BleepingComputer.com: AntiVirus 2010 removal via TeamViewer Remote Connection

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

AntiVirus 2010 removal via TeamViewer Remote Connection

#1 User is offline   semiotically 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 19-December 10

  Posted 19 December 2010 - 02:42 PM

Family member installed AntiVirus 2010 can see in 'remove programs'

I'm using TeamViewer's Remote Desktop Feature & tried to run Rkill & AntiMalware bytes which was 'intercepted' (error message) by virus.

The pre-installed Eset Smart Security finds 1 infected file but can't clean it.

Please excuse grammar/ typos as am currently connected to this computer via remote connection. Will it make a difference running Rkill & Malware Bytes (also A-Squared Free) in Safe Mode? or will the error message reoccur? I would try safe mode though the only member computer literate enough to start in safe mode & get out of safe mode is currently snowed in. I know you might think it easy to use f8 etc when computer starts though AntiVirus 2010 has disabled (! exclamation mark in device manager) the keyboard - tried deleting & reinstalling driver to no avail.

Whilst I wait for Eset Scan to end my question is will RKill & Malware Bytes actually work in Safe Mode?

Also do any of this processes seem suspect - I used print screen feature via Remote desktop to capture their taskmanager:

http://www.semiotically.com/TaskMan.bmp

As maybe I can manually end the process?
Ah, such a niuisance Ps. I'm in Portugal they're in UK :/ please help....

-----------------------------------------------------------------------

UPDATE - ESET FILE - INFECTED
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll

probably a variant of Win32/Kryptik.YQ
trojan - unable to clean

-------------------------------------------------------------------------------

2nd UPDATE

I tried the F-Secure, BitDefender & A-Squared Online Scanners & subsequently the connection to IE was cut.

I will try SafeMode with Networking next time when another member is over & hopefully I can update the installed scanners & use them in safe mode. If this isn't successful would it be possible to use a VPN connection (again TeamViewer) to scan their computer files using the scanner programs on my computer, would this risk speading the virus to me (I have the same Eset Smart Security as part of a 3 licence pack)?

------ -------------------------------------------------------------------------

3rd Update

ok found this:
http://forum.avast.com/index.php?PHPSESSID=280530772807f304ef56f9deab3c830f&topic=55178.0

which seems to use this:
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010
then this:
http://www.geekstogo.com/forum/topic/267355-how-to-remove-internet-security/

so will try first then second tomorrow & keep post up-to-date after.

This post has been edited by semiotically: 19 December 2010 - 04:51 PM

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users