Last nite I was cleaning Antivirus XP 2008 off another pc when I saw something new. Malwarebytes was running its scan and I had turned away to work on another pc. When I looked back the infected machine was displaying a bsod. I was reading the error message when all of a sudden I see "restarting..." displayed at the bottom of the screen. As I watched, the Windows XP startup logo appeared with the blue scrolling bar. Suddenly it went to another bsod. This one had a different error message and Stop: code so I just watched for a few seconds. Sure enough, the "restarting..." message appeared again and it went thru the same girations. While all this was going on, I was hearing the persistant clacking of the hard drive activity typical of a Maxtor hdd. On the third reboot I pressed the space bar and Voila! The Malwarebytes window and the actual desktop reappeared! It seems these virus writers have now gone so far as to create a screen saver with bsod's and reboot scenarios. The pc I was servicing must have had the screen saver timer set rather short and the screen saver had come on while I was looking away.

Bottom line is don't be fooled when removing this pest. Pressing the power button to clear a bsod will shut down your attempt to clean the pc. And when you restart, you not-so-friendly infection will still be there.

I saw that exact same thing a couple weeks ago. Malwarebytes did clean it up.

Not too be rude, but don't you guys turn off all power saving options before running anti-malware scans?

I've always turned off all that non-sense when running anti-malware scans and/or removal techniques. There's nothing worse than having a PC goto sleep or hibernate when you're doing that sort of thing. Heck, even do it whilst in Safe-Mode.

Not too be rude, but don't you guys turn off all power saving options before running anti-malware scans?




Not always. Turning off and turning back on or re-doing customer preferences can be time consuming too. And remembering all the changes that you have to change back or writing them all down gets to be a drag. I don't even boot to Safe mode unless the pest is extremely persistent. I just turn off System Restore, shut down startup programs and scan. I follow up with a hjt scan just to make sure I didn't miss anything. Different strokes for different folks I guess. ;)

Bottom line is don't be fooled when removing this pest. Pressing the power button to clear a bsod will shut down your attempt to clean the pc. And when you restart, you not-so-friendly infection will still be there.

Panama, thanks for the info. I have not seen this behavior to date, so I'll be sure to shut
off screensavers while performing scans.

I'm also finding that MalwareBytes is able to clean infections when others do not.
I've been sucessfully using SuperAntiSpyware for some time now and MalwareBytes has
detected and cleaned some items that SuperAntiSpyware had missed. I'm also finding
that *sometimes* you have to run SuperAntiSpyware scans 2 or 3 times, rebooting
in between the scans, to completely remove certain malware.

At the link below, there is a very interesting thread going on between
the author of SuperAntiSpyware and the author of MalwareBytes.
http://www.wilderssecurity.com/showthread.php?t=208720&highlight=superantispyware

---pete---