Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus 2010 Malware


  • Please log in to reply
No replies to this topic

#1 edw987

edw987

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 AM

Posted 05 March 2010 - 04:16 PM

Here is how to get rid of AV 2010. I am running XP Pro but it should work for Vista. There is a malicious Antivirus 2010 malware that can enter the computer just by visiting news sites, without even clicking on anything in the site. Norton / Symantec antivirus does not protect against it. If it gets on your computer, you will immediately see the Antivirus 2010 popups and fake notifications. You can use rkill to terminate the malicious processes (http://www.softsailor.com/downloads/18905-download-rkill-com-free-and-terminate-malicious-processes.html). You can use Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php) to remove the viruses, except for the fact that the program is several months old and it needs to be updated before it can find the latest viruses. However to update, it needs to connect to the Web. But this activates the virus again which prevents the download. :thumbsup: I finally found a suggestion to restart in safe mode, and use the administrator account rather than the user account, because somehow the virus would not start there. I did this and it worked. When I entered the administrator account (I had put a password on it long ago) I double-clicked on Malwarebytes' Anti-Malware icon, and went to update. It was able to update and got today’s date after the update. I ran it (quick version), it found one more virus missed when I had run it without update. I ran it again, no more viruses. While it is running, do not click and open anything else in the computer as this may reactivate the virus. And if you use rkill again if the virus is reactivated, it will also terminate Malwarebytes. After the viruses were removed, I started the computer normally - voila no Antivirus 2010 Malware. However, the registry association for exe files had been corrupted (probably by the malicious viruses). :inlove: When I clicked on executable files and shortcuts they would only run if I right clicked, clicked ‘run as’, and then unclicked ‘Protect my computer and data from unauthorized program activity’. So I used this fix (http://www.supertechtips.info/resource/xp_exe_fix.zip) with documentation here (http://www.supertechtips.info/fix-windows-file-association-problems.html) to reassociate the exe files. But wait, there's more. I could no longer uninstall things (like the useless Symantec/Norton Antivirus) because the 2010 Virus apparently turned of the Windows Installer. :flowers: To turn it back on, run msconfig, goto services, and make sure Windows Installer box is clicked. There was one other thing I did as per a suggestion but I am not sure if it was needed. I edited the c:\boot.ini file (to see it in Windows Explorer you need to go to tools, folder options, view, show hidden files and folders, and unclick ‘hide protected operating system files. Then you need to right click on the file and unclick ‘read only’). I edited it by changing /NoExecute=OptIn to /Execute at the end of a long line of code. It seems to be another useless XP Service Pack 2 function. Then I saved boot.ini, and rebooted. To stop the problem permanently I then installed Kaspersky Antivirus which catch these kinds of malicious malwares. :trumpet:

Edited by edw987, 05 March 2010 - 11:11 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users