go to the forum I link to, to the area I am linking to and register then post your own new thread there in that area. Tell what you have told here and exactly what you have seen.
The team will assist you to get it to stop that process and able to follow their directions. Once you begin there please only follow the directions there for you so there will be no conflicts or confusion.

Analysis and Malware Removal

If you need help let me know I am there also.
Don't worry you are not the first to have this infection and it can be handled there with patience and following directions

Removal instructions, here:

http://www.bleepingcomputer.com/virus-removal/remove-palladium-pro

Your best option is to go to a malware removal forum and get help, as you can see the instructions are quite complicated for a novice and you may end up doing more harm then good.

I don't mean to sound cruel, but Security Tool IS NOT the same as the rogue Palladium Pro. MalwareBytes Anti-Malware will not stop the process that is running and even if beanwabr did boot into Safe Mode and was able to get to the internet (which is at this time inaccessible) to install MBAM the infection would reactivate once the computer was rebooted because the process was not stopped.

Again, not to be cruel, but the user clearly states that a Palladium window appears. If you are not professionally trained in the diagnosing of specific malware nor the removal of malware it is best to send that person to malware removal forum as has been done.

The problem with anti-rogues such as Pallidium, Security Tool, XP Repair, etc. is that they each install additional malware that goes undetected by MBAM including rootkits that are designed to hide malware and if this infected computer is used for any online banking we're doing the victim of this malware an injustice by have them running MBAM in Safe Mode. Malware is far more advanced these days and deeper scans are necessary that only the professionals that are trained to use them should assist with running.

The fact that this victim has a broken internet connection is a sure sign that more advanced malware is lurking in the background that MBAM will not fix and if by some miracle the running of MBAM does allow the victim to access the internet once a reboot is performed that malware will reactivate because the process that was installed by the malware was not stopped.

@ beanwabr,

Please follow the instructions that ravencajun provided. I see that at this time you have not posted a thread at LandzDown.

Please do.

"When I tried it again this time safe mode didn't come up, neither did any of the icons, start button, internet explorer ... just the screen background."

so the user can't even get to safe mode!

I actually tried to post here what I just wrote earlier today, but noticed that it didn't accept it.

Were you able to click on Analysis and Malware Removal then click on Log Posting Instructions?

Are you able to click on the New Topic button to start a thread?

There are scans in the Log Posting Instructions link that need to be ran so you can post when you start the thread.

Let us know exactly what is happening and we'll guide you further.

Also...do you have a flash drive? It may be needed to transfer the logs and tools from and to the infected computer that will be needed if you can not get online.

You can get one really cheap at WalMart if you don't have one.

Since we vet each new member at LandzDown Forum, I remember seeing when you registered a couple days ago. After ravencajun contacted me, I checked your account and it is fine. It could be that you had not logged in and, therefore, could not post there. I sent you a test PM (private message) there. You should receive an e-mail notice about the message. Follow the link, log on to the forum and see if you can reply to my brief message.

As to Palladium Pro, it is very nasty ransomeware and most likely has added additional garbage that needs to be removed. I can assure susieq07 that it is nothing like the Security Tool rogue and also point out that it is always advised to scan with MBAM in normal mode, not safe mode, as that provides the best opportunity of removal since, like malware like Palladium Pro, does not run in safe mode.

Now, beanwabr, on to what you need to do.

zep516 pointed you in the right direction to get started, the Bleeping Computer tutorial. Go to the section entitled "Automated Removal Instructions for Palladium Pro using Malwarebytes' Anti-Malware" and follow those instructions exactly as provided.

After you have reached the end of the instructions at Bleeping Computer, return to LandzDown Forum and create a new topic in the http://www.landzdown.com/analysis-and-malware-removal/ forum. Copy/paste a copy of the MBAM log and then I'll provide further instructions on what you need to provide so the computer can be completely cleaned and updated.

Please let me know if you have any questions or get stuck on any of the instructions in the Bleeping Computer topic,
linked below.

If you know the virus name when you cannot connect to the internet, you can locate the target effectively. Usually, you will be able to know the virus name in following methods:

1. You can check your antivirus software�s detection report and see whether it has told you the infection name even it is not able to help you remove the infection;

2. Recently, there are many virus infections which pretend to be decent security software and try to mislead computer users to buy their fake security products so that they can rip off money. If you find out strange software which you cannot recall when you installed it on your computer, then you can record the software�s name because it is usually the name of the virus.

3. If you cannot find out the virus name using above mentioned method but your computer cannot connect to the internet and has other wired performance like computer freeze or automatic reboot, you are possible to be infected with newest virus infections which are unknown for security software and then you will need to find some professional experts to help you remove the unknown virus infections manually if you are not a tech.

Step three: try to uncheck the Proxy Server if there is any

Sometimes, if the virus won�t let you connect to internet, then you may fix the problem by unchecking the Proxy Server.

If you have Internet Explorer browser, you can follow these steps to restore the internet connection: Open Internet Explorer -> Click on Tools -> Click on Internet Options -> In the the Internet Options window click on the Connections tab -> Then click on the LAN settings button -> Uncheck the check box labeled 'Use a proxy server for your LAN' under the Proxy Server section and press OK.

If you have Mozilla Firefox browser, you can follow the below steps to access to internet again: Open Firefox -> Click on Tools -> Click Options -> Click Advance -> Click Network -> Click Settings -> Check No Proxy -> Click Ok.

Welcome!

The Infection has already been identified. Your link leads to a possible infected Web site---(URL)

What this infection does:

Palladium Pro is a fake rogue anti-spyware program from the Fake Microsoft Security Essentials family of infections. When this infection is installed on your computer it will display a fake Microsoft Security Essentials alert that states that it has detected an Unknown Win32/Trojan on your computer. It will then prompt you to scan your computer, which will start a fake scan of your computer that ultimately states that a file is infected with Trojan.Horse.Win32.PAV.64.a.

Associated Palladium Pro Files:

%UserProfile%\Application Data\completescan_pal
%UserProfile%\Application Data\install_pal
%UserProfile%\Application Data\palladium.exe
%UserProfile%\Application Data\uid_pal
%UserProfile%\Desktop\Palladium.lnk
%UserProfile%\Start Menu\Programs\Palladium.lnk

File Location Notes:

%UserProfile% refers to the current user's profile folder. By default, this is C:\Documents and Settings\ for Windows 2000/XP, C:\Users\ for Windows Vista/7, and c:\winnt\profiles\ for Windows NT.

Associated Palladium Pro Windows Registry Information:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnOnPostRedirect" = '0'
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell = '"%UserProfile%\Application Data\palladium.exe'

Warning! This site has a poor reputation.

This subdomain inherits the reputation of teesupport.com. Leave your rating for a separate reputation.
Ratings

Reputation ratings are based on real user ratings and they tell you how much other users trust this site. How reliable are the ratings?

Rate this website

Trustworthiness
38
Poor
Vendor reliability
37
Poor
Privacy
37
Poor
Child Safety
36
Poor
Comments

Supplement your rating by leaving a comment. Comments provide more information, but do not affect the reputation. Read more

Add comment

Comment list
Comment statistics

Sort by:

Agrees
Date

User picture

thamunsta 08/04/2010

Useless

garbage "

7
3

User picture

monadlu 07/18/2011

Spam

nothing useful, scaring the users and tricking them into paying for those strangers to remotely access their computers. how dodgy is that?!? "

2
0

User picture

Dave_M 07/01/2011

Spam

SPAMs forums "

2
1

User picture

RipRap 08/07/2011

Browser exploit

STAY AWAY!!! Just entering this site may infect unprotected computers...... "

0
0
link to this comment

Not yours, Zep!

Regards to all non-spammers,
Shax

How did you know beanwabr was infected with Palladium Pro? I could not find out any info about this from beanwabr.

You said my link leaded to a possible infected web site?

I can tell you that this site (teesupport.com) is safe. I know this because this site keeps posting blogs (http://blog.teesupport.com/) for virus removal and legit applications uninstall instructions each day. Teesupport starts its blogs for over one year and some of blogs are even listed on the top search on Google. I do not think Google will allow sites that will damage your computer to exist for such a long time. I have also tested this site using online anti-virus scanners from various security vendors and all test show that it is a safe site. What is more, as far as I know, TeeSupport is an online company to provide remote tech support and they receive payment via PayPal or Safe Cart. Will a virus maker dare to receive payment via PayPal or Safe Cart?

Talking about spam..There is a very interesting thing. See two latest posts from two different sites here:

http://www.bleepingcomputer.com/virus-removal/remove-master-utilities

http://www.citruscomputers.com/2011/09/01/remove-master-utilities-unin stall-guide/

"Your computer should now be free of the Master Utilities program. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes' Anti-Malware to protect against these types of threats in the future."

-- This is the bleeping computer site that you won't doubt.

I know bleeping computer site very well and I like it so much as you guys and I just want to list an example here to support my opinion. So far, I don't think there is any pure site without promoting anything. My principal is to choose info that I need and ignore the unwanted info on the internet. If a site does not force you to buy anything in an illegal way like rogue software and it can provide you some useful info, then that is not a bad site. By the way, I admit that sometimes I will buy things from the internet because of those sites' promotion but I don't think it is bad because they provide useful things to me and I think they deserve my payment for hard work of making such useful things.

Enjoy the internet!

Regards,

Alan_hoicns

"Well that didn't work because something called palladium security comes up and starts scanning."

So we know the user has an Anti Rogue installed(palladium Pro), what we don't know is what other Malware has been installed that continually goes undetected by virus and malware scanners, and now so common are the Rootkits. Rootkits by design hide Malware from Virus scanners. Without the knowledge of the tools I listed below, and the ability to read the log reports generated by these tools your whistling in the dark by giving advice or sending a user to some link.

Alan you may be right about the site being safe, that's why I said possible infected site. If I have any doubt I don't send users to malware removal sites. I would not doubt if the malware writers themselves intentionally made the site look bad to deter users from seeking assistance.

I'm a member of bleeping computer and currently enrolled in Malware Removal University at Geeks2go at the junior level, just finished the Windows registry course after completing the hijackthis course. Presently learning OTL scan, Combofix, TDSS Rootkit, Google redirects, Virus File Infectors and more. I will be assisting with Malware Removal at Geeks2go and hopefully Bleeping computer and other forums in 1 more year. It's a long haul and very time consuming. My goal is to become a Global Moderator.

Yay, Zep! Keep up the good work. I'll keep some rah-rah vibes coming your way.

In the mean time you really need to go to LzD forum register there and also create your own post there telling exactly what has happened as you did here, the team there will lead you step by step in cleaning up your infection. Please do not follow any other instructions that are not given specifically to you there.
Analysis and Malware Removal

once you have registered please create your post there in the malware removal area. The team will be with you shortly so just be patient.

The reason it recurs is because it has never been fully removed which is why you must go through the removal with a malware professional forum assistance.

I'll be happy to help you if you register at LandzDown as suggested by ravencajun. If you cannot access the Internet with the infected computer via Safe Mode with Networking, you will need access to a second computer to download the tools needed for analysis and removal.