Need clean tool for "Privacy_Danger" malware

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

That sure is a nasty one.

 

 

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Acan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

 

 

Download Attribune's ATF Cleanerand then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mo
de.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opers browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the pr
ogram.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

Message Edited by Stu on 04-19-2008 08:02 AM
2 Likes

Stu,

 

I too had this nasty malware installed on my laptop and mbam found and unistalled it completely, however, I have another issue. This malware must have installed another program which disables my taskmanager useless. Any ideas on how to remove? Shall I post and started another thread for this issue?

 

 

JT 


jjtski wrote:

Stu,

 

I too had this nasty malware installed on my laptop and mbam found and unistalled it completely, however, I have another issue. This malware must have installed another program which disables my taskmanager useless. Any ideas on how to remove? Shall I post and started another thread for this issue?

 

 

JT 


Please do.
I found it now by accident.
 
1 Like

Even though I ran mbam and it found and deleted all the files assoicated with this malware. Iā€™m still getting the white screen and a diaglog box that shows that it can not find the file  file://C:\WINDOWS\privacy_danger\index.htm. I started looking through my registry entries  and I think they have been compromised.

 It appears that even though mbam cleaned it the first time,  this one is back in full force. What shall I do now?

1 Like

Strange.

Let's try something else.

 

These misleading applications are often associated with other threats such as Downloader.MisleadApp and Trojan.Vundo. We update our detections for these on an almost daily basis. If, after running a full scan, there are still no threats detected then follow the instructions here to see if you can find any suspicious files loading. These files can then be submitted for analysis here.

 

When you do this Symantec is able to make signatures for the nasty program.

 

I hope this helps

I'm also still noticing malovelant behavior even after running various cleaning tools.

Trojan_Vundo comes up almost daily. Norton Internet Security cleans it each time, but the next day it's still there.

As far as the white background, I found on my system that when I clicked in the upper-most left corner of the white background, I got a drop down arrow.  A menu appeared.

I clicked that and selected "close".   The white background went away for good...so far.

That background was intriguing because it was "on top" of the actual desktop, yet it let the icons show through.  Some piece of diabolical code for sure.

This is the worst thing I've ever seen and I've seen alot of viruses over the years.

Did you send it to Symantec?

Please try the following:

  1. Disable system restore 
  2. Start up in Safe Mode
  3. Run a full scan

OK Stu,

Did what you said, it cleaned 2 items today.  It usually seems to find 2 or 3 on any given day.

When I try to submit using the NIS interface in the Security History log, I get the following dialog

 

---------------------------
Norton Internet Security
---------------------------
The item you submitted did not meet the necessary requirements for submission.

 

Submissions can fail for various reasons.  For example, you may have submitted an item that Symantec has already identified or the infected file may have been deleted.
---------------------------
---------------------------


In fact all the items that were removed would not submit and gave the same dialog

 

The following items were removed over the last few days since installing NIS

  • Trojan.Zlob (removed once)
  • Trojan.Vundo (removed several times)
  • tracking cookies (removed several times)
  • Downloader (removed several times)
  • Also several intrusion attempts were blocked.

It looks to me like NIS is doing some kind of Symantec/Norton notification and statistical submissionsons its own.  So far today I'm not getting pop-ups  or noticing any strange behavior.  Perhaps the updates have finally caught up with it, but I'm going to wait and see.

 

Also are there detailed instructions on "disabling system restore"?   I want to make sure I did that correctly. 

 

Thanx for the update.

We just wait and see now

here's a link to an MS article on disabling system restore.

 

mel 

Thanx Melodic