View Full Version : simbar malware - how do I remove it ?

Tig Broad
10-05-2009, 18:28
Hi All.............

My friend has become plagued with 'simbar malware' through possibly clicking on a web site link. She clicked on a favourite, (which has been quite normal until Friday when the site opened she got the message -

Your connection has been blocked by the Firewall because it has detected that your computer may be infected by SIMBAR Malware, which can be used by other malicious software to spy on output from your browser to gather your usernames and passwords. Please see: SIMBAR Removal tool Or paste this URL into your browser address bar: (URL removed by moderator) Once Simbar is removed from your s

This is where the link goes to for me to download to get rid of the SIMBAR malware on the message.

I am wondering if the NoAdware download has something to do with this???

She has scanned with Avast and MBAM and all is clean. But the message appears as soon as she goes to this one web site. All other web sites are quite normal.

Can anyone help with this problem. My TIA as usual.

Tig.......... http://i98.photobucket.com/albums/l260/TigBroad/witch31.gif

anne morgan
10-05-2009, 18:35
That link will take you to a site which is full of red warnings on my WOT advisor

Have you tried running the scans in safe mode?

10-05-2009, 18:56
Is it listed in add or remove programs {remove it}

Then download this.

Please Download DrWeb-CureIt from here http://www.freedrweb.com/ & save it to your desktop.
1/ Double-click on drweb-cureit.exe and then click Start
2/ An information notice will appear, click OK.
3/ This starts a short scan that will scan the files currently running in memory.
PS/ If you get a prompt to buy the full version just exit out of the window DrWeb will still work.
4/ If or when something is found, click the Yes button when it asks you if you want to cure it.
5/ Once the short scan has finished and your Back at the main window, select the Complete scan button and then click the Green arrow to start the scan,
6/ Click Yes to all if it asks if you want to cure/move any file(s).
7/ When the scan is done.
8/ In the Dr.Web CureIt menu on top left, click File and choose Save report list
9/ Save the DrWeb.csv report to your Desktop
10/ Exit Dr.Web Cureit and Reboot the computer.
11/ And finally after reboot, Right-click the Dr.Web log on the desktop and choose Open With > Notepad
12/ Copy and paste that log in the next reply.

Tig Broad
10-05-2009, 20:06
Thanks to both above.
Wiil report back when my friend has tried the suggestions.


10-05-2009, 21:19
Tig Broad

The Message your friend has encountered is fake, its a tactic by Rogue software. Typically they'll say your computer is infected, then insist that you run X software to remove it. The URL (removed by admin) is a link to such software that is completely fake and does nothing to secure your PC. Once Installed Rogues will scan the victims PC and insist that it's infected (Fake) then to remove these so called infection they'll ask the unsuspecting user to pay. These Rogues are all over the internet and most are just the same with different names, they're only out to get peoples bank details and possibly sell their identities to other criminals.

It's known that sometimes usual safe sites can be compromised and offer links to or host malware.

Tig Broad
20-05-2009, 16:02
Hi Fletch..............
In the end she has been to the local PC engineer and he had to reformat her machine.
Fortunately she had backed up the important files to an external drive so all was not lost.
Thanks for your help and I have d/loaded the programme you suggested for my own use should I need it.
Thanks again,