Skip to comments.AntiVirus Soft virus (anyone ever get this beaut)
Posted on 02/17/2010 4:41:50 PM PST by Frantzie
Somehow I picked up this beauty. I had Avast and old Norton which I need to remove.
I am now trying to remove it with Avast on a reboot scan. I tried to download Malware Bytes on this machine but this awful virus sucks up everything on the machine. Avast is at 10%. I am not sure it will get it.
If Avast on the boot does not get it I will try to install PC Tools but this virus sucks up everything once the machine boots.
I trie dto download Malware Bytes and IE would not launch but Mozilla downloaded it. The AntiVirus Soft block Malware bytes from starting. Unreal.
Its not that Security Tool thing is it?
OK.. I need to pay more attention to the title... lol
These fake AV programs usually have a rootkit that will keep you from running real AV. The one I had to deal with was a variant of the TDSS rootkit. There is a special tool called TDSS_killer available on the Kaspersky AV site. Once the rootkit was disabled, I was able to run Malware Bytes and remove the virus.
You will have better luck using a different computer to download malware bytes and the other tools you will need.
>>Its not that Security Tool thing is it?<<
That hit my wife’s computer and one of her friends.
If I ever meet the author I will happily cold-cock his butt, strip him naked, lock him in stocks and stomp on his genitals with heavy boots for hours in public.
It took everything I know (and a few things I didn’t) to get that damn thing out.
It took me hours and a restore point and lots of trouble to remove it from my neice’s computer.
Download Malwarebytes on a seperate system. Boot the infected system into safe mode (tap F8 as you boot up). Transfer Malwarebytes via usb drive over to the infected system. Install and run in safe mode.
(If the infection is so bad that you cannot run Malwarebytes in safe mode, connect the infected drive via usb cable to a machine with Malwarebytes and run from that machine.)
After Malwarebytes runs, boot up normally and go to www.safer-networking.net and download Spybot S&D.
Run Spybot. Run Malwarebytes. Repeat until clean runs of both are done. Reboot. Repeat. Once you have clean runs of both after a reboot, install your favorite Anti-virus software (I am still sticking with AVG personally at this point)
Security Tool didn’t even let me bring up Task Manager. ggrrrrr
that was going to be my suggestion. It saves a lot of time.
Any ideas where you picked it up?
Yeah, I got that a while back. I manually removed it.
I got this today. Malwarebytes removed it, Freep mail me if you need help
Get Microsoft Security Essentials. You’ll never go back to AVG.
Manual removal steps here, http://www.2-spyware.com/remove-antivirus-soft.html
Have you Task Manager to stop it from running, and then manually removing it? Talk back.
your best bet is to let the virus load and then use the task manager to see what is running. Look for names and files for this virus and look for those folders.
Whne you have identified those folders and processes you can then use the process name to search the registry from regedit.
delete the lines that reference the virus.
It sounds simple and for the most part it is. It will take time to locate all of the files, folders and startup commands.
This is how I get rid of viruses.
Also, once it is cleaned, you should make a backup copy of your registry. THe next time you get a virus, you can stop the processes, delete the folders and import you copy of the registry.
It may greatly expedite the download if you were to create, and switch to, another user account. If you are already using an administrative account, it wouldn’t hurt to create and use another as that defensive line has already been crossed (one should always try to surf from limited account profile and just use Admin accounts for global programs installations and file manipulations). In fact, the virus may only reside in a single user profile.
Search FR titles for “antivirus” to find my recent posting on my encounter with “Antivirus Live” ( which this sounds like ) and of course a lot of discussion.
Worked for me today. I had to download Malwarebytes on a separate PC.
Microsoft security essentials let this infect my PC
I have a theory that these extortion-ware programs are broken up into pieces that are then hooked onto scripted portions of legitimate websites (hooking onto either flash or java). These pieces are small and innocous until all the pieces are downloaded in the temp files. A trigger will then cause them to launch and create the "virus".
Seems kind of far-fetched, but I have been fighting these and removing them weekly for almost 2 years now.
“Seems kind of far-fetched, but I have been fighting these and removing them weekly for almost 2 years now.”
You might try ccleaner and clean out your temp files on a regular basis. If you’ve been fighting them for that long then you may be routinely visiting an infected server or are not removing them entirely.
For my job, not for my personal system.
Are there other computers on the network? Is this a customers PC or your PC at work?
These are laptops of our clients. We have about 2,300 clients that travel and live all over the world. 1 or 2 cases of these viruses weekly end up on my desk.
job security then.
I’ve used avast for quite a while and haven’t had a problem. When I used norton or macafee I did have problems.
Try System Restore to a date before you think you got it.
How to remove AntiVirus live
I have plenty to do without these extortion-ware problems :)
I vote for MSE as well . Recently uninstalled Norton ( 2 months free with new HP ) and installed it . All is well ...and free besides .
Was your avast on automatic update and was it updating once or twice a day?
Is the virus allowing you to update it now?
The Norton may have been messing up your avast, you can’t have two antivirus programs at one.
“Any ideas where you picked it up?”
No idea. I try real hard to avoid going any place that is questionable. I will look in IE logs to see where I went. I try to avoid surfing.
I had old stupid Norton and I think Avast wasn’t on full because of Norton. Norton factory pre-loaded is hard to get rid of.
I am at 77% on Avast at the boot drive but will have to put malware on a usb like the other fellow suggested. I dobt Avast will get it. This is a bad one.
FreeRepublic always has the best advice on stuff.
Remove Antivirus Soft (Uninstall Guide)
I got rid of this by using System Restore. However, you only have about 30 seconds from when your computer starts up to get into system restore.
This bug will block you from getting into it, but it does have about a 30 second lag time before this virus boots up. You need to try to beat it.
Switch to firefox or Chrome for browsing. That also seems to help as fewer of the viruses are written for them.
Recommend Blocking Unwanted Parasites with a Hosts File. Used for years, and you can add sites that give you problems. Thank God for such.
I have been able to remove this one and some of the different versions. You need to track down the exe file that allows it to run and delete it.
The first time i ran across it, it put an icon on the desktop. If you can check the properties of that icon, you can find out where it is located. You may need to find an alternate way to access your hard drive when you do this though.
Doesn’t sound like it if you used two different other virus suites and you never even mention MSE.
Well Avast did not get it on the boot. I got Malware Bytes started on the scan but this POS virus is flashing all sorts of stuff. I guess I have to run Malware in safe mode to kill this ba*tard.
If you can figure out what file is the virus and end that process using task manager and then do a system restore to a date before you got it you may get rid of it. It worked for me. In my case I believe it was “ave”
Norton was. How do you get old pre installer Norton off a machine? Uninstall? I tried once on a laptop and it is freaking hard.
Trying Malware Bytes is safe mode now. This thing really sucks.
It is a beauty too because it starts opening browsers for adult.com and porno.org. I took it off the machine off the net. Some poor sucker could get this on his office machine and have porn web sites on there and get fired. Nasty pieces of work.
Running malware in safemode now.
Thanks for all the help from all.
In system restore - what if I did not set up a restore point? Does that matter?
I did F8 and had a choice to do system restore or run in safe mode. I am in safe mode now running Malware Bytes.
The people here are a great help. Just awesome. Thanks.
I worked on a laptop that had the same issue. I used sophos anti-rootkit to find it and remove it. Then ran malwarebytes, and spybot search and destroy. This one cost me quite a few man hours.
I used system restore.. it got rid of it..
Sometimes the pc does it itself, system checkpoints or when updates are downloaded.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.