Trojan desktop blocker?
Solved/Closed
Related:
- Trojan desktop blocker?
- Desktop goose - Download - Other
- Redirect blocker opera - Guide
- Desktop hut - Download - Customization
- Blackberry desktop manager - Download - File management
- Youtube desktop download - Download - Videos and news
9 responses
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Feb 24, 2010 at 04:23 PM
Feb 24, 2010 at 04:23 PM
Hello Jan
I don't think it is a desktop blocker per say it is a rogue virus.
You say that you do not have access to Internet.
Can you boot into normal mode? If you can, please, click on start and then on run.
Type regedit and click ok. The registry editor will open.
See in you can find the following keys:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
Fast Browser Search Toolbar Helper - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-08-13 2602368]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - Fast Browser Search Toolbar - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-08-13 2602368]
If you do, please delete them.
Then click on edit and on search:
Type: Psecurity and click ok.
The search will begin and stop when items with Psecurity will be found. Press delete and follow this procedure until the search has ended.
Repeate the search but type : personal security.
Close the registry editor.
See if you gained access to internet and download Malwarebyte:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, rename Malwarebyte to Explorer (to foul the Trojan) intall it and update it.
Turnoff you modem and please do a full system scan.
Let me know if you were successful.
I don't think it is a desktop blocker per say it is a rogue virus.
You say that you do not have access to Internet.
Can you boot into normal mode? If you can, please, click on start and then on run.
Type regedit and click ok. The registry editor will open.
See in you can find the following keys:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
Fast Browser Search Toolbar Helper - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-08-13 2602368]
{1BB22D38-A411-4B13-A746-C2A4F4EC7344} - Fast Browser Search Toolbar - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll [2009-08-13 2602368]
If you do, please delete them.
Then click on edit and on search:
Type: Psecurity and click ok.
The search will begin and stop when items with Psecurity will be found. Press delete and follow this procedure until the search has ended.
Repeate the search but type : personal security.
Close the registry editor.
See if you gained access to internet and download Malwarebyte:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Once on your desktop, rename Malwarebyte to Explorer (to foul the Trojan) intall it and update it.
Turnoff you modem and please do a full system scan.
Let me know if you were successful.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 7, 2010 at 10:39 AM
Mar 7, 2010 at 10:39 AM
Hello Alice,
Glad to help you.
The evil application is self protective and will prevent running antimalware tools you must therefore outwit the beast, here is how:
We must first end the security tool process:
1. Download Process Explorer and save it in C:\ folder.
Download link: http://live.sysinternals.com/procexp.exe
2. Rename procexp.exe to explorer.exe and double-click to run it. (To rename, click right on the icon and left on rename. Just type the new name)
3. Select Security Tool process from the list. Should be 4946550101.exe or similar, or again called personal security or just security. and press "Delete" button to end the process.
4. Close Process Explorer. Do not reboot your system has the processes may be reanimated.
5. Re download MalwareBytes anti-malware:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
6. Rename mbam-setup.exe to explorer.exe and double-click to run it. Install, update and run MalwareBytes anti-malware. Then perform a FULL computer scan and remove all found infections.
Once your computer is clean and working normally just to be on the safe side
•Turn off system restore and wait 30 seconds,
•Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
Let us know about your success.
Best regards
Glad to help you.
The evil application is self protective and will prevent running antimalware tools you must therefore outwit the beast, here is how:
We must first end the security tool process:
1. Download Process Explorer and save it in C:\ folder.
Download link: http://live.sysinternals.com/procexp.exe
2. Rename procexp.exe to explorer.exe and double-click to run it. (To rename, click right on the icon and left on rename. Just type the new name)
3. Select Security Tool process from the list. Should be 4946550101.exe or similar, or again called personal security or just security. and press "Delete" button to end the process.
4. Close Process Explorer. Do not reboot your system has the processes may be reanimated.
5. Re download MalwareBytes anti-malware:
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
6. Rename mbam-setup.exe to explorer.exe and double-click to run it. Install, update and run MalwareBytes anti-malware. Then perform a FULL computer scan and remove all found infections.
Once your computer is clean and working normally just to be on the safe side
•Turn off system restore and wait 30 seconds,
•Turn it back on and create a new restore point.
This way it gets rid of anything bad that might have gotten saved in a restore point and you have a clean restore point to use in the near future if needed.
Do not turn it off until your computer is clean and working normally because you might need to use it if something goes wrong during the clean-up process.
It is better to go back to an infected restore point if something goes wrong then to not be able to undo changes that were damaging.
Let us know about your success.
Best regards
I had the same problem yesterday.
I solved it in a very different way and easier.
I had a second user in that laptop. I started with this second user. In this way the virus does not show up. So I could run my existing virus program an it found the virus/trojan" TR/Fraudpack.aogi" at c:\program files\pssecurity.exe" and deleted it.
I solved it in a very different way and easier.
I had a second user in that laptop. I started with this second user. In this way the virus does not show up. So I could run my existing virus program an it found the virus/trojan" TR/Fraudpack.aogi" at c:\program files\pssecurity.exe" and deleted it.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Apr 2, 2010 at 04:17 AM
Apr 2, 2010 at 04:17 AM
Hello Waverley,
All the pleasure was mine, thank you for your feedback.
All the pleasure was mine, thank you for your feedback.
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Apr 4, 2010 at 03:52 PM
Apr 4, 2010 at 03:52 PM
Ola Kizaki,
No problema (no problem)
No problema (no problem)
Thanks everyone for the posts in here. My son's laptop was infectected with Trojan.DesktopBlocker and Personal Security (from an email in Facebook - 'OMG you must see this'). I tried following the suggestions given by Ambucias but as the machine used Vista I was not getting much success. The internet connection was also a bit unreliable (Program not responding). I tried to download the procexp.exe but although it apparently downloaded I could not find the file in the place I had 'Save to' (Desktop).
In the end, I started Vista in Safe mode (with Networking but that was probably not relevant). It came up (along with desktop icons) and I was then able to start Inernet Explorer and download Malwarebytes anti-Malware. I used Run rather than Save in the download. I didn't need to rename the program. Ran that program, followed on screen prompts to delete infections and all is well.
Thanks Ambucias for all your help.
In the end, I started Vista in Safe mode (with Networking but that was probably not relevant). It came up (along with desktop icons) and I was then able to start Inernet Explorer and download Malwarebytes anti-Malware. I used Run rather than Save in the download. I didn't need to rename the program. Ran that program, followed on screen prompts to delete infections and all is well.
Thanks Ambucias for all your help.
it happens when the programs are freak, it happen with me also when i downloaded tool fix it block my computer,so the only way you got is if you can make i back up is good or install new driver again from windows xp.
but before save all yours favourit filles.
good luck
but before save all yours favourit filles.
good luck
Didn't find the answer you are looking for?
Ask a question
i have a trojan desktop blocker. and i am having the same problems but i can still access the internet. how do i get rid of it?
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 11, 2010 at 04:05 AM
Mar 11, 2010 at 04:05 AM
Hello Hgurdal,
Thank very much you for the tip and the second user.
I suggest that you also run Malwarebyte you will be surprised because it will remove the traces letf by the trojan that your antivirus did not detect.
Thanks again
Thank very much you for the tip and the second user.
I suggest that you also run Malwarebyte you will be surprised because it will remove the traces letf by the trojan that your antivirus did not detect.
Thanks again
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Mar 17, 2010 at 04:55 AM
Mar 17, 2010 at 04:55 AM
Dear DoninKent,
Thank you very much for your feedback, it is really appreciated.
These rogue Trojans are really vicious and there variants of them. It is rare that Malwarebyte will run without rename it because most of the rogues will prevent running antimalware tools.
Anyhow, one last recommendation, please create a restore point as indicated in my orginal message.
Thank you again for sharing.
Thank you very much for your feedback, it is really appreciated.
These rogue Trojans are really vicious and there variants of them. It is rare that Malwarebyte will run without rename it because most of the rogues will prevent running antimalware tools.
Anyhow, one last recommendation, please create a restore point as indicated in my orginal message.
Thank you again for sharing.
i just got rid of my desktop blocker but it has a price to pay my way but its quick.
CAUTION
this will be bad if extremly important document are infected
METHOD
on my computer it only infected 1 account mine. i realised when i ran malwarebytes on another account which wasn't desktop blocked.
create a new account on your comp and cut paste the important files via
"my comp" and done but dont do this if your file are infected scan with malwarebytes before transfering or you could be infecting your new accout.
done u are home free of the virus
p.s. malwarebytes is brilliant its free trail that dosnt expire and u dont need 2 get the full version to remove viruses but u cant access the file with the blocker
CAUTION
this will be bad if extremly important document are infected
METHOD
on my computer it only infected 1 account mine. i realised when i ran malwarebytes on another account which wasn't desktop blocked.
create a new account on your comp and cut paste the important files via
"my comp" and done but dont do this if your file are infected scan with malwarebytes before transfering or you could be infecting your new accout.
done u are home free of the virus
p.s. malwarebytes is brilliant its free trail that dosnt expire and u dont need 2 get the full version to remove viruses but u cant access the file with the blocker
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
Apr 13, 2010 at 05:50 AM
Apr 13, 2010 at 05:50 AM
Wahid,
Thank you for your feedback and help.
Thank you for your feedback and help.
Hi everybody. Today I accidentally installed the Personal Security programme and I've the same problems.
I've read all of the posts, but I am still in troubles with this Desktop Blocker-Personal Security rogue programme. I can't run Malwarebyte (neither renaming It "explorer.exe"), I can't go in Vista Safe Mode to try to run It because when I try the pc "froze", stopping at the file system called "avgrkx86.sys".
I don't know what to do...help me please!
I've read all of the posts, but I am still in troubles with this Desktop Blocker-Personal Security rogue programme. I can't run Malwarebyte (neither renaming It "explorer.exe"), I can't go in Vista Safe Mode to try to run It because when I try the pc "froze", stopping at the file system called "avgrkx86.sys".
I don't know what to do...help me please!
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
May 19, 2010 at 04:08 PM
May 19, 2010 at 04:08 PM
Your initial message was answered. We are volunteers hence not always online. Patience is a vertue. You must also consider that we do not all in this world live in the same time zone
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,164
May 19, 2010 at 04:17 PM
May 19, 2010 at 04:17 PM
Frafly
With all due respect, you are totally out in left field because you are asking your question in the wrong thread. You are talking about personal security while the thread has to do with a desktop blocker. Actually you question could have been deleted because it was unrelated.
Now, please read the following thread and you will see how to get rid of the virus and where dozen of people had success.
http://ccm.net/forum/affich-213724-personal-security-is-a-b
With all due respect, you are totally out in left field because you are asking your question in the wrong thread. You are talking about personal security while the thread has to do with a desktop blocker. Actually you question could have been deleted because it was unrelated.
Now, please read the following thread and you will see how to get rid of the virus and where dozen of people had success.
http://ccm.net/forum/affich-213724-personal-security-is-a-b
Apr 4, 2017 at 10:02 PM