Alright so I'm not usually one to get malware as I'm safe with what I download ( no antivirus ) and I can always remove it if it does happen, but this is an exception.
Went to uninstall the program from control panel, got the message:You do not have sufficient access to uninstall Search Protect. Please contact system admin.
Checked - I am on an admin account rofl.
So I decided I might as well go higher and CMD my way to SYSTEM. That'll surely do it... right? Nope.
Yeah... I'm confused now. ^ Shows the commands I used to get to the main folder for the program and tried to run uninstall.exe as SYSTEM. Denied??
Running Windows 10 atm if that makes a difference.
Didn't work. PsExec and Schtasks both require networking to be active and safe mode with networking still disabled it for some reason. Tried the regular uninstall a program control panel and that didn't work either.
Update: Ran AVG's Scan and it "removed" the threat. I went back to check installed programs and there it was. Reinstalled today. Seriously confused now. Would deleting the Regedit entry help? Help needed!
I have seen this recently myself ... it basically gives itself "god" power and is embedded deep in windows in multiple places and will re-install even if you go line by line delete ... I had it turn the antivirus evil both MS essentials and malwarebytes.
I believe people are spoofing DNS servers and possibly redirecting to phony windows update servers and and phony antivirus update servers.
ended up doing a DOD grade wipe after the safe mode delete (even in stored memory) and re-installed everything ... if only it was not a charity case client lol
Well after multiple changes to system files and unlinking my windows account to keep it local. Then I ran AVG system scan. Then Malware Bytes. Still couldn't delete. Ran MalwareBytes one more time and I check and all the files were gone. Uninstalled Chrome. Went into Internet Explorer and reinstalled. All good now. I'll agree it is the nastiest malware I've seen to date.
the rig I mentioned before had Avast Internet security ... paid antivirus ... and it was some how down graded to avast free with a password that did not exist ... so you could not change the scan settings. I failed to mention that the reason it was a charity case as it is my ex wife's PC
Well everything is fixed now. I think it was a matter of the folder and all files within it having "special permissions" by a nonexistent user and group. Quite nasty and glad it's resolved.
run ccleaner & antimalwarebytes. They have a free version now. Another thing you can do is kill task any search protect programs, then rename the folder if you can't remove it. That will stop it from starting up when ur booted if it is hiding in your registry and startup services etc.. I remember I had this adware Delta had a registry and service that installs itself back when you remove it. It was such a pain.
https://www.malwarebytes.org/mwb-download/
and finally teach your family or people who use your pc to don't click on those false alarms. Just clicking on it or visiting their sites could already give you viruses, rootkits and malwares on the next bootup.
Thanks for the tips, but I already check startup services, the registry, and if it was still installed. It seems I have successfully wiped the bugger off my computer.
