Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Av.exe and Vista Antivirus Pro 2010 really gone?


  • Please log in to reply
4 replies to this topic

#1 Caroline68

Caroline68

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 07 March 2010 - 03:47 PM

Recently I've been infected with Vista Antivirus Pro 2010. Following the common advice, I updated Malwarebytes (which was already installed on my computer long before the virus even came) and used it to scan my computer but it did not detect anything. No malicious items. No infections. Now, this couldn't be because clearly, Antivirus Pro is invading my computer in the form of various irritating pop-ups. :thumbsup:

Thus, I went to task manager and ended the process called msascui.exe. (Which was the very thing that was running Vista Antivirus Pro 2010) Upon doing so, all the pop ups stopped immediately.

Not feeling quite that safe yet, I then ran SuperAntiSpyware and McAfee. Unlike Malwarebytes, these programs detected harmful items.

SuperAntiSpyware removed:

C:\USERS\ENGLISH\APPDATA\Local\TEMP\LOW\MSASCUI.EXE
C:\USERS\ENGLISH\APPDATA\Local\TEMP\LOW\MSASCUI.EXE

McAfee Removed:
Av.EXE-FAkeAlert-WwSec.b

Now I have several questions. One is whether or not it's safe to assume that my computer no longer has anything related to this virus? Is it removed completely? Did ending the process kill it? And two . . . why was it Malwarebytes did not detect anything? I'm starting to feel like Malwarebytes is not working correctly in finding these harmful items. Should I reinstall it? Any answers would be much appreciated. :flowers:

Edited by Caroline68, 07 March 2010 - 03:51 PM.


BC AdBot (Login to Remove)

 


#2 Sashacat

Sashacat

  • Members
  • 372 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 08 March 2010 - 10:34 AM

Hello :thumbsup:
The following removal guide names a step (using FixExe.reg) that is not mentioned in your original post.
How to remove XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010
Posted by Grinler on January 27, 2010

http://www.bleepingcomputer.com/virus-remo...irus-vista-2010

Sometimes SUPERAntiSpyware will find things Malwarebytes' did not find, and vice versa.
Each program releases new updates (new definitions) on a regular basis.
Sometimes I am able to update my Malwarebytes' TWICE in one day.
No single program is fool-proof.

Did you run SUPERAntiSpyware in Safe Mode ?
I have seen official staff members recommend running the SUPERAntiSpyware scan in Safe Mode.

You can update both SUPERAntiSpyware and Malwarebytes', and scan with each program again,
and then reply back with the scan results
(original scan results showing what was found/fixed AND the new scan results)
for an official staff member to look at and help you with.
Copy/paste the ENTIRE CONTENTS of the scan results logs into your next reply.

Just to let you know, I am not authorized to help with logs:
"only trained members of the following groups: Malware Response Team, Malware Study Hall Senior, Moderators or Administrators are allowed to help people with logs."
http://www.bleepingcomputer.com/forums/t/126946/a-reminder-to-our-members-regarding-malware-logs/
If we don't change the direction we are going,
We are likely to end up where we are headed.

#3 Caroline68

Caroline68
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 08 March 2010 - 05:18 PM

Recently I've been infected with Vista Antivirus Pro 2010. Following this guide http://www.bleepingcomputer.com/virus-remo...irus-vista-2010 I updated Malwarebytes (which was already installed on my computer long before the virus even came) and used it to scan my computer but it did not detect anything. No malicious items. No infections. Now, this couldn't be because clearly, Antivirus Pro is invading my computer in the form of various irritating pop-ups.

Thus, I went to task manager and ended the process called msascui.exe. (Which was the very thing that was running Vista Antivirus Pro 2010) Upon doing so, all the pop ups stopped immediately.

Not feeling quite that safe yet, I then ran SuperAntiSpyware and McAfee. Unlike Malwarebytes, these programs detected harmful items.

SuperAntiSpyware removed:

C:\USERS\ENGLISH\APPDATA\Local\TEMP\LOW\MSASCUI.EXE
C:\USERS\ENGLISH\APPDATA\Local\TEMP\LOW\MSASCUI.EXE

McAfee Removed:
Av.EXE-FAkeAlert-WwSec.b

Now I have several questions. One is whether or not it's safe to assume that my computer no longer has anything related to this virus? Is it removed completely? Did ending the process kill it? And two . . . why was it Malwarebytes did not detect anything? I'm starting to feel like Malwarebytes is not working correctly in finding these harmful items. Should I reinstall it? Any answers would be much appreciated.


Here's the most recent scan I did with Malwarebytes after having SuperAntiSpyware and Mcafee remove the virus:
Malwarebytes' Anti-Malware 1.44
Database version: 3831
Windows 6.0.6000
Internet Explorer 7.0.6000.16982

3/7/2010 12:23:49 PM
mbam-log-2010-03-07 (12-23-49).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 325665
Time elapsed: 2 hour(s), 21 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Orange Blossom, 09 March 2010 - 12:25 AM.
Merged topics. ~ OB


#4 Caroline68

Caroline68
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:24 PM

Posted 08 March 2010 - 05:24 PM

Thank-you for replying. :thumbsup:

I did follow that very guide when I was attempting to remove the virus. However, like you said I did not use FixExe. I heard the fix is used to repair file associations and would only apply when your exe files no longer functioned properly. This was not true for me as I could run .exe files without any problems as well as any other programs on my computer. (Including Malwarebytes) Everything was working normally in spite of the virus. I wanted to avoid messing around with the registry and would rather not use Fixexe unless I really needed to.


Unfortunately, I have continously updated Malwarebytes and continously ran scans (both full and quick) to no avail. Each scan resulted in no malicious items found. The one I did today was the same. No detections. It seems I cannot post logs here so I took your advice and posted it in the Removal Logs section of the forums.

No, I ran SuperAntiSpyware in normal mode.

As for SuperAntiSpyware and Mcafee . . . they did not find anything on my computer either when I scanned it today. The virus has not shown any signs. No pop-ups. With these conditions, I normally would be reassured if not for the fact that my computer's been acting a tad slower than usual. (or maybe that's not related . . .?)

Edited by Caroline68, 08 March 2010 - 05:26 PM.


#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,947 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:24 PM

Posted 09 March 2010 - 12:26 AM

Hello,

Given that you are still experiencing issues, please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<==

If you can produce at least some of the logs, then please create the new topic. If you cannot produce any of the logs, then post back here and we will provide you with further instructions.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users