Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV Security Suite


  • Please log in to reply
3 replies to this topic

#1 Peoples-2

Peoples-2

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 03 July 2010 - 11:23 AM

So my father's PC has become infected by AV Security Suite one way or another. He is running Windows XP. I have followed the removal instructions found at bleepingcomputer.

However, the computer is experiencing serious issues and I cannot complete the removal instructions. See below for a list of issues:

#1

The computer will not boot in safe mode, safe mode with networking, or safe mode with command prompt. I have tried multiple times. Each time it starts booting into safe mode and then I get a blue screen of death. Screenshot

#2

I cannot run rkill.com and I have tried all of the renamed versions. The window box opens up to run the program then I receive the error:

"Application cannot be executed. The file rkill.com is infected. Do you want to activate your antivirus software now?"


#3

I cannot run nearly ANY programs. I get the same error message as above when I try and run:

cmd.exe
taskmgr.exe
regedit.exe
rstrui.exe (System Restore)
rundll32.exe (Delete Internet Files)
mbam.exe
ComboFix.exe

Internet Explorer does not work, even after disabling the LAN proxy settings as instructed. However, Firefox works without issue.

Please advise. :thumbsup: Thanks.

Edited by Peoples-2, 03 July 2010 - 11:47 AM.


BC AdBot (Login to Remove)

 


#2 Peoples-2

Peoples-2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 03 July 2010 - 07:28 PM

Update:

I was able to get rkill.com to run after "out-clicking" the virus. I literally sat there and just tried to open up rkill.com as fast as I could and I guess the virus couldn't kill the programs fast enough. I then was able to run mbam.exe, which cleared three trojans. It prompted me to restart. Restarted, virus was back again. Followed the same procedure, mbam.exe cleared two trojans. I then ran ComboFix which detected root kit activity and cleaned everything up. Laptop is running great again.

My father was running Windows XP SP2...no wonder the virus was able to do what it did.

This can be closed.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,404 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:14 PM

Posted 03 July 2010 - 11:15 PM

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Peoples-2

Peoples-2
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:14 PM

Posted 04 July 2010 - 12:39 AM

Thanks for the tip boopme, I will be sure to do that.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users