Posted 27 April 2010 - 09:41 AM
My name is Jeff.
I've been trying to eradicate this virus for about 1 week now.
I've been using the method that is posted here that uses Fixexe.reg to get enough control to run Malwarebytes, Anti-Malware program.
Running that program finds about 6 or so Trojans, and deletes them. Works great...for a short while.
Operating System: Window XP w/ SP3
Firewall: Zonealarm Internet Security Suite v. 9.1.507.000 (latest version)
Other tools: Malwarebytes Anti-Malware, Spyware Blaster, Spybot S&D, ESet On-Line Scanner.
I keep all of these products updated on a regular basis, every few days at the most. I have been performing full scans at least once a week. I've been doing this pretty religiously ever since I had a problem with the Security Tools Virus. The person who worked with me back then recommended all of the above tools for a pretty bullet proof method of keeping out anything bad. I guess that's changed.
I'm just amazed that anything could possibly get through all of the defense I've set up. I do try to follow all of the recommendations on how to prevent malware infections to begin with.
Possible entry point?? My wife got an email from a family friend. At the time, nothing happened. A day later the same person sent out another email saying please don't view the email, it has a virus. Again, I'm surprised it could get through Zonealarm?
Here's what I've done: The Ave.exe Virus puts up a fake Security console that says I'm infected, click Register to purchase full version to eradicate the problems. It won't let me start up any other programs.
1. I use the Fixexe.reg to be able to run other programs.
2. I then run Malwarebytes Anti-Malware. It finds and deletes about 6 or so problems.
3. I also do a full scan with Zonealarm. It sometimes finds an additional problem and quarantines it.
At that point, my PC seems to be back to normal. I can check email via Outlook and run other programs. All of the Rogue Virus Control panels are gone. Any additional scans find no problems at all.
4. I can also start up Internet Explorer and go to my homepage (Surewest.net)
5. I'm not sure about this part, but I seem to be able to directly go to any URL address I type in, with no problems.
6. The problems seem to be if I'm searching for something, say, with the Google Toolbar search.
7. I get the list of websites related to the search, which, if I click on any of them, I get redirected to some other seemingly random website.
8. Thats when my Zonealarm starts sending me alerts that Ave.exe is trying to access my PC.
9. I also get the rogue control panels, XP Anti-Malware 2010, or XP Defender that basically hijacks my system.
I can then go back to step #1 and start the process over again.
So with all of the tools I'm using and scanning with, it's not finding everything. Everytime I'm on Internet Explorer, it resurfaces anew.
With whomever is going to work with me on this one...when I start to generate required logs, do these logs need to be generated while the full scale infection is going on, or after I've kinda fixed it using steps 2 & 3, above? I do have some logs saved from both steps while fixing. I can attach those as well.
-- Jeff Forester --