Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntiVirus1


  • Please log in to reply
6 replies to this topic

#1 candace9839

candace9839

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 19 February 2009 - 09:25 PM

I have used MBAM to remove the vundo trojan, but this time wround it is Anti-Virus-1. I am currently unable to run MBAM even though I renamed the executable file, updated, scanned and it removed two Hijack files and rebooted as per the forum suggestion. My internet access to bleepingcomputer is blocked on the infected machine and ViewMgr is giving an error.

BC AdBot (Login to Remove)

 


#2 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:12 AM

Posted 19 February 2009 - 10:49 PM

What version of Windows are you using?

Try this on-line scan

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#3 candace9839

candace9839
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 20 February 2009 - 07:02 AM

Windows XP and access to F-secure site is blocked on the infected machine. I did manage to run MBAM by renaming and it picks up no malicious files, but that is because I am being blocked from updating it. Anti-virus-1 windows are still all over the desktop and blocking internet access.

#4 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:12 AM

Posted 20 February 2009 - 07:35 AM

Let's try SDFix...

Please print out and follow these instructions: "How to use SDFix". <- This program is for Windows 2000/XP ONLY.
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • When done, the SDFix report log will open in notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to renable you anti-virus and and other security programs before connecting to the Internet.
-- If the computer has been infected with the VirusAlert! malware warning from the clock and the Start Menu icons or drives are not visible, open the SDFix folder, right-click on either the XP_VirusAlert_Repair.inf or W2K VirusAlert_Repair.inf (depending on your version of Windows) and select Install from the Context menu. Then reboot to apply the changes.

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith


#5 candace9839

candace9839
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 20 February 2009 - 08:45 AM

I cannot write the SDFix application to CD on a laptop to then run on the infected machine. The infected machine continues to block access regardless of browser (IE or Firefox even in safemode).

UPDATE: I found the list of files AV-1 generates and while only able to remove a couple, killed the AV-1 process and then deleted the registry keys. So far so good, but may need to reinstall MBAM. Still blocking access to certain sites - redirecting, but popped windows gone and process not running.

UPDATE: Was able to delete more AV-1 files that I had renamed, but still getting redirect in browser. Managed to reach bleepingcomputer from email link I sent to another account I set up, but after reinstall and even rename not launching or running. ViewMgr error still occurs on occasion.

I tried to run F-Secure, but the network connection is being flagged and it cannot download. When I diagnose connection in MS it is OK. I am able to type in web addresses, and right click some in search list to open in new window, but double-click not possible. Have removed and installed MBAM, but still will not run.

Edited by candace9839, 21 February 2009 - 08:41 AM.


#6 candace9839

candace9839
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:12 AM

Posted 21 February 2009 - 11:39 AM

OK - everything is finally cleared out. I needed to uninstall and reinstall MBAM then rename executable a random name. Picked up 8 additional rootkit and unnamed trojans, then renamed back and ran a full system scan to be sure. No more redirects in IE. Thanks for your help, this was a nasty one indeed.

#7 rigel

rigel

    FD-BC


  • BC Advisor
  • 12,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Carolina - USA
  • Local time:08:12 AM

Posted 21 February 2009 - 12:03 PM

Can you post a log. With the problems you had, I would be there are things left...

"In a world where you can be anything, be yourself." ~ unknown

"Fall in love with someone who deserves your heart. Not someone who plays with it. Will Smith





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users