Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RE: AV Security Suite Removal Guide


  • Please log in to reply
No replies to this topic

#1 Tweener

Tweener

  • Members
  • 56 posts
  • OFFLINE
  •  
  • Location:Ohio
  • Local time:05:30 AM

Posted 09 June 2010 - 11:19 AM

When my parents' machine got infected with this nasty yesterday, I tried Grinler's self-help solution here. Unfortunately, I couldn't get networking going in safe mode and couldn't update the anti-malware application; so though I did run it - it didn't solve the problem. Worse, this version of AV Security Suite would not allow the running of any applications at all in normal boot (not even rkill.com) and it reinstated its browser proxy server settings immediately if they were changed.

What I did:

Since I could still access the O.S. main functions, I used the file search to look for all files created on yesterday's date. I ordered them by their creation time, and then scrolled down to near the time of the infection and found several adobe reader files and two random named executable (.exe) files that were created in about a 4 minute period that was separated by any other file creations by more than 15 minutes. I removed all these to the recycle bin and rebooted the computer normally. The self executing application did not start and I was able to fix the proxy settings, run rkill.com, and update and run MBAM. So far the infection has not resurfaced.

Point of note:

Since I am sure the zero day exploit of Adobe Reader 9 was to blame for the infection, I disabled all Adobe Reader add-ons in the browser, and relocated the file C:\Program Files\Adobe\Reader 9.\Reader\authplay.dll as this page at adobe.com suggests: Adobe Flash, Reader, and Acrobat Security Advisory

Edited by Tweener, 09 June 2010 - 03:11 PM.

There are 10 kinds of people, those that understand binary - and those that don't.

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users