Amazing and free.

Oh, if my computer says that my security system doesn't allow a download, does that sound like something I would fix through Window Defender? Or my Antivirus program?

Download it to a flash drive on a different computer and then install from the flash drive.
you might have to boot up in Safe Mode With Networking.

MBAM is a teriffic program (I install it on every one of my machines & recommend it highly) but it alone cannot completely remove this malware. Poweliks is a malware with rootkit-like features, it resides in the registry (loads in memory) is persistent and is not present as a file which can be scanned & removed easily. The payload (malware file) is stored in an encrypted registry value and is loaded at boot time by a RUN key calling rundll32 process with an encrypted javascript payload. It has been seen to reside in (at least) these 2 keys:

HKCU\software\microsoft\windows\currentversion\run\(default)
HKEY_LOCAL_MACHINE\Software\classes\clsid\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32

Once the payload is loaded, it tries to execute an embedded powershell script in "interactive" (silent) mode. That powershell scripts contains another encoded payload which will be injected into a (legitimate) dllhost process (the persistent item), which acts as a trojan downloader for other malware& is also responsible for protecting the registry value by recreating it when removed.

RogueKiller (by French malware analyst Tigzy) claims to be able to remove Poweliks as does ESET Poweliks Cleaner & Malwarebytes Anti Rootkit Beta, links below.

http://www.adlice.com/poweliks-removal-with-roguekiller/
http://kb.eset.com/esetkb/index?page=content&id=SOLN3587
https://blog.malwarebytes.org/security-threat/2014/11/no-more-poweliks/

Me? I'd restore from backup if available or re-install the OS, YMMV.

Some interesting analyses:
https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html
http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3377

Nothing seemed to work and since I'm dealing with an old and amputated laptop (the only input option is a thumbdrive), I thought it was best to light a candle and give it a decent burial. The virus is preventing me from downloading any programs so I'm dead in the water. But, I'm okay with that because I knew I was on borrowed time with the little relic.

Just as a precaution, should I change passwords? Exactly how effective is it in collecting private info?

I can't give you a definitive answer re: collecting private info but do know that this malware is capable of downloading a smorgasbord of stuff for various nefarious purposes...including collecting private info, passwords, documents...etc.

"Nothing seemed to work"

May I ask what you've tried and also what are the symptoms beside being unable to dl programs?

I ran the NSET anti-virus, which I was surprised claimed that the last clean up was a week ago. I was surprised because I kept getting pop-ups from my anti-virus software claiming that it had quarantined-deleted a trojan--and these pop-ups were increasing, with the names changing.

I also did CCleaner and deleted everything that it found out of place. I did this with the registry clean-up which resulted in a permanent pop-up at start-up that claimed I had deleted a program (which definitely sounded Trojan). After that, each time I started the laptop the NSET pop-ups increased claiming that it was deleting Trojans.

Because I could not download a different anti-virus program (since the virus had locked me out) I decided not to stick around to find out if the Trojan was the one sending fraudulent NSET alerts.

Norton security free trial
http://us.norton.com/downloads

security search 'poweliks trojan'
http://us.norton.com/search?site=nrtn_en_US&client=norton&q=poweliks+trojan

Trojan.Poweliks Removal Tool
http://www.symantec.com/security_response/writeup.jsp?docid=2014-111020-0511-99


I noticed the Norton site had a removal tool for the Trojan, not sure if the tool will work without Norton antivirus installed, there is a free trial. Good luck, will not be to hard to remove it

Last edited Wed Dec 10, 2014, 01:17 PM - Edit history (2)

FWIW, I was able to (relatively) easily remove Poweliks from a test Win 7 Pro x64 Virtual Machine using a combination of Farbar's Recovery Scan tool, RogueKiller, Eset Services Repair tool & a few others like MBAM. Sorry I didn't reply sooner but I haven't had much time to "play" with malware samples lately until last weekend.

Relevant links:

http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3377
http://kb.eset.com/esetkb/index?page=content&id=SOLN3587
http://www.adlice.com/poweliks-removal-with-roguekiller/
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
http://www.bleepingcomputer.com/download/roguekiller/
http://www.bleepingcomputer.com/download/rkill/
http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe <<<Direct DL link ESET Svcs Repair
(The trojan wrecks several windows "defense" services (Security Center, Defender, Windoze Update, Firewall, etc...)

If the above tools still don't remove every trace, then it's time to drop "The Hammer" -- ComboFix
http://www.bleepingcomputer.com/download/combofix/

BC's standard ComboFix disclaimer, Caveat Emptor & all that:

Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper.

But, even fixes become obsolete after a few months.

So, to the bookmarks this will go.

Unfortunately the white hats are always playing catch-up, with the black hats finding newer vulnerabilities and more devious methods of intrusion & self-defense. The first two places I go to for info/analysis/treatment/cure when a new variant/method emerges:

http://www.kernelmode.info/forum/index.php?sid=1577b7ef7dc61c689e2a7497d60d7897
http://malware.dontneedcoffee.com/

Either or both links may trigger false positive alarms from AV (some zipped malware samples & reference to known threats)... I have to turn off my Avast when visiting Malware don't need Coffee

I believe, i may have got this after clicking an ad or a post on facebook which appeared to be fake. It made my computer super slow. I followed the steps @ powershell has stopped working and fixed it. Hope it will help you guys as well.

In case your antivirus is not removing it, try using adwlceaner or malwarebytes. Both are great and free.
I use malarebytes, it helped me recently with roll around ads - http://pcspywareshield.com/guides/roll-around/ (it is not actually a virus and my AVG antivirus do not flag it)

Eset Node32 may not a good antivirus program.
Reinstalling the system can fix the issue completely, but you'd better back up the important files before.

i have got it

AUTOMATED MESSAGE: Results of your Jury Service

Mail Message

On Fri Feb 26, 2016, 06:32 AM an alert was sent on the following post:

useful
http://www.democraticunderground.com/?com=view_post&forum=1095&pid=16786

REASON FOR ALERT

This post is disruptive, hurtful, rude, insensitive, over-the-top, or otherwise inappropriate.

ALERTER'S COMMENTS

Looks like a troll--also posted in Cooking & Baking


You served on a randomly-selected Jury of DU members which reviewed this post. The review was completed at Fri Feb 26, 2016, 06:39 AM, and the Jury voted 2-5 to LEAVE IT.

Juror #1 voted to HIDE IT
Explanation: I can't do much in the way of research while I'm on the jury, but the complainant thinks this brand new DUer is a troll. My guess is that he will be a spammer. He is posting on a long dormant thread. I've seen posts like this before and alerted on them. Just to kick this up to a higher level, I'm agreeing with the complainant. - mahatmakanejeeves
Juror #2 voted to LEAVE IT ALONE
Explanation: No explanation given
Juror #3 voted to HIDE IT
Explanation: Hint: don't troll when you're a newbie.
Juror #4 voted to LEAVE IT ALONE
Explanation: ???? Troll or not, I see nothing disruptive. ????
Juror #5 voted to LEAVE IT ALONE
Explanation: I have no idea why this post was flagged
Juror #6 voted to LEAVE IT ALONE
Explanation: No explanation given
Juror #7 voted to LEAVE IT ALONE
Explanation: No explanation given

Thank you very much for participating in our Jury system, and we hope you will be able to participate again in the future.

Welcome to DU.