backdoor win32 scrab.p virus help removing?

• Wednesday, April 06, 2011 3:45 PM

   

   
  

  0

  I have a virus (backdoor win32 scrab.p virus) it comes up with a fake program trying to get me to purchase malware protection. It won't let me run malware bytes on the computer to remove it and then comes up with an error message blocking it. I have tried logging in via safe mode and running malware bytes however it asks me to download updates. As I am in safe mode I cannot download updates and when the scan has completed there is no viruses found. I have also tried going in and trying to delete the files manually however I get no luck please see below. Any ideas?

  • 1. Boot your computer into safe mode to close all running processes.
  • 2. Remember to back up your system before making any changes for future restore job when necessary.

  • 3. Remove these Backdoor.Win32.Scrab.m files:

  • %UserProfile%\Application Data946550101946550101.exe
  • %UserProfile%\Local Settings\Application Data\[random]\[random].exe

  • 4. Open Registry Editor to delete the following registry entries:

  • HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon 'Shell' = '%UserProfile%\Application Data\antispy.exe'
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
  • HKEY_CURRENT_USER/Software\Microsoft\Windows\CurrentVersion\Run
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System 'DisableTaskMgr' = '1'
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run '[random string]'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations 'LowRiskFileTypes' = '.exe'
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings 'ProxyOverride' = ''

   

  • Moved by Stephen BootsMVP, Moderator Wednesday, April 06, 2011 3:53 PM not onecare (From:Windows Live OneCare Anti-Virus)
  •