BleepingComputer.com: Need some help with Vista Antivirus 2012 Removal

Jump to content

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Need some help with Vista Antivirus 2012 Removal

#1 User is offline   BlankTim 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 12-December 11

Posted 12 December 2011 - 05:49 PM

My Roomies computer is infected with this nightmare, and who knows what else.
I tried to follow the instructions at http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012 but nothing is working.
I can't make a backup, I can't run HijackThis!, I can't do anything with the machine. Every time I try, Vista Antivirus 2012 throws up a popup window, and halts the process I tried to run.

So, where do I start?

Thanks :)

EDIT: I guess it might be helpful to know the machine is running Vista Home SP2

This post has been edited by hamluis: 12 December 2011 - 06:00 PM
Reason for edit: Moved from Vista to Am I Infected.

#2 User is offline   BlankTim 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 12-December 11

Posted 12 December 2011 - 07:00 PM

UPDATE:
Okay, I managed to get FixNCR.regto run. I had to close out all the windows that were opened by Vista AV 2012.
Once that was done, I was able to run RKill, and install MBAM. So, I'm making progress!

UPDATE:I think I've managed to get rid of the Vista Antivirus 2012 infection, but this machine is a mess. I've discovered that it's infected with something that causes the browsers to redirect to 63.209.69.107 So, I'm working on that now.

UPDATE: Still infected. I thought I had managed to get rid of the Vista AV 2012 stuff, but it has returned as "Security Defender".
ESET has found
C:\Users\Owner\AppData\Local\Temp\Low\jar_cache43050.tmp multiple threats deleted - quarantined
C:\Users\Owner\AppData\Local\Temp\Low\jar_cache43051.tmp a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Windows\system64\consrv.dll Win64/Sirefef.E trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.DN trojan

I'd prefer to avoid doing a complete restore on this machine, but I think I may have to.

This post has been edited by BlankTim: 13 December 2011 - 10:54 AM

#3 User is offline   Taco John 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 14-December 11

Posted 14 December 2011 - 01:23 AM

I had the same thing you had, and ended up doing a complete restore. Within 12 hours, Vista AV 2012 was back on my machine. I ended up running ComboFix. It said that I had something called Rootkit.Zero.Access which had inserted itselt in the tcp/ip stack, and that it was a particularly difficult infection. It seemed to clear up, but then 3 days later, I started noticing some weird things happening again. I just re-ran combofix, and it found the same infection again, and just cleaned it up. That's why I'm back here.

Good luck to you.

#4 User is offline   BlankTim 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 3
  • Joined: 12-December 11

Posted 14 December 2011 - 04:13 PM

Yup. Had to reformat & reinstall. Everything looks good so far, but we'll see what happens I guess.

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users