Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus System Pro Alert Malware - how I removed it


  • Please log in to reply
No replies to this topic

#1 Ray Y

Ray Y

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London UK
  • Local time:05:33 AM

Posted 28 November 2009 - 09:40 AM

I thought these notes on my recent experience may help others

Symptoms:
Antivirus System Pro Alert is running on the start screen with multiple error messages saying the PC is infected. Attempting to run any other programs results in an error message – stating that the program is ‘infected’. This meant that task manager and the current virus scan cannot be run. This is a malware virus and seems to initiate at PC start up.

The PC was re-started in ‘safe’ mode by pressing F8 during re-boot. The current virus scan was run with no viruses found. The PC was re-started and the same problem was present.

The PC was re-started in ‘safe’ mode. Using the bleeping.com web site suggestions I downloaded two programs rkill and malwarebytes. These were downloaded on a good PC and copied to the faulty PC. Both programs were run and malwarebytes reported multiple worm.allaple infections which were removed. After re-starting the PC the same problem was seen. The malwarebytes program was run again this time in extended scan mode and a further infected file was found and removed.

I then copied ‘Revo Uninstaller’ to the affected PC. Looking at the list of programs that start up on the PC I could see two that I did not recognise. They were both called qsorynfs which pointed to location \documents\admin\local settings\application data\hvhuvw and to program vcmsysguard.exe i.e. each time the PC starts up this program would be run. I deleted the vcmsysguard.exe program and the folder \hvhuvw. I also disabled qsorynfs using ‘Revo Uninstaller’.

The PC was re-started and there were no re-occurrences of the error messages. I re-ran the current virus protection and further copies of worm.allaple infections were found and removed. The PC was restarted again and the current virus protection run and no further infections were found.

I hope these notes help.

Thanks
Ray


EDIT: Moved to a more appropriate forum

Edited by garmanma, 28 November 2009 - 10:47 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users