Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Think I am Infected with Antivirus Pro 2010


  • Please log in to reply
5 replies to this topic

#1 Djones75

Djones75

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 02 October 2009 - 12:18 PM

Initially, I believe the computer was infected with malware by Antivirus Pro 2010. I have tried to use Malwarebyte to remove the malware, but after downloading and installing Malwarebyte, the program launches but when I try to scan it appears to close the program and will not scan. When I attempt to open Malwarebyte from the Program list, I get an error message that says "do not have authorization".

At this point, the anti-virus software has been disabled and I am unable to turn any antivirus software on. Also, at this point, when the computer is rebooted the NT Authority System error pops up and the system shuts down after 1 minute. I am not able to access anything on the computer, Control Panel, etc.

Can you help?

Dell Inspiron 1525
OS: Windows XP Professional SP3

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:24 PM

Posted 02 October 2009 - 03:57 PM

Some types of malware will disable MBAM (MalwareBytes) and other security tools. If MBAM will not install, try renaming it.

Before saving any of your security programs, rename them first. For example, before you save Malwarebytes', rename it to something like MBblah.exe and then click on Save and

save it to your desktop. Same thing after you install it. Before running it, rename the main executable file first
***
Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted

above. Then double-click on it to run..


Open task manager, Click Processes tab ,see if you see these and click End Task. Then run MBAM
antiviruspro2010.exe
antiviruspro_2010.exe
install(2).exe
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Djones75

Djones75
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 02 October 2009 - 08:41 PM

Thank you for your reply. I tried to rename Malwarebyte but I am still unable to run the scan. I also checked the task manager and none of the mentioned processes were runnng.

I have tried to run the DDS tool and was not able to, the black screen appears for a second and then disappears.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:24 PM

Posted 02 October 2009 - 08:45 PM

Hi, OK try these.
If you cannot get DDS to work, please try this instead.

Please download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Click Continue after reading the disclaimer screen.
  • Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.
If RSIT did not work, then reply back here.



It looks like there may be a rootkit . The rootkit itself is a protection module used to terminate a variety of security tools by changing the permissions on targeted programs so that they cannot run or complete scans. There are some new variants of rootkits in the wild right now that will require custom scripts to remove the infection, the process must be completed by HJT team members or above.

Failure to follow the proper removal process can and will cause serious damage to a machine. Recovery of the machine may be difficult, if not impossible.


Download this Utility and save it to your Desktop.
Double-click the Utility to run it and and let it finish.
When it states Finished! Press any key to exit, press any key to close the program.
It will save a .txt file to your desktop automatically. Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as part of the reply in the topic you will create below..

Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the above Win32kDiag.exe log.

Let me know how that went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Djones75

Djones75
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 02 October 2009 - 11:16 PM

Okay, I was not able to run the RSIT.exe, I received the following error message..
"Windows cannot access the specified device, path or file. You may not have the appropriate permission to access the item."

I was able to download the Utility and was able to run WIN32kdiag. Should I post that file to the HijackThis Logs and Malware Removal forum, or do they need the other information as well to be able to help?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:24 PM

Posted 03 October 2009 - 07:33 PM

System Repair Engineer
  • Please download System Repair Engineer from here
  • Unzip/extract sreng2.zip to a folder on your desktop
  • Double-click on SREngLdr.EXE to launch System Repair Engineer
  • Click the Smart Scan Icon
  • Click Scan
  • Wait for the scan to finish
  • Click on the Save Reports button
  • Save it to your desktop, using the recommended name of SREngLOG.log
  • Close System Repair Engineer
  • Use notepad to open the SREngLOG.log file
  • Copy & paste the contents of that file as a reply to this topic
  • Note: The log may be long, and you may need several posts to post all of it
  • If you are using a custom HOSTS file, please leave out the HOSTS File section, as it will make the log far too long
Next please go here HijackThis Logs and Virus/Trojan/Spyware/Malware Removal ,click New Topic,give it a relevant Title and post the Rootrepeal log and the above log.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.

Let me know how that went.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users