Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

" Clean up Anti Vivus "


  • Please log in to reply
13 replies to this topic

#1 shogun697

shogun697

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ireland
  • Local time:10:35 AM

Posted 20 April 2010 - 01:03 PM

Hi a work friend got some sort of infection on his computer which is telling him that he has a vius etc... and needs to download "Clean up Anti Vivus" to get rid of it.He tells me his own ESAT anti vius is up to date and he has ran malwarebytes.Whats the best way to go about getting rid of this.Any help would be great.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 petewills

petewills

  • Members
  • 1,378 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Birmingham, UK
  • Local time:03:35 PM

Posted 20 April 2010 - 01:11 PM

Don't download any such program - probably a scam.

This is probably relevant:

Remove Cleanup Antivirus (Uninstall Guide)

http://www.bleepingcomputer.com/virus-remo...eanup-antivirus

Edited by petewills , 20 April 2010 - 01:13 PM.


#3 shogun697

shogun697
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ireland
  • Local time:10:35 AM

Posted 24 April 2010 - 01:48 PM

Help with Hostsperm.bat Download Link .I'm going to start using the tutorial but not a 100 sure what to do with the host part.I was hoping someone explain that part of it.Thanks for the help

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,987 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:35 AM

Posted 24 April 2010 - 07:10 PM

Here is a tutorial that discusses what the Host file is: http://www.bleepingcomputer.com/tutorials/hosts-files-explained/

Malware will often change the Host file to prevent security programs from running or updating, to prevent a user from reading or posting on a security forum, or to cause the browser to redirect to bad sites.

That must be fixed. The malware, however, may have done something to keep the fix from happening. If that is the case, the Hostperm.bat file will fix it.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 shogun697

shogun697
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ireland
  • Local time:10:35 AM

Posted 24 April 2010 - 08:03 PM

thanks Orange I read your link and have a way better understanding, but still a little lost.When I download the hostpem,bat.file will it fix it automaticly are do i have to replace the command myself? and if so is it the same command with all vivus.sorry I know this maybe a simple question but its my first time trying this.Thanks again for the help

#6 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:10:35 AM

Posted 24 April 2010 - 08:51 PM

When you download and then run the hostsperm.bat mentioned in the tutorial that was recommended, you should then move on to the next step which I believe is 18.

Does that help? The hostsperm.bat is just the program that you run and it will do it's magic automatically in the background. Make sure you follow the instruction exactly in order to help you chances of removing this malware.

Happy Malware Fighting!

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:35 AM

Posted 24 April 2010 - 09:08 PM

The Virus changes the permissions of the HOSTS file so you can't edit or delete it. The hot sperm file FIXES the permiissions only .. Now typiu need to replace the Hosts file with the one in Step 18 that matches your Operating Systemmm (XP ,Vista etc.)

Delete the C:\Windows\System32\Drivers\etc\HOSTS file.
Download the new HOSTS that matches yours (from the Blue HOSTS files listed)
Save it in the C:\Windows\System32\Drivers\etc folder.
This should work automatically..
The next line so an IF


If the contents of the HOSTS file opens in your browser .................
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 shogun697

shogun697
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ireland
  • Local time:10:35 AM

Posted 24 April 2010 - 09:48 PM

thanks a lot.at work at moment so will try it tomorrow afternoon.thanks again will let ye know how it goes

#9 shogun697

shogun697
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ireland
  • Local time:10:35 AM

Posted 25 April 2010 - 02:44 PM

I done all the steps and found and removed a trojan.I used the hostsperm.bat and then saved the blue vista host file.I did'nt type anything myself into the host file. Hopefully that will be the end of it.Thanks to everyone for the help great site

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:35 AM

Posted 25 April 2010 - 03:04 PM

Hello,that was great but we should still run these now.

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 shogun697

shogun697
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ireland
  • Local time:10:35 AM

Posted 25 April 2010 - 05:12 PM

Hey Boopie. It was a work friends computer which I returned to him tonight after removing the trojan.when I removed the trojan I installed and ran the superantispyware program(833 enties found).I returned the computer before I read your last message so did'nt know about running ATf Cleaner..etc....
Do you think I should get the computer back and do those steps are have I done enough to have got rid of the trojan.Once again thanks for taking the time to help.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:35 AM

Posted 25 April 2010 - 06:56 PM

Hi, I like to run several tools as some will find things others do not. I just am a bit of a stickler that I got all off before they go away. Perhaps the scan may come back clean. Most times I have seen here is that some malwares have left friends behind and rather do it now then again in a week or so.

Edited by boopme, 25 April 2010 - 09:18 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 shogun697

shogun697
  • Topic Starter

  • Members
  • 208 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:ireland
  • Local time:10:35 AM

Posted 25 April 2010 - 07:25 PM

Right I'll do that just to make sure. Thanks Boopme

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,403 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:35 AM

Posted 25 April 2010 - 09:19 PM

You're most welcome :thumbsup:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users