Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

AntiVirus Soft virus (anyone ever get this beaut)
Vanity | 2-17-2010 | Frantzie

Posted on 02/17/2010 4:41:50 PM PST by Frantzie

Somehow I picked up this beauty. I had Avast and old Norton which I need to remove.

I am now trying to remove it with Avast on a reboot scan. I tried to download Malware Bytes on this machine but this awful virus sucks up everything on the machine. Avast is at 10%. I am not sure it will get it.


TOPICS: Computers/Internet
KEYWORDS: antivirus; malware; virus
Navigation: use the links below to view more comments.
first 1-5051-70 next last
Here is a link to PC Tools which talks about the virus. I have PC Tools with 3 licenses but it was not on that machine. I have one license left.

If Avast on the boot does not get it I will try to install PC Tools but this virus sucks up everything once the machine boots.

I trie dto download Malware Bytes and IE would not launch but Mozilla downloaded it. The AntiVirus Soft block Malware bytes from starting. Unreal.

http://www.pctools.com/threats/view/name/Antivirus%20Soft/?ref=google_antivirussoft&gclid=CPG9otPQ-p8CFZVj2god_2Y0WQ

1 posted on 02/17/2010 4:41:50 PM PST by Frantzie
[ Post Reply | Private Reply | View Replies]

To: Frantzie

Its not that Security Tool thing is it?


2 posted on 02/17/2010 4:43:59 PM PST by GeronL (I pledge allegiance to the Principles of the Bill of Rights and to protect and defend it...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Frantzie

http://www.pctools.com/threats/view/name/Antivirus%20Soft/?ref=google_antivirussoft&gclid=CPG9otPQ-p8CFZVj2god_2Y0WQ


3 posted on 02/17/2010 4:44:21 PM PST by GeronL (I pledge allegiance to the Principles of the Bill of Rights and to protect and defend it...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Frantzie

OK.. I need to pay more attention to the title... lol


4 posted on 02/17/2010 4:45:14 PM PST by GeronL (I pledge allegiance to the Principles of the Bill of Rights and to protect and defend it...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Frantzie

These fake AV programs usually have a rootkit that will keep you from running real AV. The one I had to deal with was a variant of the TDSS rootkit. There is a special tool called TDSS_killer available on the Kaspersky AV site. Once the rootkit was disabled, I was able to run Malware Bytes and remove the virus.

You will have better luck using a different computer to download malware bytes and the other tools you will need.


5 posted on 02/17/2010 4:45:58 PM PST by MediaMole
[ Post Reply | Private Reply | To 1 | View Replies]

To: GeronL

>>Its not that Security Tool thing is it?<<

That hit my wife’s computer and one of her friends.

If I ever meet the author I will happily cold-cock his butt, strip him naked, lock him in stocks and stomp on his genitals with heavy boots for hours in public.

It took everything I know (and a few things I didn’t) to get that damn thing out.


6 posted on 02/17/2010 4:46:36 PM PST by freedumb2003 (Communism comes to America: 1/20/2009. Keep your powder dry, folks. Sic semper tyrannis)
[ Post Reply | Private Reply | To 2 | View Replies]

To: freedumb2003

It took me hours and a restore point and lots of trouble to remove it from my neice’s computer.


7 posted on 02/17/2010 4:47:44 PM PST by GeronL (I pledge allegiance to the Principles of the Bill of Rights and to protect and defend it...)
[ Post Reply | Private Reply | To 6 | View Replies]

To: Frantzie

Download Malwarebytes on a seperate system. Boot the infected system into safe mode (tap F8 as you boot up). Transfer Malwarebytes via usb drive over to the infected system. Install and run in safe mode.

(If the infection is so bad that you cannot run Malwarebytes in safe mode, connect the infected drive via usb cable to a machine with Malwarebytes and run from that machine.)

After Malwarebytes runs, boot up normally and go to www.safer-networking.net and download Spybot S&D.

Run Spybot. Run Malwarebytes. Repeat until clean runs of both are done. Reboot. Repeat. Once you have clean runs of both after a reboot, install your favorite Anti-virus software (I am still sticking with AVG personally at this point)


8 posted on 02/17/2010 4:47:48 PM PST by Anitius Severinus Boethius
[ Post Reply | Private Reply | To 1 | View Replies]

To: MediaMole

Security Tool didn’t even let me bring up Task Manager. ggrrrrr


9 posted on 02/17/2010 4:48:24 PM PST by GeronL (I pledge allegiance to the Principles of the Bill of Rights and to protect and defend it...)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Anitius Severinus Boethius

that was going to be my suggestion. It saves a lot of time.

Kudos


10 posted on 02/17/2010 4:48:59 PM PST by Dacula (Evil succeeds when good men do nothing. Lets do something.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Frantzie

Any ideas where you picked it up?


11 posted on 02/17/2010 4:49:37 PM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Frantzie

Yeah, I got that a while back. I manually removed it.


12 posted on 02/17/2010 4:49:45 PM PST by RobRoy (The US today: Revelation 18:4)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Frantzie

I got this today. Malwarebytes removed it, Freep mail me if you need help


13 posted on 02/17/2010 4:51:09 PM PST by UB355 (Slower traffic keep right)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Anitius Severinus Boethius

Get Microsoft Security Essentials. You’ll never go back to AVG.


14 posted on 02/17/2010 4:51:14 PM PST by ChuckHam
[ Post Reply | Private Reply | To 8 | View Replies]

To: Frantzie

Manual removal steps here, http://www.2-spyware.com/remove-antivirus-soft.html

Have you Task Manager to stop it from running, and then manually removing it? Talk back.


15 posted on 02/17/2010 4:51:22 PM PST by daniel1212 ("Whosoever shall call upon the name of the Lord [only Biblical object of petition] shall be saved")
[ Post Reply | Private Reply | To 1 | View Replies]

To: Frantzie

your best bet is to let the virus load and then use the task manager to see what is running. Look for names and files for this virus and look for those folders.

Whne you have identified those folders and processes you can then use the process name to search the registry from regedit.

delete the lines that reference the virus.

It sounds simple and for the most part it is. It will take time to locate all of the files, folders and startup commands.

This is how I get rid of viruses.

Also, once it is cleaned, you should make a backup copy of your registry. THe next time you get a virus, you can stop the processes, delete the folders and import you copy of the registry.


16 posted on 02/17/2010 4:51:26 PM PST by Ouderkirk (Democrats: the party of Slavery, Segregation, Sodomy and Sedition)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Frantzie

It may greatly expedite the download if you were to create, and switch to, another user account. If you are already using an administrative account, it wouldn’t hurt to create and use another as that defensive line has already been crossed (one should always try to surf from limited account profile and just use Admin accounts for global programs installations and file manipulations). In fact, the virus may only reside in a single user profile.


17 posted on 02/17/2010 4:51:53 PM PST by Brass Lamp
[ Post Reply | Private Reply | To 1 | View Replies]

To: Frantzie

Search FR titles for “antivirus” to find my recent posting on my encounter with “Antivirus Live” ( which this sounds like ) and of course a lot of discussion.

http://www.freerepublic.com/focus/f-chat/2440876/posts


18 posted on 02/17/2010 4:52:16 PM PST by dr_lew
[ Post Reply | Private Reply | To 1 | View Replies]

To: Anitius Severinus Boethius

Worked for me today. I had to download Malwarebytes on a separate PC.


19 posted on 02/17/2010 4:52:18 PM PST by UB355 (Slower traffic keep right)
[ Post Reply | Private Reply | To 8 | View Replies]

To: ChuckHam

Microsoft security essentials let this infect my PC


20 posted on 02/17/2010 4:53:20 PM PST by UB355 (Slower traffic keep right)
[ Post Reply | Private Reply | To 14 | View Replies]

To: driftdiver
Any ideas where you picked it up?

I have a theory that these extortion-ware programs are broken up into pieces that are then hooked onto scripted portions of legitimate websites (hooking onto either flash or java). These pieces are small and innocous until all the pieces are downloaded in the temp files. A trigger will then cause them to launch and create the "virus".

Seems kind of far-fetched, but I have been fighting these and removing them weekly for almost 2 years now.

21 posted on 02/17/2010 4:54:32 PM PST by Anitius Severinus Boethius
[ Post Reply | Private Reply | To 11 | View Replies]

To: Anitius Severinus Boethius

“Seems kind of far-fetched, but I have been fighting these and removing them weekly for almost 2 years now.”

You might try ccleaner and clean out your temp files on a regular basis. If you’ve been fighting them for that long then you may be routinely visiting an infected server or are not removing them entirely.


22 posted on 02/17/2010 4:56:48 PM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 21 | View Replies]

To: driftdiver

For my job, not for my personal system.


23 posted on 02/17/2010 4:57:36 PM PST by Anitius Severinus Boethius
[ Post Reply | Private Reply | To 22 | View Replies]

To: Anitius Severinus Boethius

Are there other computers on the network? Is this a customers PC or your PC at work?


24 posted on 02/17/2010 4:58:30 PM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 23 | View Replies]

To: driftdiver

These are laptops of our clients. We have about 2,300 clients that travel and live all over the world. 1 or 2 cases of these viruses weekly end up on my desk.


25 posted on 02/17/2010 4:59:37 PM PST by Anitius Severinus Boethius
[ Post Reply | Private Reply | To 24 | View Replies]

To: Anitius Severinus Boethius

job security then.

I’ve used avast for quite a while and haven’t had a problem. When I used norton or macafee I did have problems.


26 posted on 02/17/2010 5:01:03 PM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 25 | View Replies]

To: Frantzie

Try System Restore to a date before you think you got it.


27 posted on 02/17/2010 5:01:19 PM PST by John W
[ Post Reply | Private Reply | To 1 | View Replies]

To: dr_lew

How to remove AntiVirus live

http://www.myantispyware.com/2009/12/07/how-to-remove-antivirus-live-uninstall-instructions/

Maybe


28 posted on 02/17/2010 5:02:23 PM PST by philetus (Keep doing what you always do and you'll keep getting what you always get.)
[ Post Reply | Private Reply | To 18 | View Replies]

To: driftdiver

I have plenty to do without these extortion-ware problems :)


29 posted on 02/17/2010 5:03:18 PM PST by Anitius Severinus Boethius
[ Post Reply | Private Reply | To 26 | View Replies]

To: Frantzie

Bookmark.


30 posted on 02/17/2010 5:05:29 PM PST by Sergio (If a tree fell on a mime in the forest, would he make a sound?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ChuckHam

I vote for MSE as well . Recently uninstalled Norton ( 2 months free with new HP ) and installed it . All is well ...and free besides .


31 posted on 02/17/2010 5:07:08 PM PST by sushiman
[ Post Reply | Private Reply | To 14 | View Replies]

To: Frantzie

Was your avast on automatic update and was it updating once or twice a day?

Is the virus allowing you to update it now?

The Norton may have been messing up your avast, you can’t have two antivirus programs at one.


32 posted on 02/17/2010 5:08:45 PM PST by ansel12 ( (anti SoCon. Earl Warren's court 1953-1969, libertarian hero, anti social conservative loser.))
[ Post Reply | Private Reply | To 1 | View Replies]

To: Frantzie
You can get a CD version of Linux called Ubuntu free. With that read only CD you can bring your computer up and either save all the stuff you want before doing a restore , or get AVG for Linux, then scan the Windows drive.
33 posted on 02/17/2010 5:12:50 PM PST by Nateman (If liberals aren't screaming you're doing it wrong.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: driftdiver

“Any ideas where you picked it up?”

No idea. I try real hard to avoid going any place that is questionable. I will look in IE logs to see where I went. I try to avoid surfing.

I had old stupid Norton and I think Avast wasn’t on full because of Norton. Norton factory pre-loaded is hard to get rid of.

I am at 77% on Avast at the boot drive but will have to put malware on a usb like the other fellow suggested. I dobt Avast will get it. This is a bad one.
FreeRepublic always has the best advice on stuff.


34 posted on 02/17/2010 5:14:05 PM PST by Frantzie (TV - sending Americans towards Islamic serfdom - Cancel TV service NOW)
[ Post Reply | Private Reply | To 11 | View Replies]

To: philetus

Remove Antivirus Soft (Uninstall Guide)

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft


35 posted on 02/17/2010 5:14:56 PM PST by philetus (Keep doing what you always do and you'll keep getting what you always get.)
[ Post Reply | Private Reply | To 28 | View Replies]

To: Frantzie

I got rid of this by using System Restore. However, you only have about 30 seconds from when your computer starts up to get into system restore.

This bug will block you from getting into it, but it does have about a 30 second lag time before this virus boots up. You need to try to beat it.


36 posted on 02/17/2010 5:15:08 PM PST by kara37
[ Post Reply | Private Reply | To 1 | View Replies]

To: Frantzie

Switch to firefox or Chrome for browsing. That also seems to help as fewer of the viruses are written for them.


37 posted on 02/17/2010 5:17:58 PM PST by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 34 | View Replies]

To: Frantzie
My grandson somehow downloaded Malware "AntiVir 2010" which kept telling him he was infected and in order for him to remove the virus he had to submit credit card for $40. We were able to remove it using Ad Aware.

http://download.cnet.com/Ad-Aware-Free-Anti-Malware/3000-8022_4-10045910.html?tag=mncol
38 posted on 02/17/2010 5:19:40 PM PST by Cheerio (Barack Hussein 0bama=The Complete Destruction of American Capitalism)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Frantzie
http://www.2-spyware.com/remove-antivirus-soft.html

Antivirus Soft manual removal:

Kill processes:
[RANDOM CHARACTERS]sysguard.exe, for example ghrtsysguard.exe [RANDOM CHARACTERS]sftav.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\AvScan
HELP:
how to remove registry entries

Delete files:
Windows XP: %UserProfile%\\Local Settings\\Application Data\\\\[RANDOM CHARACTERS]sysguard.exe Windows Vista and Windows 7: %UserProfile%\\AppData\\Local\\\\[RANDOM CHARACTERS]sysguard.exe %UserProfile%\\AppData\\Local\\\\[RANDOM CHARACTERS]sftav.exe
HELP:
how to remove harmful files

Delete directories:
%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\ (Win XP)
%UserProfile%\AppData\Local\\ (Win Vista & 7)
39 posted on 02/17/2010 5:20:06 PM PST by daniel1212 ("Whosoever shall call upon the name of the Lord [only Biblical object of petition] shall be saved")
[ Post Reply | Private Reply | To 34 | View Replies]

To: driftdiver

Recommend Blocking Unwanted Parasites with a Hosts File. Used for years, and you can add sites that give you problems. Thank God for such.

http://www.mvps.org/winhelp2002/hosts.htm


40 posted on 02/17/2010 5:22:43 PM PST by daniel1212 ("Whosoever shall call upon the name of the Lord [only Biblical object of petition] shall be saved")
[ Post Reply | Private Reply | To 37 | View Replies]

To: Frantzie

I have been able to remove this one and some of the different versions. You need to track down the exe file that allows it to run and delete it.

The first time i ran across it, it put an icon on the desktop. If you can check the properties of that icon, you can find out where it is located. You may need to find an alternate way to access your hard drive when you do this though.


41 posted on 02/17/2010 5:25:38 PM PST by TheNewPundit
[ Post Reply | Private Reply | To 1 | View Replies]

To: UB355

Doesn’t sound like it if you used two different other virus suites and you never even mention MSE.


42 posted on 02/17/2010 5:25:41 PM PST by aft_lizard (Barack Obama is Hugo Chavez's poodle.)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Anitius Severinus Boethius
No it sounds possible. This was very clever. The AV programs usually get them but this was too smart. But this week I have been slimed by a few people here for being a conspiracy nut due to musing about Obama’s weird family. The Ford Foundation connections including Geithner’s family. The FF is filled with leftists and intelligence spooks.

Well Avast did not get it on the boot. I got Malware Bytes started on the scan but this POS virus is flashing all sorts of stuff. I guess I have to run Malware in safe mode to kill this ba*tard.

43 posted on 02/17/2010 5:26:05 PM PST by Frantzie (TV - sending Americans towards Islamic serfdom - Cancel TV service NOW)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Frantzie

If you can figure out what file is the virus and end that process using task manager and then do a system restore to a date before you got it you may get rid of it. It worked for me. In my case I believe it was “ave”


44 posted on 02/17/2010 5:31:08 PM PST by John W
[ Post Reply | Private Reply | To 43 | View Replies]

To: ansel12

Norton was. How do you get old pre installer Norton off a machine? Uninstall? I tried once on a laptop and it is freaking hard.

Trying Malware Bytes is safe mode now. This thing really sucks.


45 posted on 02/17/2010 5:32:39 PM PST by Frantzie (TV - sending Americans towards Islamic serfdom - Cancel TV service NOW)
[ Post Reply | Private Reply | To 32 | View Replies]

To: Anitius Severinus Boethius

It is a beauty too because it starts opening browsers for adult.com and porno.org. I took it off the machine off the net. Some poor sucker could get this on his office machine and have porn web sites on there and get fired. Nasty pieces of work.

Running malware in safemode now.

Thanks for all the help from all.


46 posted on 02/17/2010 5:34:52 PM PST by Frantzie (TV - sending Americans towards Islamic serfdom - Cancel TV service NOW)
[ Post Reply | Private Reply | To 25 | View Replies]

To: kara37

In system restore - what if I did not set up a restore point? Does that matter?

I did F8 and had a choice to do system restore or run in safe mode. I am in safe mode now running Malware Bytes.

The people here are a great help. Just awesome. Thanks.


47 posted on 02/17/2010 5:38:48 PM PST by Frantzie (TV - sending Americans towards Islamic serfdom - Cancel TV service NOW)
[ Post Reply | Private Reply | To 36 | View Replies]

To: Frantzie

I worked on a laptop that had the same issue. I used sophos anti-rootkit to find it and remove it. Then ran malwarebytes, and spybot search and destroy. This one cost me quite a few man hours.


48 posted on 02/17/2010 5:42:23 PM PST by randomhero97 ("First you want to kill me, now you want to kiss me. Blow!" - Ash)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Frantzie

I used system restore.. it got rid of it..


49 posted on 02/17/2010 5:43:52 PM PST by Mmogamer (<This space for lease>)
[ Post Reply | Private Reply | To 47 | View Replies]

To: Frantzie

Sometimes the pc does it itself, system checkpoints or when updates are downloaded.


50 posted on 02/17/2010 5:54:45 PM PST by John W
[ Post Reply | Private Reply | To 47 | View Replies]


Navigation: use the links below to view more comments.
first 1-5051-70 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson