I think I have Real Antivirus

I think I've been infected with Real Antivirus. Right now my desktop is frozen. It is a black background, in the center is a large, flashing "Warning." Beneath this it says in yellow, "Dangerous Spyware; " below this, in white, it says, "Many viruses were found on your computer such as: Trojan horse, PassCapture, etc. Your personal information can fall into the "third hands." Please check up on the computer with a special software. Thank"

I am unable to change my desktop background.

At the top of any visited website, in red across a pink background, it says, "18 Trojans WERE found on your machine! !!!!Warning! Your system is at risk! !!!Free Virus Scan!!!!" Moving the cursor over the link indicates it will go to http://real-av.org/cgi-bin/download.pl?code==7.

When I attempt to initialize a scan with my own antivirus software, Symantec, it freezes up and ceases to respond. When I try to download/run new antivirus or antispyware software (such as Spybot), I receive an error message. For example, I am able to download mbam-setup.exe without problems. However, when I double click to install it, I am told, "Invalid floating point operation." This message appears a few times, followed by, "Exception EInvalid Op in module mbam-setup.exe at 778500F5. Invalid floating point operation." This appears a few times (total error messages 12-17), then everything closes.

Occasionally, when I go to install the antivirus/antispyware software, following url pops up http://lsp-test-nax.ind.in/land/eurl/1.html?code=7. Clicking on it asks you to download realav.exe. The one time I clicked on it I denied the request.

The one exception to this is Spyzooka version 2.5.9.6, which I was able to install and to run. However, once it finishes scanning, I'm told it's encountered a bug. I am therefore unable to remove anything (it found 13 infections).

All non-antivirus/antispyware software runs without a problem, just more slowly.

To the best of my knowledge, I have never downloaded realav.exe. It does not appear in my list of downloaded software, there is not a folder entitled Real Antivirus under C:/ProgramFiles, and searching for "real" over the C drive reveals nothing. But around the time this problem started, I was repeatedly redirected to real-av.org, though I only closed the window.

I'm running Windows XP Professional and it automatically updated about 2 hours before this all started. My browser is Firefox version 3.0.4. I can't include screenshots because this is actually a Mac, the problem is obviously on the PC side. The Mac side (running Leopard) is unaffected.

My question is, short of reinstalling Windows, how can I fix this?

Edited by eingvals, 19 December 2008 - 01:28 PM.

Hello and welcome eingvals.. Marcin ,the guy who wrote this program says it will remove it so here we go.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

• Make sure you are connected to the Internet.
• Double-click on mbam-setup.exe to install the application.
• When the installation begins, follow the prompts and do not make any changes to default settings.
• When installation has finished, make sure you leave both of these checked:
  • Update Malwarebytes' Anti-Malware
  • Launch Malwarebytes' Anti-Malware
• Then click Finish.

MBAM will automatically start and you will be asked to update the program before performing a scan.

• If an update is found, the program will automatically update itself.
• Press the OK button to close that box and continue.
• If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.

On the Scanner tab:

• Make sure the "Perform Quick Scan" option is selected.
• Then click on the Scan button.
• If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
• The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
• When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
• Click OK to close the message box and continue with the removal process.

Back at the main Scanner screen:

• Click on the Show Results button to see a list of any malware that was found.
• Make sure that everything is checked, and click Remove Selected.
• When removal is completed, a log report will open in Notepad.
• The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

Thanks for the tip, but that didn't work.

I downloaded it from all three sites, all three times it downloaded without a problem. When I double-clicked on it, I saw the "Open File - Security Warning" and I chose "Run" (the other option was "Cancel").

I then saw a window that said, "Select the language to use during the installation." Immediately with this window, before I could click on anything, I saw a window with the header, "Setup". In this window, it said, "Invalid floating point operation." The only option for this is OK.

Without my doing anything, another window appears. The header on this one is, "Application Error". In it, it says, "Exception EInvalid Op in module mbam-setup.tmp at 778500F5. Invalid floating point operation." Again, the only button I could click says, "OK".

I click nothing. These windows continue to generate until there are 14 windows that the taskbar calls, "Uninstall/Setup." Then everything closes.

As a side note, I can no longer open Symantec Antivirus.

Any other suggestions?

Hi, Yes this is something I believe the creator of MBam would want to see. I would ask that you contact them here.
http://www.malwarebytes.org/contact.php .. scroll to bottom and see Contact Malwarebytes
They will assist you with this and probably even finish cleaning your PC. They are a good organization.

I have the same problem. Were you able to fix yours.

Bill

I had this problem and others that were driving me nuts. I finally fixed it by using advanced system care. Using their Security analyzer I used it to remove FRMWRK.EXE and ntdll64 .dll. The icon dissapeared and everything started running fine.

I had the same problem, and then had the same problem installing Malewarebytes. I worked around it by not using the mouse to install it, just use the arrow, tab, and enter keys. Once I installed Malewarebytes and ran it, my pooter cleared right up.
Thanks tons for the advice. You rule.

I had the same issues, this one was a cast iron b*tch to get off my system! I used Malewarebytes and followed the proceedure dirkmorocco outlined above about not using the mouse and it installed fine. Did the scan per boopme's notes above and all is well

And, I will second dirk's thanks, you truly do rule...I joined the forum just to say so . Now

I'm with Tang on this one. I joined the forums just to thank you guys/gals for helping me get rid of this God-awful virus. It was driving me nuts. 1,000 Thanks to the ones with solutions and 1,000 more to the guy that posted the topic.