Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus Live on Windows XP


  • Please log in to reply
No replies to this topic

#1 NEStar

NEStar

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:51 AM

Posted 18 January 2010 - 08:12 PM

My Dad's computer, which is running Windows XP, has Antivirus Live on his computer.

I found this forum because of the removal guide - www.bleepingcomputer.com/virus-removal/remove-antivirus-live - but it isn't working.

Malwarebytes was already installed, so I downloaded the rkill.com and restarted the computer in safe mode.

When Safe Mode booted up there was a pop-up window that told me I was in safe mode and asked me to press "yes" to continue in safe mode or press "no" to run a system restore and go back to a previous version of the system.

I clicked yes, then double clicked the rkill.com file. A dialog box opened for a second, but then the screen went dark and the safe mode yes/no box popped up. I again clicked yes, and thought that maybe that's what was suppose to happen so I went to the next step in the guide and ran the malware.

Malwarebytes found 12 files, which I removed. Then I restarted the computer - and was immediately bombarded by Antivirus Live pop ups.

I did a google search for "rkill.com didn't work", and several of the results talked about Antivirus Live using IE to save its self and that uninstalling IE would help, so I uninstalled. I also found out about the other versions of rkill - .src and .pif - and the trick of renaming rkill to explorer.exe.

I downloaded the other rkill files and tried to run those, then I changed the name on one to explorer.exe with the same results each time - dialog box for a second, then black screen with the safe mode yes/no box.

To recap:
Downloaded rkill.com.
Restarted in safe mode.
Ran rkill.com, but was cut off.
Ran Malwarebytes, removed 12 infected files.
Restarted normally, still infected.
Uninstalled IE.
Downloaded rkill.src and rkill.pif.
Restarted in safe mode.
Tried running all the rkill files, all cut off.
Renamed rkill.src to explorer.exe, ran that, cut off.
Signed-up for the forums and wrote this post.


I have no clue what else to try, so I'm really hoping someone out there can help me.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users