Solved

Hey folks. Anyone help me remove Madang.A virus? seems webroot doesn't identify it :(thanks j


Hey folks.  Anyone help me remove Madang.A virus?  seems webroot doesn't identify it :(thanks  jeff
icon

Best answer by Baldrick 30 May 2018, 01:06

View original

6 replies

Userlevel 7
Hi jeffreymw
 
Welcome to the the Community Forums.
 
Sorry to hear about this.  How do you know you are infected by this particular piece of malware if WSA does not apparently detect it?  Would be interested to know. 
 
Anyway, from what I have read about this nasty manual removal is not recommended for this threat, and by that I mean amateur removal.  Therefore you best best is to (i) a scan with WSA, from the main app panel, and see what that turns up, and if that does not find or report anything then your next course of action is (ii) to Open a Support Ticket, so that the Threat Researchers & Support Team can take a look and assist in removalof the nasty.
 
Sorry that we cannot help more but this one, if it is indeed an infection by this specific piece of malware, is best left to the professionals.
 
Regards, Baldrick 
I just get experience dealing with this file injector. This malware is persistance and keep coming back even after succesfull removal from full scan of webroot. It will inject all the .exe file with itself and set a registry to run a copy of itself c:/windows/system32/serverx.exe everytime Windows run.
It can hide itself very well, and very persistance especially if you are running in a network with openshare which caused the reinfection keep coming back even after cleaning.
Any recommendation or fine tuning on Webroot seruce anywhere will be much appreciated.
FYI I have just open a ticket and hopefully support can help remediate this issue. (this is my first post here).
Userlevel 7
Badge +62
Hello alfons,
 
Welcome to the Webroot Community Forum,
 
Sorry to hear of this issue. But you have already taken the best steps in Submitting that Support Ticket as help is on the way. Usually they respond in 24-48 hours. The Support Team will certainly take a look and assist in the removal for they are the professionals. ;)

 
Please keep in touch and let us know how things are going if you get a chance.
 
Thanks!
 
So Webroot's real-time protection didn't help then?. The only real protection against malware and virusus is backups. 
To be fair, webroot can detect it very well, but the injector keep coming back. I have tried other antivirus and it came back again, so no issue with detection.
The problem is how to prevent reinfection since everytime it cleaned up, then it will reinject .exe.
We did cleaning from safe mode with system restore disabled, but to my surprise it did came back again.
Finally we decide to format the PC and reinjection stop, but this show that the malware can hide itself very well and we still did not know how it happen 🙂.
Userlevel 7
As previously stated in a couple of the posts in this thread, manual removal of this 'nasty' is not recommended for this threat, and by that I mean amateur removal.  Therefore you best best, in your particular circumstancess is to Open a Support Ticket, so that the Threat Researchers & Support Team can take a look and assist in removal of it.
 
Sorry that we cannot help more but this one, if it is indeed an infection by this specific piece of malware, is best left to the professionals.
 
Regards, Baldrick 
 
 

Reply