Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

At Wits' end with PC Antispyware2010


  • Please log in to reply
12 replies to this topic

#1 number6

number6

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 14 August 2009 - 12:41 PM

Hi everyone,

I've been struggling with all the permutations of the PC Antispyware 2010 bug and other fake antivirus program pop ups for a little over a month. Up until about a week ago Antimalwarebytes kept them at bay, but all of a sudden my computer was just overpowered and now all my anti virus/spyware programs do not run/are useless.
I followed many of the steps in this thread:
[post="http://www.bleepingcomputer.com/forums/t/248331/all-anti-virus-restore-programs-unaccessable-moved/"]http://www.bleepingcomputer.com/forums/t/248331/all-anti-virus-restore-programs-unaccessable-moved/[/post]
as my symptoms were almost identical, even down to the "tapi.nfo" upon boot, but nothing i tried worked. I am also having google redirect problems as all search answers send me to random sites when clicked.

Antimalwarebytes will not run, even with renamed .exe (or it will run and then crash shortly after start of scan
Superantispyware will not run, or will run but crash shortly after start of scan
Dr.webcureit brings results with express scan, but then crashes upon full scan
Kapersky will not run
Sopos scan returned nothing but "cannot move" or "may move but do not recommend clean" results
ATF scanner worked but nothing changed upon file deletion
AVG found nothing
Avast claimed to be finding and deleting harmful files, but nothing has changed.
I've tried manually deleting the PC antispyware 2010 files, but they just keep coming back upon start up.
The course of action suggested to me by friends is to just reformat my hard drive, but I'm afraid to do that because my CD Rom drives no longer function, so I will have no way to reinstall windows.

I am on a 7 year old Dell desktop running windows XP--currently in safe mode.

On my last attempt at running SAS, i paused the scan before it could crash to see the results, and had multiple files featuring "Braviax.exe"

Any help would be much much appreciated, as I am out of options and do not know what to do.

Thanks in advance!

Edited by number6, 14 August 2009 - 12:56 PM.


BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 16 August 2009 - 05:36 PM

Try this:

http://www.freedrweb.com/livecd
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 number6

number6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 16 August 2009 - 09:05 PM

thanks for the suggestion, but neither of my CD Rom drives function, so i can't burn anything on my computer. I apologize for assuming following the directions on another thread would help me--I just didn't know better. Any help with my problem would be much appreciated.

Thanks

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 16 August 2009 - 09:07 PM

See if you can run this scan from "Safe Mode with Command Prompt":

http://live.sunbeltsoftware.com/
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 number6

number6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 20 August 2009 - 09:27 AM

I managed to run the scan in Cmd. Prompt mode, it said it quarantined 58 files. Is there something I should do next? or just try booting it normally?

thanks

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 20 August 2009 - 04:16 PM

Run the scan again in "Safe Mode with Command Prompt" and then try to boot normally.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 number6

number6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 24 August 2009 - 02:09 PM

Hi,

When i try to run the scan again i get the error message "can't create output file: C:\VIPRERESCUE\VIPRERescuescanner.exe"

thanks

#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 24 August 2009 - 04:12 PM

What happens when you try to run Malwabytes or SUPERAntiSpyware? Try them both in Normal Mode and Safe Mode. Please post back the exact wording of any error messages.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 number6

number6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 25 August 2009 - 04:38 PM

upon boot in safe mode with networking, i get the two following errors:
"The instruction at '0x00ec3973' referenced memory at '0x3604000e' the memory could not be 'read' click ok to termintate, click cancel to debug"

i just clicked to terminate.

I also receive "Rundll--error loading tapi.nfo specified module could not be found"

MBAM will still not run, even with a renamed exe, and SAS still just shuts down after about 5 minutes of scan. In the 5 minutes I managed to scan, it found the following:

2 Rootkit Agent/Gen-UACFake
2 Trojan Unclassified/BraviaX
2 Trojan Agent/Gen-Backdoor[fakealert]
10 Trojan Agent/Gen-Ertfor

haven't run them in normal boot mode, because I assume the same will happen. Should i try anyway?

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 25 August 2009 - 05:41 PM

These new Rootkit infections are very hard to remove. I think it's time to head on over to the HijackThis forum for a closer look.

Preparation Guide for use before posting a HijackThis Log

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 number6

number6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 05 October 2009 - 01:12 PM

I'll be trying that forum shortly---i really appreciate your help!

#12 number6

number6
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:27 AM

Posted 07 October 2009 - 04:35 PM

I am not able to enable the firewall as it says i need to use system restore, which is currently not working due to the virus. Can i still do the other steps involving the HJT logs?

thanks

#13 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 PM

Posted 07 October 2009 - 10:01 PM

Just go straight to Step 6.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users