Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Use a Flash Drive to Rescue a Malware-Infested PC ( Antivirus Live )
Bnet ^ | 1/30/2010 | Rick Broida

Posted on 01/30/2010 10:19:14 AM PST by dr_lew

There’s a particularly nasty virus making the rounds right now. It’s informally known as the Antivirus Live virus, as it bombards your PC with scary, real-looking security warnings and masquerades as a program — Antivirus Live (pictured) — that can protect and repair your system.

(Excerpt) Read more at blogs.bnet.com ...


TOPICS: Computers/Internet
KEYWORDS: antivirus; antiviruslive; computer; malware; rogue; security; virus
Navigation: use the links below to view more comments.
first 1-5051-65 next last
I got this Thursday night, just after posting to FR, but I had been viewing video and pictures from various sources, as well as logging into Photobucket, so I'm not sure how I got it. I sat there like a dope while it downloaded itself after I initiated a shutdown, as it took over my Windows blue screen which warned me not to power off because updates were in progress.

It is very scary and seems like a hopeless situation, since it won't let anything run, including the task manager. However, I had immediate success using the advice of this article, which I read Friday from my work computer. I put the SUPERAntiSpyware product linked in the article on a thumbdrive and ran it while I was disconnected from the internet. I can't make an expert recommendation, but I did have success.

I didn't run in safe mode, but followed a tip I read in a long list of comments at How To Geek. With "Antivirus Live" infection, you have a 20 or 30 second grace period after Windows XP boot where you can bring up the task manager and see the malware initializer running as XXXXsysguard.exe ( XXXX is a variable alphameric string. ) I was able to kill it from the task manager, and it didn't come back while I installed and ran SUPERAntiSpyware from the thumbdrive, and by all appearances I am rid of the thing, but you never know! I was certainly pleased by the apparent quick and easy success after the many dire accounts of its tenacity, so I just thought I'd share this experience with FR.

This seems like a pretty widespread problem, but maybe that's just because I got it.

1 posted on 01/30/2010 10:19:15 AM PST by dr_lew
[ Post Reply | Private Reply | View Replies]

To: dr_lew

bookmark


2 posted on 01/30/2010 10:20:39 AM PST by GiovannaNicoletta
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew

Thats been around a while, going by a lot of different names. It has also had a variant pretending to be Windows Defender and other things.

My niece got one and it took me a couple of hours to root it out and kill it. My real anti-virus was able to finally catch it on mine and qurantine it.


3 posted on 01/30/2010 10:22:26 AM PST by GeronL (http://tyrannysentinel.blogspot.com)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew

malwarebytes- free upload


4 posted on 01/30/2010 10:22:36 AM PST by silverleaf
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew

5 posted on 01/30/2010 10:23:25 AM PST by JoeProBono (A closed mouth gathers no feet)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew

I use

http://www.bleepingcomputer.com/

for malware related help ...


6 posted on 01/30/2010 10:23:57 AM PST by 08bil98z24 (The WOD is unconstitutional ------>>> NObama ... Anybody but him!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

/mark


7 posted on 01/30/2010 10:24:12 AM PST by KoRn (Department of Homeland Security, Certified - "Right Wing Extremist")
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew
I should mention that I followed the ( very easy ) procedure at Bleeping Computer for unsetting the Proxy Server option in my Windows IE. This seemed to be the only corruption of it, after I ran the SUPERAntiSpyware tool. I don't think that tool did anything to IE, though. It just cleaned up some files and my registry.
8 posted on 01/30/2010 10:27:21 AM PST by dr_lew
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew

my wife’s PC caught this form of comuter clap. It is now at the shop beng repaired. Had a partial fix in place with the thumb drive solution discussed, told her to stay off the internet and lo and behold, she tries to email someone and the thing crashed....

$^%$^%&%@@#


9 posted on 01/30/2010 10:28:46 AM PST by misterrob (Have you tea bagged a liberal today?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew

I received it last year. I was eventually able to clean out the virus. It appeared again last week and tried to install. I stopped the installation by immediately shutting down my PC. I restarted without any problems.


10 posted on 01/30/2010 10:29:30 AM PST by Man50D (Fair Tax, you earn it, you keep it! www.FairTaxNation.com)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew

@dr_lew: Thanks for this article and advise. My PC got killed this week by the very same virus. The problem is that it blocks your access to the internet and control panel so you can’t get any help. Can you elaborate on how you killed it once you booted the computer back up. Thanks in advance.


11 posted on 01/30/2010 10:30:19 AM PST by northwinds
[ Post Reply | Private Reply | To 1 | View Replies]

To: Man50D

Yeah, that’s what I do when things look weird - - I reach down to my stack and hold the button in for 5+ seconds until the thing shuts down.


12 posted on 01/30/2010 10:34:09 AM PST by Lancey Howard
[ Post Reply | Private Reply | To 10 | View Replies]

To: dr_lew

The best bet is to make an image of your hard drive and make incremental backups onto an external hard drive. This way you can always revert back to a state of PERFECT. I use “Acronis True Image Home” and can honestly say it saved my and my familys butt numerous times. Although we all use an antivirus program, sometimes things get through. To restore an infected PC back to a state of perfect takes about 20 min. This is by far the best software investment I have ever made.

On a side-note. It is wise to password protect your passwords in firefox & IE. My son just had to reimage his hardrive to prevent any more security leaks in his browser. Seems that he picked up some sort of virus that pulled out and sent all his passwords to an ip address in Nigeria, resulting in a mass funding transfer parade. Cost him thousands. PASSWORD PROTECT YOUR PASSWORDS.


13 posted on 01/30/2010 10:34:49 AM PST by foolishboi
[ Post Reply | Private Reply | To 8 | View Replies]

To: dr_lew

Had quite a time booting into safe mode with my wireless kbd.


14 posted on 01/30/2010 10:35:01 AM PST by Strident (Think. It's the new "feel".)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew

bttt


15 posted on 01/30/2010 10:35:08 AM PST by bmwcyle (Free the Navy Seals)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew

I got it twice first time i got rid of it,second time bombarded with all you had plus viagra and porn pop ups..
Called wife at work she asked the IT guy what to do,download Spybot search and destroy for free,cannot remember what site but i am sure if you google it it will show..
Finally go online thru Mozilla Firefox,oh yeah AVG for a free anti-virus.
Not had a problem in 2 years..


16 posted on 01/30/2010 10:35:23 AM PST by GSP.FAN (These are the times that try men's souls.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew

My PC caught this crap about two weeks ago (think my kid clicked on something). I ran Microsoft Security Essentials AND Avast and wiped it out.


17 posted on 01/30/2010 10:35:38 AM PST by manic4organic (Obama shot hoops, America lost troops.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Man50D

“...stopped the installation by immediately shutting down my PC...”

by saying that, I presume you mean hitting the switch rather than “shutting it down”, as in normal start-menu + shut down mouse clicks?


18 posted on 01/30/2010 10:36:43 AM PST by Vn_survivor_67-68 (CALL CONGRESSCRITTERS TOLL-FREE @ 1-800-965-4701)
[ Post Reply | Private Reply | To 10 | View Replies]

To: silverleaf

I got turned onto Malwarebytes by our IT team at work. It works well.


19 posted on 01/30/2010 10:37:20 AM PST by PrincessB ("if government X-rays are anything like the photos the DMV takes for your license, count me out" A.)
[ Post Reply | Private Reply | To 4 | View Replies]

To: dr_lew

I was on the same site, and the same thing happened to me too. However, my McAfee caught it. So no issues over here.


20 posted on 01/30/2010 10:38:21 AM PST by Sprite518
[ Post Reply | Private Reply | To 1 | View Replies]

To: silverleaf
If you upload malwarebytes or another product before you have an infection, you can run it in Safe mode ( I guess ) or normally after killing XXXXsysguard.exe, like I did with the thumbdrive. Otherwise, you're faced with downloading while "Antivirus Live" is still active.

The comments at How To Geek report variable success using Safe Mode to do this. I found these comments to be very helpful in making a judgement how to proceed. I couldn't even boot in Safe Mode using the F8 key, as recommended. I just got a blank black screen. So I tried the normal boot and kill procedure that I read of there, and this worked great for me.

21 posted on 01/30/2010 10:38:26 AM PST by dr_lew
[ Post Reply | Private Reply | To 4 | View Replies]

To: Vn_survivor_67-68
by saying that, I presume you mean hitting the switch rather than “shutting it down”, as in normal start-menu + shut down mouse clicks?

I turned it off and forced a cold boot.
22 posted on 01/30/2010 10:38:43 AM PST by Man50D (Fair Tax, you earn it, you keep it! www.FairTaxNation.com)
[ Post Reply | Private Reply | To 18 | View Replies]

To: dr_lew

Bookmarking for future reference if needed! Thanks


23 posted on 01/30/2010 10:40:10 AM PST by 2nd amendment mama ( www.2asisters.org | Self defense is a basic human right!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew

When someone is determined to have created and released malware or virii like this into the wild, they really should face life in prison without parole.

So far I’ve managed to avoid any truly nasty infections, but even the lesser ones I’ve dealt with have left me wanting to cause grievous bodily harm to the scum who wrote it.


24 posted on 01/30/2010 10:40:58 AM PST by Dr.Zoidberg (Warning: Sarcasm/humor is always engaged. Failure to recognize this may lead to misunderstandings.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: handy old one

ping


25 posted on 01/30/2010 10:45:54 AM PST by handy old one (If you play in nature be prepared to be played with by nature!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew

My wifes computer caught this and it was a nightmare. finally I booted up in safe mode and was able to run system restore. Then I ran a complete virus/malware scan. That got rid of it.


26 posted on 01/30/2010 10:46:21 AM PST by circlecity
[ Post Reply | Private Reply | To 1 | View Replies]

To: northwinds
Can you elaborate on how you killed it once you booted the computer back up.

I have Windows XP, which has a pretty good Task Manager. I just hit ctrl-alt-del as soon as possible, selected the task manager, scrolled down to highlight XXXXsysguard.exe, and selected "End process". I think I may have had to do it twice. It's a race against time, so be sure to stay cool, calm, and collected as you fumble around :-)

When I put the thumbdrive in, with the SUPERAntiSpyware on it, I used Windows Explorer ( not Internet Explorer! ) to run it, and as I said, it seemed to go very smoothly from there, ( not forgetting about unsetting "Proxy Server" in IE! )

I think my Safe Mode boot problems may have been because I put the thumbdrive in before the boot. It may look there for a boot image, or something.

27 posted on 01/30/2010 10:50:38 AM PST by dr_lew
[ Post Reply | Private Reply | To 11 | View Replies]

To: dr_lew

I just got my computer back from the shop after getting this nasty thing.

Tried to shut down but wasn’t fast enough.

What a mess!

Thought my McAfee would have stopped it - it didn’t.


28 posted on 01/30/2010 10:51:09 AM PST by Dinah Lord
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew
Last week I had to flatline my daughter's PC and reinstall windows due to a similar virus "Internet Security 2010" (it might even be the same virus with a different alias). It was ugly.

Take frequent incremental backups.

29 posted on 01/30/2010 10:56:40 AM PST by PapaBear3625 (Public healthcare looks like it will work as well as public housing did.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Dr.Zoidberg
So far I’ve managed to avoid any truly nasty infections, but even the lesser ones I’ve dealt with have left me wanting to cause grievous bodily harm to the scum who wrote it.

Oy Vey! Don't ask me about the lurid visions I was having already, Dr. Zoidberg!

I was wondering too, why there seems to be so little interest or discussion about the source and history of this thing, ( which is just the thing of the moment, I guess. It's an ongoing issue. ) I did notice that one of the counterfeit pop-up warnings had some very interesting grammatical irregularities. I jotted down, "Click here for the scan of you computer."

My tin hat is tingling off my head.

30 posted on 01/30/2010 10:59:45 AM PST by dr_lew
[ Post Reply | Private Reply | To 24 | View Replies]

To: Dinah Lord

Another post that reminds me of how glad I am that I switched to Apple computers after 20+ years of putting up with Windoze. I have an online/all the time connection. In more than a year and a half of heavy internet use I’ve never had a virus, worm, or annoying malware. Now that you can run Windows programs under the MacOS as well as they run on a PC there’s no reason not to switch. No.. I don’t work for Steve Jobs. But, I think I spent a lot of time working for Norton, McAffey, AVG, and etc..


31 posted on 01/30/2010 11:04:48 AM PST by theoldmarine (an apple a day...)
[ Post Reply | Private Reply | To 28 | View Replies]

To: dr_lew

I solved this problem about 3.5 years ago. I bought the wife a Mac and used Ubuntu on my computer.

The iMac I bought for her works as well today as it did that day I bought it in 2006. Actually it works better with Snow Leopard on it.

I know all the arguments people make about Mac—too expensive, etc. But we simply haven’t had to spend a penny on anti-virus, nor a minute of time on removing viruses.

And I don’t see the need to replace that computer for years to come.

In the end, I would rather enjoy a worry free computing experience instead of all the stuff I see on this post.


32 posted on 01/30/2010 11:12:42 AM PST by comps4spice (Obama = Going a long way in making Jimmy Carter look competent.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: JoeProBono

I got that thing some days ago and my AVAST started yelling. I X-ed out and did a anti virus run and have been fine.


33 posted on 01/30/2010 11:12:50 AM PST by LadyPilgrim ((Lifted up was He to die; It is finished was His cry; Hallelujah what a Savior!!!!!! ))
[ Post Reply | Private Reply | To 5 | View Replies]

To: Dr.Zoidberg
When someone is determined to have created and released malware or virii like this into the wild, they really should face life in prison without parole.

Life on an island with no access to modern (post 1900) technology.

34 posted on 01/30/2010 11:14:00 AM PST by reg45
[ Post Reply | Private Reply | To 24 | View Replies]

To: comps4spice
In the end, I would rather enjoy a worry free computing experience instead of all the stuff I see on this post.

Amen...running Linux Mint here....but I do have a laptop which has one job....Turbotax...

35 posted on 01/30/2010 11:15:59 AM PST by Ernest_at_the_Beach ( Support Geert Wilders)
[ Post Reply | Private Reply | To 32 | View Replies]

To: dr_lew
Turn your computer on while holding down your F8 key. This put your computer in safe mode. Toggle down to “safe mode in network” and download Malwarebytes, which you can get off cnet downloads and it's free. It will remove it. Good luck.
36 posted on 01/30/2010 11:16:02 AM PST by kempo
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew

My computer was nailed by this 3 days ago. I took it to the pros and they cleaned it up for $70. Everything I tried didn’t work, including running the malwarebytes program. I’ll try this if it happens again.


37 posted on 01/30/2010 11:17:22 AM PST by Travis McGee (---www.EnemiesForeignAndDomestic.com---)
[ Post Reply | Private Reply | To 1 | View Replies]

To: LadyPilgrim

38 posted on 01/30/2010 11:17:23 AM PST by JoeProBono (A closed mouth gathers no feet)
[ Post Reply | Private Reply | To 33 | View Replies]

To: silverleaf

I already had malwarebytes installed, but it couldn’t touch this new iteration. It blocked malwarebytes from working to isolate the virus.


39 posted on 01/30/2010 11:18:20 AM PST by Travis McGee (---www.EnemiesForeignAndDomestic.com---)
[ Post Reply | Private Reply | To 4 | View Replies]

To: reg45

That would work, as long as it were a rather desolate place where you had to work from before sun up to well after sun down for just basic survival.

And at that, I’d still want them to be flogged weekly for the duration of their existence.


40 posted on 01/30/2010 11:19:29 AM PST by Dr.Zoidberg (Warning: Sarcasm/humor is always engaged. Failure to recognize this may lead to misunderstandings.)
[ Post Reply | Private Reply | To 34 | View Replies]

To: JoeProBono

Trouble with Avira is that the free version doesn’t scan emails


41 posted on 01/30/2010 11:21:08 AM PST by foolishboi
[ Post Reply | Private Reply | To 38 | View Replies]

To: Travis McGee

Read post 36


42 posted on 01/30/2010 11:21:24 AM PST by kempo
[ Post Reply | Private Reply | To 39 | View Replies]

To: kempo
Make sure you update malwarebytes everytime before you run a scan.
43 posted on 01/30/2010 11:22:47 AM PST by kempo
[ Post Reply | Private Reply | To 42 | View Replies]

To: HalfFull

mark


44 posted on 01/30/2010 11:24:22 AM PST by HalfFull ("Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery?" -PHenry)
[ Post Reply | Private Reply | To 1 | View Replies]

ph


45 posted on 01/30/2010 11:31:58 AM PST by xone
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew

This is the first malware script I’ve been infected with in 10 years.

It was simple to get rid of....First I unplugged my network cable then shut down the computer. Since it won’t let you open any executable programs after it boots up into memory, after restart, I immediately opened MSCONFIG and disabled it under the startup tab. Rebooted and it was gone. Searched for all remnants and removed them. Fixed the corrupt proxy setting with Hijack this!. 15 minutes tops....Harmless bugger.


46 posted on 01/30/2010 11:37:08 AM PST by Electric Graffiti (Well, we didn't get dressed up for nothin')
[ Post Reply | Private Reply | To 1 | View Replies]

To: Electric Graffiti

“This is the first malware script I’ve been infected with in 10 years.”

You must not surf the net much, or you have incredible luck.


47 posted on 01/30/2010 11:43:25 AM PST by foolishboi
[ Post Reply | Private Reply | To 46 | View Replies]

To: foolishboi

Actually I don’t think I’ve had a virus, trojan, worm, malware, script ever until this one and I’ve been online since Al Gore invented the internet. I don’t use an Anti-virus either. ;)


48 posted on 01/30/2010 11:53:58 AM PST by Electric Graffiti (Well, we didn't get dressed up for nothin')
[ Post Reply | Private Reply | To 47 | View Replies]

To: dr_lew

My brother in law, small cash register co owner, used the quick(grace) method to rid a customer of this bug.

I couldn’t get to the control panel on one of my customers PC. I booted to safe mode and used a flash drive to install Malwarebytes. I also ran the program from safe mode. Cleared it right up.


49 posted on 01/30/2010 11:54:51 AM PST by SeeRushToldU_So ( Go Braves! Braves are gone.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew

Ping for later.


50 posted on 01/30/2010 11:56:16 AM PST by PubliusMM (RKBA; a matter of fact, not opinion. 01-20-2013: Change we can look forward to.)
[ Post Reply | Private Reply | To 1 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-65 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson