Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV360/internet security/av2009 2010 etc....


  • Please log in to reply
14 replies to this topic

#1 aworkmans

aworkmans

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 10 March 2009 - 07:10 AM

Been spending the past few months watching this malware turn into living hell-

Products used to attempt cleanup:
1. Malwarebytes
2. Combofix
3. SD fix
4. Hijack this
5. Alwil avast/AVG as well.
6. Process viewer and like procexplorer watching processes ocurring with events.


Results- after trying on several attempts and using these scans in and on various machines in different orders this virus has managed to screw up the registry by login files, screwing up the permissions (as it always does) but when searching for the obvious there isn't anything sticking out like a sore thumb. I went in through a boot disc to review system32 and remove a bogus driver created by av360-which only replicated itself after second reboot. If anyone knows what to look for that is causing this please respond.

After doing these scans- particularly after Combofix, you lose the permissions to execute files or commands- the only way to take yourself back is by a physical image of your pc to some other device since the restore points are wiped, even combofix's restore. Combofix will not run again after this- pops up "incorrect OS" on xp machines.

Suggestions? products? updates? any info on the continuous progression of this malware is much appriciated!

Thanks.

AW

BC AdBot (Login to Remove)

 


#2 aworkmans

aworkmans
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 10 March 2009 - 07:15 AM

Also used

Repair permission's
Kelly's Korner registry fixes
and Dial-A-Fix

when you think you're getting somewhere it comes right back 10x worse

#3 Bobby1

Bobby1

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:garden city, ny
  • Local time:08:41 PM

Posted 10 March 2009 - 01:35 PM

Sorry, can't help only empathize. I have been fighting it for almost two weeks and now I can not log on. Click the profile....loging on...logging off!

#4 FiOS Dan

FiOS Dan

  • Members
  • 80 posts
  • OFFLINE
  •  
  • Location:Redondo Beach, CA
  • Local time:04:41 PM

Posted 10 March 2009 - 02:19 PM

Forgive me if this is too basic but since you are desperate I figured it couldn't hurt to ask if you tried the suggestions posted here.
Courage is being scared to death but saddling up anyway.

#5 Bobby1

Bobby1

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:garden city, ny
  • Local time:08:41 PM

Posted 10 March 2009 - 03:35 PM

Dan,
Basic or not...and I'm in the basic category- thanks for your help. alas its tool ate for my comp got to reload the OS.

#6 CCRN396

CCRN396

  • Members
  • 505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 PM

Posted 10 March 2009 - 04:12 PM

Hello,
Have you considered posting in the Am I Infected forum?

#7 Bobby1

Bobby1

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:garden city, ny
  • Local time:08:41 PM

Posted 10 March 2009 - 04:40 PM

why?

#8 CCRN396

CCRN396

  • Members
  • 505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:41 PM

Posted 10 March 2009 - 05:29 PM

Sorry, can't help only empathize. I have been fighting it for almost two weeks and now I can not log on. Click the profile....loging on...logging off

&

Suggestions? products? updates? any info on the continuous progression of this malware is much appriciated!


You both might get the most help there

Edited by CCRN396, 10 March 2009 - 05:33 PM.


#9 aworkmans

aworkmans
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 13 March 2009 - 06:36 AM

i thought i would share the discovery (if not already mentioned in another post) if you have a boot disc to work on your PC this will help, also a flash drive- copying the userinit.exe file from a working same OS machine to your flash, manually putting the userinit.exe file back into windows/system32 and that solves the bootup issue with the logging in and logging out when trying to enter a user (even in safe mode) :thumbsup:

The strange thing is - i have figured out malwarebytes run first (after solving the booting issue) illiminates almost all of the problems, but after that has run combofix goes in and deletes the other boot issues.

#10 Bobby1

Bobby1

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:garden city, ny
  • Local time:08:41 PM

Posted 13 March 2009 - 08:04 AM

Thanks and i will keep that for the future. unfortunately i have no tech sense or friends and had to replace the OS. Most of the files were backed up but I did lose a bit....nothing critical. Glad you were able to find a way out.

How do you make a boot disc??

#11 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:05:41 PM

Posted 13 March 2009 - 11:13 PM

There is also:

How to remove Antivirus 2009 (Uninstall Instructions)
and
How to remove Antivirus 360 (Uninstall Instructions)
and also
Spyware And Malware Removal Guides Index, 2006-2008

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#12 ezrahays

ezrahays

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 14 March 2009 - 01:33 PM

I used the links to anitmalware and it got ride of the antivirus 360 thanks a bunch

#13 Robert Beeston

Robert Beeston

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 16 March 2009 - 10:29 PM

I just finished getting rid of antivirus360. First I downloaded Malwarebytes free edition. This would not work at first and was blocked from starting. I went to task manager and stopped the file av360. I could then open malwarebytes and run the program. It worked very well. Some of the files could not be removed without a reboot, which I did. I hope this helps others in the same predicament as I was in.
Cheers Rob B

Edited by Robert Beeston, 16 March 2009 - 10:30 PM.


#14 Bobby1

Bobby1

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:garden city, ny
  • Local time:08:41 PM

Posted 17 March 2009 - 05:07 PM

Robert,
Get back to us in a few days. I did al that and then the roof caved in...sorry to sound like such a downer...maybe all the experiences will be different.

#15 Robert Beeston

Robert Beeston

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:41 PM

Posted 20 March 2009 - 02:22 AM

Day three and all seems to be well. I have been running all three of my antivirus programs twice a day and nothing further has surfaced. Fingers crossed it worked for me. I now run Malwarebytes antimalware, Evensoft, and Advanced System Care at least once a day. If anything does resurface from 360 I will keep posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users