Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trying to recover from AntiVirus Pro 2010 Virus


  • This topic is locked This topic is locked
3 replies to this topic

#1 jhoward73

jhoward73

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 15 October 2009 - 01:57 PM

It appears that your folks are amazinly helpful from the conversations that I have read on your website. I had to join and see if you could help me as well.

My Machine
Dell XPS
Windows 2003 Server standard SP 2
IE 8
VirusScan Enterprise 8.0
SpyBot S&D and run TeaTimer

So here is where I am I guess.

I upgraded to IE 8.0 against my better judgement and was immediately rewarded.
I got hit by AntivirusPro 2010 when browsing
I DL'd and installed Malwarebytes and ran quick scan to remove the virus.
This seemed to work but I have been left with some other issues.

(As if this morning:)
Symptoms:

1) If Automatic Updates was enabled, my Registry Editor window would pop-up every 15 seconds or so.
I finally got through this by renaming wuauclt.exe and reinstalling Windows Updates. I can now get updates again.
2) I lost the ability to open Task Manager, I found that I could do this from a version in my ServicePackFiles folder
3) One of the biggest things is that I have Microsoft Visual InterDev 6.0 on this machine and now for some reason cannot open and view .HTML files in that program.
4) My CPU's are almost constantly around 100% with the following running at most times even with no activity.
svchost.exe
lsass.exe
system
system idle process
csrss.exe
I get IE Application error about 50% of the time I try to open a new "blank" browser or go to a website.
5) Cannot open Notepad

UPDATED as of 2:45 pm EST:
Now I ran Malwarebytes a second time with a full scan today and it found 3 additional viruses that I removed.
I accidentally left McAfee Virus Scan on and it notices Malwarebytes as a virus itself and moved to instaces mbam.exe to quaranteen. I left Malwaebytes running so I guess it was able to continue even theough the .exe must have been removed.
The scan finished.

I used Microsoft updates and am now current.
I restarded my computer in normal mode.
At this moment my CPU's are much better. I dont see anything odd at all.

So it looks like the issues that I know of at this point are:
2) I lost the ability to open Task Manager, I found that I could do this from a version in my ServicePackFiles folder
3) I have Microsoft Visual InterDev 6.0 on this machine and now for some reason cannot open and view .HTML files in that program.
5) Cannot open Notepad
Also, 6) I get IExployer.exe Application error about 50% of the time I try to open a new "blank" browser or go to a website.
IE 8's tab recovery then works to reload the page.

UPLOADS:
installed RootRepeal, ran it, and uploaded ark.txt
The DDS Program wouldnt install on my version of windows.
many thanks

Attached Files

  • Attached File  ark.txt   2.89KB   28 downloads

Edited by jhoward73, 15 October 2009 - 04:18 PM.


BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:10:46 PM

Posted 15 October 2009 - 06:05 PM

See if you can run one of these two scans:

Please download RSIT by random/random and save it to your Desktop.
Note: You will need to run this tool while connected to the Internet so it can download HijackThis if it is not located on your system. If you get a warning from your firewall or other security programs regarding Rist attempting to contact the Internet, please allow the connection.
  • Close all applications and windows so that you have nothing open and are at your Desktop.
  • Double-click on RSIT.exe to start the program.
  • If using Windows Vista, be sure to Run As Administrator.
  • Click Continue after reading the disclaimer screen.
  • Leave the drop down box set to default: "List/folders created or modified in the last 1 month (30 days).
  • When the scan is complete, a text file named log.txt will automatically open in Notepad.
  • Save the log file to your desktop and copy/paste the contents into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run.

=========================================

Please download runscanner.zip and save to your desktop.
  • Create a new folder on your hard drive called Runscanner (C:\Runscanner) and extract (unzip) the file there.
    (click here if you're not sure how to do this.)
  • Double-click Runscanner.exe to launch.
  • Select Beginner mode and click Ok.
  • Select Do a full scan and save a log file (default is Full Scan) to start.
  • Please be patient and do not use your computer during the scan.
  • When the scan is complete, a window will open asking you to save runscanner.run. Click Cancel.
  • Another window will open asking you to save runscanner.log.
  • Save it to your desktop and "Save as type: Runscanner log file [*.log].
  • The log file will automatically open in Notepad.
  • Go to the top menu, click on "Format" and uncheck "Word Wrap" if checked.
  • Copy and paste the contents of the log file into a new topic in the HijackThis Logs and Malware Removal forum, NOT here.
  • Exit Runscanner when done.
Important: Be sure to mention that you tried to follow the Prep Guide but were unable to get DDS to run. If Runscanner did not work, then reply back here.
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 jhoward73

jhoward73
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:46 PM

Posted 16 October 2009 - 03:22 PM

Thanks Garmanma, I did like you asked this morning and posted it here:http://www.bleepingcomputer.com/forums/t/264779/trying-to-recover-from-antivirus-pro-2010-virus/
. Just waiting for help.

J

#4 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:10:46 PM

Posted 16 October 2009 - 06:28 PM

As I said Please be patient, they're rather busy
Good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users