Best Malware Protection virus

Hello! I am having to use someone else's computer since I can no longer access the internet from my laptop. I believe I have the "best malware protection" virus on my laptop and my avast antivirus doesn't seem to have removed it. Therefore, I cannot download any malware removal software to remove it. Please advise ASAP. Thanks!

Hi there belovd2000 and welcome to GeekPolice!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:

• Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  
• Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  
• I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  
• Stick with me till the end! If your computer starts running better, doesn´t mean it is clean yet!

====================

Careful now, Best Malware Protection is rogue software. For an explanation of this term you can consult e.g. Wikipedia. Whatever you do, do not buy a license for this program. If you already did, you have been scammed. In that case I suggest you contact your financial institution and see if you can revert the payment.

The first thing we are going to do is try and temporarily disable the rogue, to get rid of all the annoying popups and allow us to actually do something. For this we use RKill.

====================

Please download RKill by Grinler from Download Mirror #1 and save it to your desktop.
Download Mirror #1 (rkill.exe)
Download Mirror #2 (rkill.scr)
Download Mirror #3 (rkill.com)
Download Mirror #4 (WiNlOgOn.exe)
Download Mirror #5 (uSeRiNiT.exe)
Download Mirror #6 (iExplore.exe)
Download Mirror #7 (eXplorer.exe)

• Double click the RKill desktop icon (rightclick > Run as Administrator for Vista/WIN7).
  
• A black screen will briefly flash indicating a successful run.
  
• If this does not occur please delete that application and try using Mirror #2
  
• Continue process until the tool runs.
  
• Important: RKill only temporarily disables the malware. If you reboot the computer, it will be active again. So do not reboot until we kill the infection.

====================

Since you cannot access your infected computer, you will have to download the required tools from your clean computer and move them to the infected computer with some removable media, for example burn it to a CD or write it to an USB flash disk.

If you use an USB flash disk, I highly recommend you to immunize it first, to prevent malware using the usb flash drive for spreading itself.
If you use an USB flash disk, I highly recommend you to immunize it first, to prevent malware using the usb flash drive for spreading itself.

Please download Flash_Disinfector by sUBs from here and save it to your desktop.

• Double-click Flash_Disinfector.exe to run the tool
  
• When requested, insert the USB flash disk(s) you want to to immunize/disinfect
  
• Hold down the Shift key when inserting the drive(s) until Windows detects the drive
  
• Click OK to start the disinfection process
  
• Reboot your computer when done.
  

Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that you choose to disinfect. Do not delete that folder!

====================

Besides RKill (I recommend you download all 7 versions and save them to your CD/USB stick) you will also need OTL to run the OTL scan. So make sure OTL.exe is also saved to the CD/USB stick. Here are the instructions for downloading and running OTL:

Please download OTL by OldTimer from here and save it to your Desktop.

• Close all windows and double click OTL.exe.
  
• The Extra Registry setting should be Use Safelist
  
• Copy and paste the following text into the Custom Scans/Fixes box:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
/md5start
atapi.sys
explorer.exe
iastor.sys
userinit.exe
winlogon.exe
/md5stop

• Click the Run Scan button and allow it to run.
  
• It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  
• You may need to use two posts to get it all.

Thanks so much for the quick response. I am currently doing a backup of my files onto CDs. Is that OK? Or can I follow your instructions w/o losing any of my data. I'm on disc 4 with the backups. Do I need to continue or can I start w/your instructions? Please advise.

You can disregard my previous message about the backup. I was at disc 12 and wasn't even halfway thru...so, I anxiously await the rest of your directions.

OK. Making backups is always good though. But CD´s are not the best medium (only 700 MB/disk).

Anyway, please proceed with my recommendations from the first post. If you find any problems during the process, you can report them here. Hopefully you make it to the OTL log.