Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think I have Real Antivirus


  • Please log in to reply
8 replies to this topic

#1 eingvals

eingvals

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 19 December 2008 - 01:24 PM

I think I've been infected with Real Antivirus. Right now my desktop is frozen. It is a black background, in the center is a large, flashing "Warning." Beneath this it says in yellow, "Dangerous Spyware; " below this, in white, it says, "Many viruses were found on your computer such as: Trojan horse, PassCapture, etc. Your personal information can fall into the "third hands." Please check up on the computer with a special software. Thank"

I am unable to change my desktop background.

At the top of any visited website, in red across a pink background, it says, "18 Trojans WERE found on your machine! !!!!Warning! Your system is at risk! !!!Free Virus Scan!!!!" Moving the cursor over the link indicates it will go to http://real-av.org/cgi-bin/download.pl?code==7.

When I attempt to initialize a scan with my own antivirus software, Symantec, it freezes up and ceases to respond. When I try to download/run new antivirus or antispyware software (such as Spybot), I receive an error message. For example, I am able to download mbam-setup.exe without problems. However, when I double click to install it, I am told, "Invalid floating point operation." This message appears a few times, followed by, "Exception EInvalid Op in module mbam-setup.exe at 778500F5. Invalid floating point operation." This appears a few times (total error messages 12-17), then everything closes.

Occasionally, when I go to install the antivirus/antispyware software, following url pops up http://lsp-test-nax.ind.in/land/eurl/1.html?code=7. Clicking on it asks you to download realav.exe. The one time I clicked on it I denied the request.

The one exception to this is Spyzooka version 2.5.9.6, which I was able to install and to run. However, once it finishes scanning, I'm told it's encountered a bug. I am therefore unable to remove anything (it found 13 infections).

All non-antivirus/antispyware software runs without a problem, just more slowly.

To the best of my knowledge, I have never downloaded realav.exe. It does not appear in my list of downloaded software, there is not a folder entitled Real Antivirus under C:/ProgramFiles, and searching for "real" over the C drive reveals nothing. But around the time this problem started, I was repeatedly redirected to real-av.org, though I only closed the window.

I'm running Windows XP Professional and it automatically updated about 2 hours before this all started. My browser is Firefox version 3.0.4. I can't include screenshots because this is actually a Mac, the problem is obviously on the PC side. The Mac side (running Leopard) is unaffected.

My question is, short of reinstalling Windows, how can I fix this?

Edited by eingvals, 19 December 2008 - 01:28 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:40 AM

Posted 19 December 2008 - 01:57 PM

Hello and welcome eingvals.. Marcin ,the guy who wrote this program says it will remove it so here we go.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 eingvals

eingvals
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 19 December 2008 - 04:55 PM

Thanks for the tip, but that didn't work.

I downloaded it from all three sites, all three times it downloaded without a problem. When I double-clicked on it, I saw the "Open File - Security Warning" and I chose "Run" (the other option was "Cancel").

I then saw a window that said, "Select the language to use during the installation." Immediately with this window, before I could click on anything, I saw a window with the header, "Setup". In this window, it said, "Invalid floating point operation." The only option for this is OK.

Without my doing anything, another window appears. The header on this one is, "Application Error". In it, it says, "Exception EInvalid Op in module mbam-setup.tmp at 778500F5. Invalid floating point operation." Again, the only button I could click says, "OK".

I click nothing. These windows continue to generate until there are 14 windows that the taskbar calls, "Uninstall/Setup." Then everything closes.

As a side note, I can no longer open Symantec Antivirus.

Any other suggestions?

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:40 AM

Posted 19 December 2008 - 10:08 PM

Hi, Yes this is something I believe the creator of MBam would want to see. I would ask that you contact them here.
http://www.malwarebytes.org/contact.php .. scroll to bottom and see Contact Malwarebytes
They will assist you with this and probably even finish cleaning your PC. They are a good organization.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Carman3

Carman3

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 28 December 2008 - 10:07 PM

I have the same problem. Were you able to fix yours.

Bill

#6 bones_708

bones_708

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:40 AM

Posted 05 January 2009 - 11:29 AM

I had this problem and others that were driving me nuts. I finally fixed it by using advanced system care. Using their Security analyzer I used it to remove FRMWRK.EXE and ntdll64 .dll. The icon dissapeared and everything started running fine.

#7 dirkmorocco

dirkmorocco

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 06 January 2009 - 02:21 PM

I had the same problem, and then had the same problem installing Malewarebytes. I worked around it by not using the mouse to install it, just use the arrow, tab, and enter keys. Once I installed Malewarebytes and ran it, my pooter cleared right up.
Thanks tons for the advice. You rule.

#8 tang350

tang350

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 06 January 2009 - 07:44 PM

I had the same issues, this one was a cast iron b*tch to get off my system! I used Malewarebytes and followed the proceedure dirkmorocco outlined above about not using the mouse and it installed fine. Did the scan per boopme's notes above and all is well :thumbsup:

And, I will second dirk's thanks, you truly do rule...I joined the forum just to say so :flowers:. Now

#9 HeaD

HeaD

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 13 January 2009 - 11:44 PM

I'm with Tang on this one. I joined the forums just to thank you guys/gals for helping me get rid of this God-awful virus. It was driving me nuts. 1,000 Thanks to the ones with solutions and 1,000 more to the guy that posted the topic. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users