Malware Burn removal

Mon 06th Aug '07

I had a client with a program called Malware Burn on their PC today. It's a fake malware remover. It pops up in your browser (on some nasty website, i assume) pretending to have found malware on the machine. It convinces the user to download a program, and then it does a fake scan, telling the user they have spyware. It offers to remove the spyware if they buy the program. I cant tell what damage the program does other than annoying popups... but removal seems to be a real pain. It's uninstaller in the add/remove programs list is a fake and doesnt work. I couldnt find anything by Googling, except some instructions from a site I didnt know if I could trust. Here's what I did, which seemes to have worked. Instructions to remove Malware Burn Remove or rename: msvcp71.dll msvcr71.dll in the system32 folder (I added SPY to the file extension, making it msvcp71.dllSPY and msvcr71.dllSPY, this means I can remove or restore them later after I know my change didnt break the system) Open the registry editor (start > run > type 'regedit') and make a backup of the registry (click the root of the tree and File > export) Use the registry editor's search function to look for 'malware'. If the item it finds refers to 'malware burn' delete the item. Some items, the whole section is for malware burn, others you'll only want to remove the one entry. Use F3 to search for the next one. Don't remove any that dont refer to Malware Burn (I found one which mentioned Malware but it was an internet explorer internet zone setting.. dont delete it!) After the registry has no more references to Malware Burn, delete the program files/malware burn program directory. Thats pretty much all I did. If my client has it show up again, I'll edit this to reflect anything else I learn.

Entries

Love that camry
Read this post
This post was a long time coming
Grafton Web Design
Youtube Bwahahah
New website
CeBit done and dusted!
Transferring files with FAST
Hmmmfff
Politics. Climate Change. Who can we trust?
Kids at Jaca
Jaca Float
Exciting times
The honeymoon is over!
Dual screen OK!
New reality show - action and tears aplenty!
Ubuntu 6.10 Compiz with cheap Nvidia card
Malware Burn removal
ITRiver has moved, and why we all speak Hsilgne (pronounced sil-gon-ee)
The Return of the Paparazzi
Finally footage of the mud volcano in Indonesia
Aren't we little rays of sunshine?
New ideas
The Ring
The Saga of the Ring...
The Ring
Great day at the beach, Manta Ray agrees.
Ahhh! No login screen!
Policies & Disclaimer
The world is amazing sometimes. Parents beware.
What's ITRiver?
Aching and lonely. I should write a country song...
Ecko's the Gecko's echo!
Migrating simplePHPblog to WordPress
About Me
About Me
Wedding plans starting to come together... still no ring though :(
Im getting married!
Im going on a time machine!
Big ideas
Back again!
Soccer Gallery
Happy Birthday to me!
Microsoft free zone!
Slack attack, Sorry!
Happy Birthday baby!
Gunners on fire with carnival clean sweep
Dylan's Soccer Draw
Can't talk now, seeing double!
Read slowly please
Nuts, anybody?
She's mine all mine!
Awww, they are SOOOO CUUUTE!
Off to Brissy
Photos
I've been on the wrong planet!
Baby - It's 3am I must be lonely
Quick call-in.
Distracted...
Long time no blog, again
I am SO slack
Sick, tired and internet crawling. Id rather be fishing.
Sooooozies new blog, with cuuute photos!
No more baby sisters! What a relief!
Pic of the day
Picture of the day
Mt Warning. - Take the name literally. I didn't...
Christmas lights cause traffic mayhem, homeowners honked at
Blog is back!
Indy!
Website wants to stay
Thirsty Merc rocked
Long weekend
Parents Poem
So um, can anyone see which way is east?
Happy Birthday, Chrystal!
Pic of the day
What a weekend
Home again
Sideways glances get you lost!
Thought for the day:
Lonely
Trip to Melbourne
He doesnt live near me, he lives in Melbourne
Business trip to Melbourne
Photo of the day
Photo of the day
Quarter Century
Photo of the day
Uncle Bill's Farm
Finally!
Lily Oh Lily Oh Lily!
Im an Auntie!
Bored.
Tis the colour of the sun, my son!
Fine print is fine, if it's there at all...
New car is en route
Ooooh one day when I'm spoiling myself
Another bloody Camry driver?
The question on everyone's lips - answered!
No beemer this time...
My first BMW, maybe
Nice one, QLDers!
Ah, humour comes in all types, bro. Word ta' ya' motha.
Off to Hard and Soft School...
Yes it's a strange idea...
Headed for the unthinkable - Divorce
Music for the emotions...
Dr_Snapid's Blog is on the wire.
ITRiver closed from 1st Sept to 9th Sept

Instructions to remove Malware Burn Remove or rename: msvcp71.dll msvcr71.dll in the system32 folder (I added SPY to the file extension, making it msvcp71.dllSPY and msvcr71.dllSPY, this means I can remove or restore them later after I know my change didnt break the system) Open the registry editor (start > run > type 'regedit') and make a backup of the registry (click the root of the tree and File > export) Use the registry editor's search function to look for 'malware'. If the item it finds refers to 'malware burn' delete the item. Some items, the whole section is for malware burn, others you'll only want to remove the one entry. Use F3 to search for the next one. Don't remove any that dont refer to Malware Burn (I found one which mentioned Malware but it was an internet explorer internet zone setting.. dont delete it!) After the registry has no more references to Malware Burn, delete the program files/malware burn program directory. Thats pretty much all I did. If my client has it show up again, I'll edit this to reflect anything else I learn.