Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with WinPc Antivirus


  • Please log in to reply
2 replies to this topic

#1 Hwilson

Hwilson

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:37 PM

Posted 05 May 2009 - 06:19 AM

Hi, my daughter has a problem with Win PC Antivirus, now it is my problem ! I spent the entire day yesterday trying to fix it . I did download mbam.exe but it won't let me run it. The computer won't let me connect to the internet ( wireless connection ) I haven't tried wired . I can stop the process winav.exe, but still the computer freezes. Any suggestions ?

BC AdBot (Login to Remove)

 


#2 Bouken Red

Bouken Red

  • Members
  • 63 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 AM

Posted 05 May 2009 - 09:47 AM

Hi,

Please try to connect your internet hardwire and then go to safemode with networking and try to download malwarebytes.
Bouken Red

#3 HoundOfDog

HoundOfDog

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:37 PM

Posted 07 May 2009 - 05:32 PM

I'm also dealing with a system infected with a NEW variant of this. Nag screens declare it's 'WinPC Antivirus', there are also overlapping nag screens about firewall traffic that DON'T have anything to do with the firewall.

The bad news: this is on a machine with fully updated Symantec Endpoint Protection. So this looks like a zero-day problem to me, because SEP is oblivious to it. All the manual removal info I've found so far has listed processes, files and reg keys that aren't on this system; so it's apparently a new profile. It interferes with SEP to the degree that the main status screen doesn't even list 'Antivirus and Antispyware Protection'; and Windows Security Center is hacked, showing an alert for "No Antivirus Installed", with a link to the fake WinPC junk offered as a solution, right in the XP window.

The only interesting/"good" news with this, is that it appears to be confined to the one user profile - the local Admin account doesn't have symptoms.

I'm going back to the client to attack this thing again; SEP has new sigs & updates for the Proactive component. Hopefully this will detect it.

I'd be very happy to hear from anyone who's seen this variant and has a solution to killing it!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users