Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV security suite virus


  • Please log in to reply
14 replies to this topic

#1 geoff hayes

geoff hayes

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 21 June 2010 - 09:27 AM

Hi, yesterday my computer was infected with the AV security virus. I managed to stop the constant popups using the task manager, and have deleted some corrupted files and registry files. I have disabled the proxy server also. Everytime i try to run a program like malwarebytes or rkill, i get an error message and the program closes. If anyone could help me, it would be greatly appreciated.
Thanks, Geoff

Also, if it makes a difference i am not posting on the infected computer.

EDIT: Moved from MRL to Am I Infected ~ Hamluis.

Edited by hamluis, 21 June 2010 - 09:40 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:40 AM

Posted 21 June 2010 - 11:16 AM

hello can you give me the MBAM error...

Try running these first and MBAM may work after.

You can also try booting into Safe mide and running MBAm after RKill.

In all events we need to try to run all 3.

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 geoff hayes

geoff hayes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 21 June 2010 - 11:41 AM

Hi, the error i get when trying to run mbam is "Error 5. Unable to execute file in the temporary directory. setup aborted. Error 5 access is denied"
I ran ATF cleaner, that did it's job without a problem. I cant open Super, everytime i try to run it, it says "Setup failed. Error reading the setup data"

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:40 AM

Posted 21 June 2010 - 11:52 AM

Are you saving to the desktop? what is your Operating system??

Also try disabling the firewall or your Antivirus while installing.

OR
1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility. Mbam clean
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here. http://www.malwarebytes.org/mbam-download.php
Note: You will need to reactivate the program using the license you were sent.
Note: If using Free version, ignore the part about putting in your license key and activating.
Launch the program and set the Protection and Registration.
Then go to the UPDATE tab if not done during installation and check for updates.
Restart the computer again and verify that MBAM is in the task tray and run a Quick Scan and post that log.


EDIT:

If SUPERAntiSpyware is not currently installed, please download and run one of these alternate versions of the install package:

SUPERAntiSpyware FREE Edition Installer


If SUPERAntiSpyware is already installed but simply will not run, please download and run the following program to launch SUPERAntiSpyware:

RUNSAS.EXE

Edited by boopme, 21 June 2010 - 12:00 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 geoff hayes

geoff hayes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 21 June 2010 - 12:20 PM

I am running windows xp home edition, i have disabled the firewall and have been saving everything to the desktop. The malwarebytes never did install, because everytime i tried i got the error message i posted before. When i run mbam-cleaner i get the error message "SHGetvalue failed with error code 0". It downloads ok, but you get the error code 5 when you try to install it. The same with Superantispyware, i can download it fine but when trying to install it i get the error message "Error reading setup data".

Edited by geoff hayes, 21 June 2010 - 12:26 PM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:40 AM

Posted 21 June 2010 - 12:32 PM

Ahh Ok,,, Reboot into Safe Mode with Networking


Please follow our Removal Guide here Remove Antispyware Soft (Uninstall Guide) I think it will will get us in.
You will move to the Automated Removal Instructions

After you completed that, post your scan log here,let me know how things are.
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 geoff hayes

geoff hayes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 21 June 2010 - 12:46 PM

I went into safe mode with networking, opened the guide and followed the instructions up to the part where you download rkill. It downloaded ok, but when i try to run it, i get an error message that says "An unknown error occurred. The program will be terminated". It does the same thing to the two alternatives, Iexplorer.exe and explorer.exe.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:40 AM

Posted 21 June 2010 - 01:32 PM

Will anything else run?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 geoff hayes

geoff hayes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 21 June 2010 - 01:35 PM

ATF cleaner, and all other programs already installed on my pc. It just will not let me install any of the anti spyware or virus programs.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:40 AM

Posted 21 June 2010 - 03:40 PM

Ok ,try this

Click on Start, Then Control Panel
Click on Users
Create a new user account with Administrative Rights
Login as that user
Now run MBAM (MalwareBytes below) ,, Run a FULL scan this will search all user accounts on your machine.
Reboot your machine.
When your machine is at the login don't login into the infected account log into the new account you made.
Logout of the new account once the machine finishes booting up.
Log into your original account that was infected. Post the MBAM log.
Hopefully we are good.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 geoff hayes

geoff hayes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 22 June 2010 - 10:34 AM

Hi, i made the administrator account, malwarebytes ran fine, and i rebooted. Now when i try to go onto the internet explorer i get the error message" Internet explorer has encountered a problem and needs to close. We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost." I can't log onto the internet to post the log. My ethernet cable is plugged into the computer and i was able to log into the internet before i restarted my PC. Any suggestions?

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,440 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:40 AM

Posted 22 June 2010 - 10:59 AM

Try this--open control, internet options, connections tab, lan settings, uncheck the box next to "use proxy...."
OR
Go to Start ... Run and type in cmd
A dos Window will appear.
Type in the dos window: netsh winsock reset
Click on the enter key.

Reboot your system to complete the process.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 geoff hayes

geoff hayes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 22 June 2010 - 11:13 AM

Tried both, and i still get the same error message.

#14 kt1173

kt1173

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:40 PM

Posted 23 June 2010 - 03:23 AM

hello. i just recieved this av security suite virus i've been reading about and have been up for a while trying to figure out how to get rid of it? can you please help me out?

#15 geoff hayes

geoff hayes
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:40 AM

Posted 26 June 2010 - 04:45 PM

Nevermind, i fixed it now and got rid of it. thanks for the help anyway




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users