Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antiviruspro 2010 & Advanced Virus Remover 2009


  • Please log in to reply
7 replies to this topic

#1 hijacktheleft

hijacktheleft

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 04 September 2009 - 12:14 AM

I am currently infected with both Antiviruspro 2010 and Advanced Virus Remover 2009, as well as more, I'm sure, but these are the most visible. I have downloaded Malwarebytes but after changing the file name to even get it to install, I am unable to run the program. I have tried changing the name of the executable file (mbam.exe) to no avail. I can't get task manager to run either. It says "Application cannot be executed. The file is infected. Please activate your antivirus software. I am currently running the command line version of AVG, and it seems to be finding a lot of infected files. I am also getting several security warnings, which seem to be more legit than the ones created by Antiviruspro or AVR, listing individual security threats. The "Keep blocking" and "unblock" buttons are both non-selectable, so all I can click is "Cancel." I would think if it were one of the nasty programs, there would be a link to click to "solve" the problem. It's warning about everything from email worms to rootkits. I stay pretty on top of my security stuff, so this would have all had to have happened in the last couple days. Any suggestions from anybody would be greatly appreciated!!

Thanks!


Also, I haven't been able to install HijackThis.

Edited by hijacktheleft, 04 September 2009 - 12:14 AM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:06 AM

Posted 04 September 2009 - 12:30 AM

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.

==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 Underlord

Underlord

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:06 PM

Posted 04 September 2009 - 01:33 AM

Hi Hijack,
I've seen a couple of machines with the same problem. But it went by another name, but it did the exact same thing. Pretty sure one of the guys here should be able to advise you on how to fix it.

Edited by Underlord, 04 September 2009 - 01:37 AM.


#4 hijacktheleft

hijacktheleft
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 04 September 2009 - 02:45 AM

So, I've been able to get Malwarebytes and HijackThis to install and run. Malwarebytes removed a bunch of stuff, and I needed to restart my computer to finish removing everything, but upon reboot, I didn't notice it do anything further. It also didn't fix my problem, nor seem to help at all. I did run HijackThis though. I noticed lots of things in the log, but am unsure exactly how to go about fixing them.

As per the "==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested" instructions, I won't currently post my HijackThis log, but if somebody could help me out with any further instructions, or tell me when or where to post the log now, I would really appreciate it.

Thanks again.

#5 hijacktheleft

hijacktheleft
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 04 September 2009 - 11:25 PM

I started my computer in diagnostic mode, with just the bare minimum of services, and there were no signs of any infection. I reran Malwarebytes, and it found and removed a lot of stuff. On reboot, it seemed to be working fine, with the exception of Windows randomly freezing up. Also, somewhere along the way, Google Chrome and Hijackthis got uninstalled. I've reinstalled Hijackthis, and as I'm typing this I'm seeing the fake Windows Security Center windows and warnings popping out of the infamous red circle with the white x in the taskbar. I'm on a different computer right now, and trying to run Hijackthis (unsuccessfully due to constant freezing), but if/when I do get the log, do I post it here, or elsewhere?

#6 drummond mike

drummond mike

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 05 September 2009 - 09:37 AM

Hi,

I just got rid of this little GEM! After infection I couldn't run hijackthis or malwarebytes. it disabled my antivirus. and set up DNS redirects to a bogus antivirus site.

You'll need combofix first. After combofix does it's job, then you will be able to run hijackthis and malwarebytes again. WATCH OUT. This guy writes an auto run to any memory stick you put in the infected computer. when you put the stick in another computer BAM it's infected too.

Mike

P.S. I searched this forum to find the answers I needed. Thanks guys you ROCK.

#7 hijacktheleft

hijacktheleft
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 05 September 2009 - 11:58 PM

Thanks, I'll give that a whirl. I tried searching at first, but at the time that I was searching, all the solutions involved running some sort of program, but I wasn't able to run anything at all. I decided to run msconfig and have only the most basic of services start up. No audio drivers, nothing. After running several anti-spyware programs that way, was I able to boot into windows normally and install anything. I guess I should have mentioned all that. But, I'll give combofix a shot. Thanks again!!

#8 hijacktheleft

hijacktheleft
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:06 AM

Posted 06 September 2009 - 01:05 AM

So, I downloaded Combofix, but it won't run. It shows up in my running processes, but the gui never comes up. I tried changing the name of the file, since that worked with malwarebytes and hijackthis, but that didn't work either. I've actually been on the infected computer for longer than I've been able to since I noticed the infection. I think I'm winning the battle... maybe. There are rootkits involved though, so I don't know. The only thing I'm noticing now, except for the fact that Combofix won't start, is that IE keeps opening up in the background, much the same as Combofix. It doesn't actually open on the desktop, but it shows up in taskman's processes, and it plays awful music. Once I end the process, the music stops. I've searched for a solution to this, and have come up empty.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users