Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus360 - Bogus Program Wont Die- Need Fast Help Please!


  • Please log in to reply
1 reply to this topic

#1 kcredwolf

kcredwolf

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:22 AM

Posted 24 February 2009 - 04:57 PM

Greetings Gurus,
I have a situation that sounds very similar to what I have read about Antivirus2009/2010 and Anti-virus-1, but this is called Antivirus360, and I didnt know if it was new or if I could use the same instructions to remove it?
I am trying to help my new boss, who works from a home office, and almost all of our business is done over the Internet. He has not been able to run our website for 3 days now. I am pretty good with computers, so he wants me to fix it, but I am not a tech and I dont want to screw his computer up any worse than it already is- I sure hope ya'll can help me!!
Anyways, here is the what has been going on to this point. I put in as much detail as I could:
My boss purchased a computer about a month ago. It seemed to be working fine until a few days ago. Then it got slower, seemingly for no reason, so he checked with the ISP, verified all was working fine with them. I believe that was Friday or Saturday last week.
Sunday he was able to view our business site, but not sign in to email. He got into the website editor, but it wouldnt save his changes. He rebooted. He said after that he saw there were links to a game site (Gamevance.com, I think) showing up on our website that were not supposed to be there. The website would begin to load, then redirect him to a warning about malicious software. I viewed the site from my computer- it loaded fine and I did not see the links he described. He found Gamevance on his program list, and uninstalled it. After that, he tried to view our website again and still got a pop-up warning about malicious software on the site. He tried surfing other websites, with mixed results. Some sites loaded but links would not work, some redirrected him to the warning page immediately or be fine until he tried to use a login. Some loaded fine, but everything was very slow.
Yesterday, it was worse. He could not access any internet sites used for the business. He was getting tons of pop-ups about all kinds of problems, and everytime, no matter what he clicked, he would get yet another pop-up telling him he had to update his antivirus program. He tried several times, but it always took him to a paysite, and he would cancel it, since he didnt want to pay for a subscription.
Please note, when he first told me about this problem over the phone, he said all these messages were coming from his AVG program. I have used AVG before, but I always had the freeware when I used it. He could not verify if his was supposed to be the free version, but he was sure it had been a full program, not a demo. He was very confused. When he first got the warning about malicious software, he immediately shut his browser, opened AVG from his desktop icon, and ran a scan. It seemed to be working fine, it didnt find any viruses or report any problems, and it never asked him for an update. He only had problems when going online. Weird. Had him run one more full scan, just to check, and AVG again reported no issues or subscription warnings or anything. But he was still getting errors when trying to get online. He said when he tried to update AVG manually, it just locked up everything and he had to reboot.
I had him download ZoneAlarm- the Extreme version, which works pretty well for me. It took 2 hours before we finally could pull up the website and get the download. He uninstalled AVG once Zone Alarm was installed, because we could not get AVG to turn off. He ran a full virus and spyware scan with the ZoneAlarm, but it didnt report any problem files or viruses either. He still was getting errors on the internet and now unable to open almost any website without some problem. He told me that even though he had uninstalled it completely, AVG was still running, and it was reporting infections and listed the following files needed to be fixed: charmap.exe, win32rbot.fm, proquota.exe, trojan.t0050, magnify.exe, & win32.docdestroyer. Then he got a blue screen error, saying he had the IEMonster Trojan Virus, which would wipe his computer of all memory if he did not remove it. He ran did another virus scan, but ZoneAlarm did not report any issues. However, after that, the privacy monitor was poping up warnings that several programs and even the printer were trying to access the internet and act as a server. I had him shut off his computer at that point.
Today he was trying to fix it again, and he noticed the pop-ups and warnings all either said "Antivirus360" or "AV360", not "AVG". He removed all program info he could find that looked suspicious, but still is getting the same errors and pop-ups,etc. He tried System Restore, but it didnt work. Then I read an article about Antivirus2009, that listed all very similar problems, and mentioned this forum.
I really hope you can help me out from here... I have read several articles, but all of them had different instructions on what to do from this point, or I couldnt find the files they mentioned. It would be wonderful if I could go over there tomorrow and get him up and running again. Thanks!!!!
Thanks!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:22 AM

Posted 24 February 2009 - 07:37 PM

Hello and welcome to BC. I think our first course of action is to get a log from an MBAM scan.
run MBAM:
Please download Malwarebytes Anti-Malware (v1.32) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from
    here
    and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer,
    copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD
    and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is
difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do
so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its
disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please
temporarily disable such programs or permit them to allow the changes.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users