Google Installer Virus Removal – Updated!

Updated!
Well, along with Conficker, the Google Installer Virus is still at large.  I just removed this virus from a friends computer, this information is collected from multiple sources across the Internet, thanks to everyone’s favorite… Google.

Technically, Google Installer Virus is actually malware, not a “virus”   This form of malware is a tricky one, known as a RootKit.  A RootKit is a virus that embeds itself (either through Hardware or Software) in the system, and doesn’t come out with your usual Anti-Virus/Anti-Spyware. It also blocks almost every anti-spyware, anti-virus and the like.

Through a combination of ComboFix, MalwareBytes Anti-Malware, Spybot S&D (mentioned here) and Ad-Aware Free, we’ll remove the virus (and  anything else that’s hiding on your computer.)  I have all of these applications in a convenient zip folder for you.  Download here. (password: spywarekiller)

If you are on a Windows Machine:

Disconnect from the Internet

1.  First things first.  We’ll run ComboFix first.  ComboFix is an excellent RootKit remover.  But, before we proceed, ComboFix requires all Anti-virus to be shut off.  Visit here for help on that.

Disabled your anti-everything software? Read on.

Note:  Before Running ComboFix, close ALL applications and DO NOT, DO NOT, click on ComboFix’s window while it is running just let it run it’s course.

Run ComboFix.exe.  Uh oh!  It won’t run!  The RootKit has an advanced detection system that won’t allow certain executables to run, such as ComboFix.exe  It’s ok, there’s a solution.

Right-Click on ComboFix.exe, and rename it to something like “Ieexplore.exe” (without quotes)  Then run it.  Once again, do not click on the ComboFix window.  ComboFix may take a while, and may ask you to restart.  It may also request you to write down some information.  Write it down, restart, and let ComboFix work it’s magic.  This may take 45min.- 1 Hour.  if it’s less, good… lets move on.

After ComboFix finishes the scan, it brings up a log.  Close that down, read it if you like.  It’ll look like nothing’s happening.. nothing is, press Ctrl+Alt+Del, hit New Task, and type explorer.exe.  You should find that Explorer runs faster, at least a little.

2.  MalwareBytes Anti-Malware.  Run a quick scan.  This will remove some other malware, that ComboFix didn’t catch… it should find 13 things, click Remove Selected Items.  You can also run a full scan, but it didn’t find anything else for me with a full scan.  Done so soon?  Who’s Next?

3.  Now we’re to my old favorite, Spybot Search and Destroy, something I would recommend running once every two weeks(at least).  For more info on running Spybot S&D, visit my Essential Security Toolbox post.

4.  Ad-Aware.  Once again, an in the post mentioned right above, something to keep and install on every computer you get.

5. Run an online scan from ESET.

Run a free scan with ESET Online Scanner

I know it’s not everyone’s favorite, but you will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Scan

Wait for the scan to finish!  Once it’s done, it should fix/delete the items.

6.  You most likely still won’t have it completely removed.  If, when you start Windows (regular mode)  and you get all of these command prompt windows, (including command.com) then follow these directions.  If not, go ahead and skip down below these instructions.

Download Killbox. Boot into Safe Mode.  Do this by restarting the computer, when you hear a beep, and before the Windows logo appear, hit F8, and select Safe Mode from the options.

From Safe Mode, run KillBox, and select the “delete on reboot”

Click the All Files button.

Enter these, one by one, into KillBox, after each one, click the button with the red circle and white x.  After each one, select no when the reboot option is given, until the last one. Then reboot.

C:\WINDOWS\System32\x3cqp0.dll

C:\Program Files\MsConfigs\MsConfigs.exe

C:\Windows\system32\p2pnetwork.exe

C:\Windows\system32\CMD.COM

C:\Windows\system32\netstat.com

C:\Windows\system32\ping.com

C:\Windows\system32\regedit.com

C:\Windows\system32\tasklist.com

C:\Windows\system32\taskkill.com

C:\Windows\system32\taskmgr.com

C:\Windows\system32\tracert.com

C:\Windows\system32\bt.exe

C:\Windows\system32\z.tmp

C:\Windows\system32\bszip.dll

EDIT:  Run ComboFix, Spybot S&D, Your Anti-virus, and Ad-Aware again after following the above steps

Then enjoy your cleaned computer!!!

If you have a Mac

Happy Malware-Killing!

Ben

Feel free to comment, or shoot us an e-mail with your problem, if this didn’t solve it, and we’ll try our best to help you!

Disclaimer:  The intent of this post is for aiding in the removal of malware/spyware/viruses.  By following the steps detailed above, you take full responsibility for any damage you cause your computer, you, or anyone around you.