Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with older AV360 infection


  • Please log in to reply
1 reply to this topic

#1 msmurphy

msmurphy

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:45 PM

Posted 11 March 2009 - 07:53 AM

Hi,

A neighbor of mine just bought a Gateway mini-notebook computer loaded with XP SP3. The first thing she did was get sucked in by AV360. She thought that she could simply "uninstall it" and be done with it. She continued to get redirects and popups, and brought it to me to try to help her. I came to this forum and found several threads dealing with this subject. This bug is nasty! It won't allow IE to go to any sites (including yours) which offer solutions to this infection. I saved a copy of Spybot Search and Destroy (from safer -networking) to my thumbdrive and installed it to her computer. It won't allow the program to run. Same with Malwarebytes. I can't get "Hijack This" to load.... I am out of ideas... any clues here as to what I can do??

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,779 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:45 PM

Posted 11 March 2009 - 02:19 PM

Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop. Print out and follow the instructions here for performaning a Quick Scan in normal mode and check all items found for removal. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with disinfection. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Temporarily disable such programs or permit them to allow the changes. Click this link to see a list of programs that should be disabled.

If you cannot use the Internet or download any programs to the infected machine, you are going to need access to another computer (family member, friend, etc) with an Internet connection. Save mbam-setup.exe to a flash (usb, pen, thumb, jump) drive or CD, transfer it to the infected machine, then install and run the program. If you cannot transfer to or install on the infected machine, try running the setup (installation) file directly from the flash drive or CD by double-clicking on mbam-setup.exe so it will install on the hard drive.

You will also need to manually download the updates from another computer, save and transfer them to the infected machine. After installing MBAM, just double-click on mbam-rules.exe to install the update.Mbam-rules.exe is not updated daily. Another way to get the most current definitions is to update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users