Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Antivirus IS issues

  • Please log in to reply
1 reply to this topic

#1 fashionista81


  • Members
  • 1 posts
  • Local time:03:40 AM

Posted 06 October 2010 - 03:52 PM

I was on yahoo answers looking for help and someone gave me a link to this site.

I'll give you a rundown of what happened and what I have done already in hopes that someone can give me reccomendations on what to do next to remove this from my HP mini laptop.

I was online the night before last and all of a sudden I started getting pop-up's that a virus had gotten into my system. I had things popping up all over the place and then this "Antivirus IS" service telling me they ran scans and found all these things and to buy their service to have it removed. I realized this was obviously a virus of some sort so I X'd out of everything. Then tried running a scan with my virus software, which is Avast Free edition. While I was doing this, I realized whatever this was happened to be crippling my system. I could not access the internet, any files, even my task manager. After the scan ran, nothing came up, so I went into safe mode with networking in an attempt to find something to download to get this out.

First I was told to try this Reimaging Scan, so I downloaded it and it did the scan and nothing was found. I then tried Malwarebytes, ran a scan and they said they found nothing either.

Last night, I redownloaded MalwareBytes, ran it again and it said it found a couple medium level threats and a few low threats...I had them removed when the scan finished, and rebooted my computer and Antivirus IS was still there. I then tried another service called "Super Anti Spyware" after a 2.5 hour scan, it said I had 2 trojans and 36 infections. I had all removed after scan was complete, and thought it was over. Rebooted my computer and to my dismay, it was still there when I started up. I then tried Spy Doctor, and it to said it found a few things and I quarantined them and the stuff was still there when I rebooted the computer.

Nothing has located and removed this virus yet. I am at a loss. I did download RKill as your site had suggested, and it did stop it from working. I was able to be on normal mode, even though when I tried to access the internet it would not work because of some issues with the proxy servers, I was able to go into internet options and the Lan Settings and remove the proxy's the same as I had to do when I was in safe mode with networking, and nothing has popped up or messed with my system since starting RKill and stopping the malware processes before they could start but I know this thing is still in my system and I want it removed before it ruins anything and I was hoping someone could help me to do this by suggesting what I should do next. I am not sure how to remove anything manually, whether it would end up ruining my system by doing this, or even how to find what I need to remove and nothing else seems to be working so any help would be much appreciated.!

Edited by hamluis, 06 October 2010 - 03:56 PM.
Moved from XP Home to Am I Infected ~ Hamluis.

BC AdBot (Login to Remove)


#2 Blade


    Strong in the Bleepforce

  • Site Admin
  • 12,704 posts
  • Gender:Male
  • Location:US
  • Local time:03:40 AM

Posted 14 October 2010 - 03:36 AM

Hello and :thumbsup: to Bleeping Computer. Sorry for the delay.

I need to see the logs from your Malwarebytes scans. They can be retrieved by starting Malwarebytes, then clicking on the logs tab. Select the relevant log(s) (they are organized by date and time) and click Open to view them. Copy and paste the contents in your next reply.


Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.log" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and copy/paste its contents in your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try unchecking the Devices box in addition to the others previously requested. Also, try running GMER in Safe Mode.
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


In your next reply, please include the following:
Malwarebytes log(s)
GMER log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users