Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2009 last remnants


  • Please log in to reply
41 replies to this topic

#1 Marion M

Marion M

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Pensylvania
  • Local time:04:39 PM

Posted 18 November 2008 - 11:46 AM

Hello, all, and thank you in advance.

My husby's computer was\is infected with Antivirus 2009. I cannot go on line to update definitions or download programs to finish fixing the problem. I did go to startup and unchecked the Antivirus 2009. I have read many articles on how to manually remove the program. For example, I printed out Wiki's step by step. But the processes I'm supposed to be stopping aren't there. (av2009.exe, Antivirus2009.exe, AV2009Install.exe to name the first three.) I read another article that told me to go to msconfig and look for any string that starts with lph or rhc. They aren't there--at least for me to see. I also searched for lph*.exe--nothing.

At one point I started his computer in diagnostic mode and lost all his restore points. I do remember last spring he had Antivirus 2008 pop up unexpectedly. I thought I got rid of it. I believe there is nothing to delete from Add/remove. I've been fussing with this for 4 days and am out of ideas.

Let me underscore my problem. If I try to update definitions for AVG, page error, generated I'm sure, by this bug. I reinstalled SpyDoctor--can't get on the internet to update definitions. On his computer, I tried to join Bleeping Computer--page error. I downloaded Xsoft using a link from an email I wrote to myself. I actually was able to download it, but it won't run.

I skimmed your tutorial when I explored this site, but I won't be able to download the program on the infected computer. I THINK what I need is something that I can download onto a disk from my computer, walk 6 feet down the hall with the disk in hand, stick it into the husby's computer and thank you all and some lucky stars.

A little bit about my abilities: I am no guru, but I am better than the average bear. Since I am self taught, I have holes in my knowledge and may ask some naive questions. I don't know all the buzz words, so please be patient.

Thank you
Marion

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 18 November 2008 - 04:14 PM

Try this scan. You can copy it over from a working computer on a CD or pen drive if you need to.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on drweb-cureit.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Marion M

Marion M
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Pensylvania
  • Local time:04:39 PM

Posted 19 November 2008 - 05:16 PM

I'm new to this forum and thought I posted an reply yesterday, but I don't see it. I can't use DrCureit. Terry's computer won't read the CD I made, possibly because I made a bad CD, although I tested the program I copied to disk by running it on my own computer. I can't attach the program through email because it is too big for Yahoo and GMail won't do it because it is an exe file.

I'm losing hope here. I'm either staring at the forest so long I can't see trees or visa versa.

Forlornly yours,
Marion

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 19 November 2008 - 05:38 PM

Maybe you could try this scan instead:

http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Marion M

Marion M
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Pensylvania
  • Local time:04:39 PM

Posted 04 December 2008 - 05:24 PM

Hello again. /////\\\\\ This is the hair I've pulled out. Between the holiday and other etc, I wasn't able to run SDfixit when I wanted to. F8 on the husby's computer doesn't mean safe mode, it means pick a way to boot, either floppy, C, or IDE. I can't find my notes on his computer for his real safe mode. It's not common. I ran msconfig and only loaded the nec. things. But the Nec things don't include a way to fix it. I just know I'm going to have to reboot with the big button (the surge bar) and let the blasted thing start up with all of it's components in order for his poor crippled machine to keep working. Just did that although I did keep AIM off. The thing that I will probably have to do is figure out a way to transfer all his paintings (a hundred of them!!) and other important things onto this computer, cross my fingers that I don't get the dreaded disease, and reformat his hard drive. I'm sure all of you know how pathetic that is. It's a freaking bug <--voice getting a little shrill here. The Husby doesn't ask for much, not really in the scheme of things. I HATE to let him down. I've got tons of room on my computer, got a whole untouched hard drive piggy-backed to what I am using now, but ....

Please help. At this point I am willing to send out postage paid snail mail envelopes in order for anyone to mail me snake oil to rub on his monitor.

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 04 December 2008 - 05:30 PM

Try running SDFix in Normal Mode if you can't get into Safe Mode (you can try the same with DrWebCureit).
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 04 December 2008 - 06:20 PM

Do you have a pen drive? If so, are you able to copy the paintings you want onto it?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#8 Marion M

Marion M
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Pensylvania
  • Local time:04:39 PM

Posted 04 December 2008 - 08:57 PM

I'll start with the bad news first because I'd like to cheer myself up with the good news later, like desert. I don't know what a pen drive is, so I'm pretty sure I don't have one. I have run SDFix in normal mode on this (my) computer and on his computer. On this (lexicom) computer I get to see that I am carefree, virus free. On his (the black tower) computer, I don't get to see a thing unless I hit ALT CTRL DEL and get to see that SDfix is running but can't use it. My computer is the what-do-you call it? The placebo, the CONTROL! Yeah, that's it.

I'm tickled that I could attach SDfix to email and download it onto the husb's computer. It's not helping, but to repeat myself over and over again, when I get on the husb's computer, I can't even look up virus definitions on Wiki. His Black Tower's infection won't let me get close to a place to eliminate it. I can look up homeless shelters for dogs, recipes for spaghetti, British deserts, but if I try to sign on to bleepingcomputer, I either get a 'PAGE NOT FOUND' error or I get directed to some random yellow page.

What a flipping smart virus thingie! I could strangle the author(s). I feel like I am part of a Batman Movie or worse. (Sorry to any Joker fan.) All that brain power devoted to evil instead of good! How carelessly (s)he regards other people's important stuff. Sorry, temper tantrum.

So, the good news. Um, the good news. The less than reformatting good um news. sdfksjsjksljsdf fj adsjfd fa<--that's me pacing. the good news. Once upon a time, a long time ago, I thought I could remove my husband's hard drive from his computer and install it into mine and all would be swell. <--this is an aside.> Well, that's not happening. that was a naive thing. But I could store his stuff over here for a minute. skdfjskjskjjsdakl;sdfkjsdf,---still pacing.

Back to the good news. We both have XP and on good days can share a printer. Anytime I am online, we share the internet. The husby's computer is about 10 paces down the hall. I think I have mentioned that I can follow instructions. If I didn't, well, I'm proclaiming it now. I'm going to try f4 tomorrow.

If I haven't said thanks, then, well, thanks!

#9 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 05 December 2008 - 02:32 AM

Have you tried attaching DrWebCureIt to an email and downloading it on the problem computer?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#10 Marion M

Marion M
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Pensylvania
  • Local time:04:39 PM

Posted 05 December 2008 - 09:04 PM

Dr. WebCureit was one of the first things sent to me. It is too large to send by Yahoo. The doctor is 11.something and Yahoo doesn't do more than 10. I tried using my Gmail account, but since the doctor is an exe, Gmail won't sent it. I did download the doctor onto a CD and tested that I did it correctly on this (lexicom) computer and it ran swell. But, when I took it down the hall to the black tower, it wouldn't read the disk.

I haven't tried Thou's F4 yet--just got home from work. By the way, Thou, have you tried Dr. Cureit and SDfixit? The links and etc. are above. Hope you have better luck than I have so far.

With Christmas coming and all, I was hoping not to spend any money fixing this problem, but on the other hand, I can pretend spending cash to fix it is a gift. Goodness! I just checked NewEgg and the things are less than ten bucks!! I just skimmed the info---are they easy to use and should I order one right away? My original Christmas plan was to finish building another computer for myself and giving Terry (the husband) this one. This plan might have to wait until next Christmas with the economy the way it is, but this pen drive looks like it would be a good step in the ultimate plan anyway. Hmmm, food for thought!

I have to admit I am stubborn. Transferring data and dismembering Terry's Black Tower was an EVENTUAL plan, but I hate to admit I'm doing it because of the bug. I want to beat the bug, not be beaten by it.

Besides, what if I give him this computer and he manages to get the virus on this one?

Thanks again to all who help!

Marion

#11 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 06 December 2008 - 05:07 PM

You could try renaming the DrWebCureIt file so it doesn't have a .exe extension (then change the name back after emailing it).
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#12 Marion M

Marion M
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Pensylvania
  • Local time:04:39 PM

Posted 08 December 2008 - 11:53 PM

First thing, here, I scrolled through my thread from the beginning, and I don't see Thou's reply. I'm sure it's me not doing things right in this forum. Maybe the reason why I think only budapest is helping me is because I'm not able to read anyone else's answer. If that's the case, I'm apologize to any who have tried to help me and I've ignored, and I also apologize for being a Pest to the Buda. Phewww! Aside from that, I'm not sure how to change the extension for DrCureIt. I can right-click and rename it...but will that change the type of file it is? Two days ago I shut down Terry's computer after commanding it into going into diagnostic mode, and we both had the DICKENS of a time each time we wanted to reboot it. I did go ahead and purchase a thumb drive from newegg. Seems that thumb drives and pen drives are same-same, but Newegg has a couple hundred drives under the heading 'thumb' and only a couple dozen under the heading 'pen.' It hasn't come yet, but it seems like for ten bucks it will be a handy little item. Especially if I ever get to build my own new computer and give my husband this one.

Seems more and more like I'm going to have to reformat. Drat.

Happy Holidays and all that jazz,
Marion

Edited by Marion M, 08 December 2008 - 11:54 PM.


#13 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 09 December 2008 - 01:24 AM

In Windows Explorer, go Tools > Folder Options >View tab. Make sure that the "Hide extensions for known file types" is unchecked. Then you can change the .exe extension. It doesn't actually change the file, but it's enough to fool Gmail.

A pen drive and thumb drive are the same thing as far as I know.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#14 Marion M

Marion M
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Pensylvania
  • Local time:04:39 PM

Posted 09 December 2008 - 08:23 PM

I've changed the exe part, but I just had an epiphany if that doesn't work. I should be getting that thumb drive before too long. I can just upload Dr Web that way, I hope. I express a little cynicism because I know I am paranoid about this whole bug. it always knows It's like a bad scary movie.

Good news! I was attaching the newly named non .exe file to my gmail and it is sent! Next step, down the hall to the black tower. I'm going to give this next move the rest of this cigarette and one more. Then I have to catch some beauty sleep.

Cross fingers!!!!

#15 Marion M

Marion M
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Western Pensylvania
  • Local time:04:39 PM

Posted 09 December 2008 - 08:41 PM

i shouldn't be surprised. the attachment worked like a charm, but for some reason my "License Key File Expired." And, when I either hit ok or x, it turns out that my License Key is invalid. Then, guess what? Yeah, it needed to go online to do ANYTHING. Guess what happened when I went on line? Page load error. Innit nice? I am currently running the full DrWeb on Lexi, just because, and it's catching little things, little cookie trackers and such. The blessed program works, but not on the Tower.

Sigh.

Any other thoughts? I would be totally captivated and in awe if I wasn't so blessed {insert bad word here.}

Marion




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users