"pc health kit" malware?

My pc had a clean install of windows 7 pro a week ago.

Was on the net using firefox and when updating java this damn pc health kit got installed somehow.

I always use the custom option and uncheck everything bundled with stuff when installing but didnt see anything about pc heath kit.

Im pretty sure its that same old anoying malware prog that tells u your pc is infected and wants money to fix it.

I remember it was a pain to remove on a buddies system years ago.

Tried a sys restore , failed.

Any way to remedy this besides windows reinstall?

Thanks

Malwarebytes can likely remove it or Superantispyware.

Alternatively if you like doing it the hands on way a lot of these malwares are cookie cutter variants that can be removed relatively easily. BUsy at work, but if you would like to do it that way, I can write up a quick check to tell let you know how.

Its crazy, I avoid downloading on the net unless its a known source or a tested torrent but with this... all I did was update java through firefox and now without my knowing have

Pc health kit
IMinent
And Sendori installed on my machine.

AVG doesnt pick up on it, system restore failed and removing through the control panel just causes uninstaller to freeze.

I feel like an @$$ for even allowing this crap to get installed, just dont understand how it happened with a java update

Eh, changed my mind, I'm gonna write it up anyway

Like I was saying, a lot of these malware are cookie cutter, they take the same core virus, change the GUI and a bit of code so that it can slip by updated virus definitions because its something new. Why write something new if you can modify it and make it work again? Anyways, due to this fact its a lot of the rogue AV malware stores itself in the same locations. I am not familiar with the specific one you refer to but this is what I would check first if I were working on it and wanted to remove it the hands on way.

Go into your C:\Users\youruseraccountname\appdata\local\ & C:\Users\youruseraccountname\appdata\Roaming\ & C:\Progam Data\

In these three directories you are likely to find executables with random characters for names (8-10 characters normally) that were created at the time you got the infection on your PC.

If you dont find anything in these locations press Windows+R to launch the run window and type msconfig. Go under the Startup tab and remove any malicious entries and entries you just dont want. These are all programs that run on startup and you can remove whatever you like from being on startup that you see here.

IF msconfig wont launch, boot into safemode and then do everything above. Doing the above steps will get you to the point where you can scan be assured you are removing the virus.

OH I forgot to mention, if you cannot scan or delete the files in the above directories, you will need to do everything i said in safemode. Also, when/if you delete the files you should do Shift+Delete to permanently delete them so they don't just sit in your recycling bin for ages


Everything I've said here is pretty quick and dirty and low risk but should be plenty effective. I'll watch the thread throughout the day if you have any questions or trouble with it.




Edit: If I get enough free time here today I'll do some research on the specific things you've named and see what I can find.

Install Hitmanpro or Malwarebytes and use their trial versions. It sounds to me like some form of adware but it could be a rogue. Do some scans and report back.

http://www.malwarebytes.org/

http://www.surfright.nl/en

Go into safe mode and try uninstalling it there. If that doesn't work, try revo-uninstaller from normal mode. If that still doesn't work, run Combofix and Malwarebytes from safe mode. Otherwise, you're probably going to have to reinstall. Also, make sure you don't have an infected flash drive or portable device.

When hitting alt ctrl del durring frozen uninstaller it stated iminent was uninstalled, it then let me uninstall the others but only after reboot.

Does these seem like malware or another threat or just bundled bs that comes with java?

Is there a good freeware program I can use to make sure everythings clean?

Thanks again

Combofix is a great tool as well but reinstalling is unnecessary for the malware on his computer. These aren't the hardcore viruses of old, most rogue AVs are no more then 5-6 files in the appdata directories and occasionally Program Data.

EDIT:
I'd scan it with Malwarebytes even though they say they are gone. A quick google shoes IMinent & Sendori are often viruses.

Going to try some of the suggestions.

Ive also noticed my firefox homepage was switched to yahoo, I reset it to default but when I search something it still shows up with yahoo results.

After exiting firefox and reopening... it now wont search or bring up any results.

What the bleep.

Could this crap really of came from a java update???

Or was I tricked into installing a bundled malware java update?

From now on get programs and updates from ninite.com You'll thank me later