm) that prevented sas and others from updating, killed off av and then put the relevant dummy icon in the notification area - very annoying

 

I'm done playing games trying to get anti-malware programs to run. Seems like most of the heavily infected pc's I work on all disable downloading/installing any of the popular anti-malware programs. I just boot from UBCD4WIN & run Superantispyware & Antivir.

The Avira Rescue CD as previously mentioned is very good & the Kaspersky Rescue CD is another good tool to have. The Kaspersky Rescue CD is updatable also.