Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

av-protect.com


  • Please log in to reply
9 replies to this topic

#1 stven71

stven71

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 22 February 2010 - 04:44 PM

I just fixed this problem for a friend. It's not too sophisticated.

Here's what's happening. Apparently someone inadvertently installs some antivirus protection (ESET). This program then gives a false warning, telling you to fix the problem you must purchase their full protection system at this address:
av-protect.com/purchase?r=57.4

Instead of reinstalling OP, here's what I did (BTW, the system infected was running XP)

1. Go to safe mode - F8.
2. go to RUN, then type "msconfig"
3. Go to 'Start Up', scroll down looking for fqtsftv and egui and disable
4. Go to control panel 'Add Remove' and look for anything related to "ESET" and uninstall
5. Go to Documents and Settings. In all profiles search 'Application Data' and 'Local Settngs' for anything EST. Delete. Also go to program files and find anything EST and delete
5. Go to Internet Explorer Browser and click on tools, internet options, connections, LAN SETTING...then undo proxy settings

You should be good to go

Edited by stven71, 22 February 2010 - 05:01 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,244 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:50 PM

Posted 22 February 2010 - 06:11 PM

I think you have it wrong, see http://safeweb.norton.com/report/show?name=av-protect.com.

This is a known malware site, using the fake AV front.

Louis

#3 stven71

stven71
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 22 February 2010 - 09:18 PM

hamluis, I think we're both on the same pg. I know av-protect.com is a malware site. I thought I was clear. :thumbsup:

#4 hamluis

hamluis

    Moderator


  • Moderator
  • 55,244 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:50 PM

Posted 22 February 2010 - 09:29 PM

<<You should be good to go..

I think that users who have a problem with such programs/sites...ought to not assume that they know how to overcome such.

I would prefer a reputable guide from a reputable website...if I didn't know what to do.

I would use the BC malware forums.

Louis

#5 stven71

stven71
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 23 February 2010 - 12:06 AM

Well, my friend came over to pick up her computer and while she was here she visited the same site that cause the infection.
SurfTheChannel.com

She was using IE7 so I thought that maybe the attck was exploiting a vulnerability in the old browser. Well, she used Mozilla current browser (3.5.8) and again she was hit with an attack. This time, however, it installed by itself. It completely shut down her AVG (free version) anti virus software. But the new malware was different from what she got a few days earlier. It is still indicating infections - this time much more numerous infections. Going thru the same procedure I outlined above does not work. Malware wants a purchase to “free infections”.

I think I should simply reinstall OP system. Any thoughts from anyone about this problem?

Oh, one final comment. Her OP system is in Hungarian.

#6 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:50 PM

Posted 23 February 2010 - 02:14 AM

My thought is a rather obvious one, stay away from sites that are known to cause infections, sorry, but, when you go back to one you know you got infected from, you can pretty much count on being infected again.

There is no real protection from not practicing safe surfing habits.

Btw, I just checked that sites rating with MyWot and even though they have given it a green rating that is suppose to indicate it is a safe site, there are 31 people who have stated it has viruses, malicious content, spyware and adware on the site.

For those who do check a sites trustworthiness on MyWot, I hope you know it is not enough to just check to see if the site has been given green or red ratings, one has to look at the rest of the page to get a true sense of the sites safety

Edited by Stang777, 23 February 2010 - 02:21 AM.


#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:50 PM

Posted 23 February 2010 - 06:43 AM

Do a google for SQL Injection attacks, and it will provide lists of websites that have been hit.

#8 stven71

stven71
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 23 February 2010 - 03:17 PM

Stang777, yes you are quite right. However, she has absolutely no computer knowledge whatsoever. She didn't realize that is was that site that caused the first infection.

My friend is really in a bind. She is from Hungary and Ijust found out she left her recovery disk there. Tried to get another but since it is a Euro machine Toshiba requires disk to be shipped from Europe, and to a Hungarian address. For a variety of reasons she can't do this. So she has two options: Buy new computer or try to delete the malware.

She's short on $$$ so I will try to fix. I opened in Safe Mode then disabled all start up programs from msconfig. However, the malware still launches. It's called "XP Antispyware 2010".
I cannot open firewall settings or AVG ant virus. I also ran Microsoft Malware software and it could not pick up this particular malware. Running out of options

Also, making things more difficult is that the whole damn XP is in Hungarian :thumbsup:

I would greatly apprec. any suggestions on how to eliminate this malware?

Edited by stven71, 23 February 2010 - 10:42 PM.


#9 hamluis

hamluis

    Moderator


  • Moderator
  • 55,244 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:03:50 PM

Posted 23 February 2010 - 03:32 PM

You have at least two options:

a. You can try to overcome the malware yourself.

b. You can follow the administrative procedures at http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/ and thereby seek assistance from the BC malware group.

Well...I suppose you have a 3d option...you could do a clean install.

If I wanted to try to handle it myself...I would remove the hard drive from the system...attach it as a secondary drive to a well-defended 2d computer system. From there I would run an updated, full scan using Malwarebytes on said drive. Once that completed, I would run a full scan with my updated AV program. Once that finished, I would run a full scan with SUPERAntiSpyware.

I would then reinsert the drive in the previously infected systems and try to boot.

If I had any problems, I would fall back to the option I previously ignored...the BC malware forums.

FWIW: XP Antispyware 2009 Removal Guide

Louis

#10 stven71

stven71
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:50 PM

Posted 24 February 2010 - 02:26 PM

I was able to get my friends computer up and running again. I don't know how safe it is, but like I said, her and her machine being from Hungary, and having no recovery disk, if I couldnt fix, she has no other option but to buy a new computer.

I simply searched the internet for XP Antivirus 2010 maleware...This is exactly what she had:
http://forums.malwarebytes.org/index.php?showtopic=38629

However, very few of the files indicated here were on her computer.

I just did a search in Safe Mode (this program launches even in safe mode) and deleted av.exe. Then I went to the registry and did a search for anything related to XP antivirus. I deleted the whole folder. I also deleted ie7, Mozilla and AVG free version-anti virus protection (I don't know why, I just did it).

The program was still running when I rebooted. However, after reboot, the program didn't launch and I could get access to the firewall - it was disabled.

The computer seems to be running normal. I reinstalled AVG again and ran a scan, came up with Trojan SHeu3AX. I quarantined it. Nothing else came up.

I installed ie8 and Opera. Computer seems fine. I also put her profile on "Limited"

How safe is her computer? She wants to know if she can pay her credit card thru her computer? Also, again, her OS is in Hungarian.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users