Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question- Antivirus Action - Hijackthis


  • Please log in to reply
22 replies to this topic

#1 rtc<3

rtc<3

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 12 November 2010 - 08:54 PM

Okay, So I've been trying since 11am to remove Antivirus Action from my wireless laptop.
It's impossible for me to wipe my harddrive, and I REALLY can't lose this laptop...
The only way I'm able to use it really is in safemode.

The best description of this virus is on here, so ill just copy it.
"While Antivirus Action is running, it will block the ability to run any programs as a method to scare you into thinking that your computer is infected with malware. The following warning will be shown when you try to run the Notepad: Application cannot be executed. The file notepad.exe is infected.
Do you want to activate your antivirus software now.

What is more, the rogue will flood your computer with warnings and fake security alerts. Some of the alerts:

Windows Security alert
Windows reports that computer is infected. Antivirus software
helps to protect your computer against viruses and other
security threats. Click here for the scan your computer. Your
system might be at risk now.

INFILTRATION ALERT
Your computer is being attacked by a Internet
Virus. It could be a password stealing attack, a
trojan – dropper or similar.

DETAILS
Threat: Win32/Nuqel.E
Do you want to block this attack?

Last but not least, Antivirus Action will hijack Internet Explorer so that it will randomly show a warning page which states:

Internet Explorer Warning – visiting this web site may harm your computer!
Most likely causes:
The website contains exploits that can launch a malicious code on your computer
Suspicious network activity detected
There might be an active spyware running on your computer

What you can try:
- Purchase Antivirus System PRO for secure Internet surfing (Recommended).
- Check your computer for viruses and malware.
- More information"

Source: http://www.myantispyware.com/2010/10/07/how-to-remove-antivirus-action-uninstall-instructions/

Ive tried
Regular Avast scans,
Avast boot scans twice,
Spybot Search & Destroy
MalwareBytes Anti-malware three times,

Edited by rtc<3, 12 November 2010 - 09:26 PM.


BC AdBot (Login to Remove)

 


#2 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:01:18 AM

Posted 12 November 2010 - 09:05 PM

A Moderator will move this thread from the XP forum to the "Am I Infected?" forum.

Have a look at the following link:

Remove Antivirus Action (Uninstall Guide)
Posted by Grinler on October 10, 2010
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-action

Edited by AustrAlien, 12 November 2010 - 09:18 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#3 rtc<3

rtc<3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 12 November 2010 - 09:13 PM

I tried that. and that way didn't work, that was why i was posting in the forum.

#4 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:01:18 AM

Posted 12 November 2010 - 09:20 PM

Please post the logs from the MBAM (Malwarebytes Anti-Malware) scans.

Open MBAM > Logs

... and copy/paste the entire content of the logs.

Thank you.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#5 rtc<3

rtc<3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 12 November 2010 - 09:23 PM

What good is that going to do if it found nothing??

#6 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:01:18 AM

Posted 12 November 2010 - 09:24 PM

Please edit your initial post again ... and remove the partial HJT log ... that is NOT allowed here, in the XP forum or the AII forum area!

Edited by AustrAlien, 12 November 2010 - 09:25 PM.

AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#7 rtc<3

rtc<3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 12 November 2010 - 09:26 PM

Okay chill i mis understood! I thought it was allowed when a mod moved it!

#8 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:01:18 AM

Posted 12 November 2010 - 09:28 PM

What good is that going to do if it found nothing??

The guide I linked to does work in most cases .... if ... it is followed closely. I need to know what is happening and what is not working correctly for you, so that I can try to find out why it is not working.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#9 rtc<3

rtc<3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 12 November 2010 - 09:32 PM

I tried that one, and I'm pretty sure I did everything exactly, rkill then that etc. and it has worked previously, so that's why I'm kinda even more frustrated. and I'm doing this while i have the flu.. so yeah.

The virus stops all my programs giving the warnings and things i posted in the first one, from that site like i said it aid it exactly what i'm having happen. and it opens in a few different scam ad warning things.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4198

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/18/2010 1:18:31 AM
mbam-log-2010-06-18 (01-18-31).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 234601
Time elapsed: 1 hour(s), 6 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:01:18 AM

Posted 12 November 2010 - 09:39 PM

Malwarebytes' Anti-Malware 1.46
Database version: 4198

The problem is ... you neglected to update the database definitions for MBAM. The last I saw it was up to 5096.

Open MBAM ... click on Update > Check for updates and allow the database to update.

Then start following the guide from the beginning again (no need to download and install MBAM again though).

Let me know how you get on this time.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#11 rtc<3

rtc<3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 12 November 2010 - 09:44 PM

Okay I am trying that now - thank you. Ill let you know how it goes.

When i downloaded MBAM earlier it was set to update right away then launch, but I guess that doesn't work. Hopefully this gets it cause Ugh.. I have such a headache and this is so frustrating.

#12 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:01:18 AM

Posted 12 November 2010 - 09:48 PM

I have such a headache and this is so frustrating.

Understood !!!

If you have trouble updating MBAM, let us know. There are other ways it can be done, and sometimes it is necessary to resort to those other methods.
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#13 rtc<3

rtc<3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 12 November 2010 - 09:52 PM

I got it updated to 5104 is that good?

#14 AustrAlien

AustrAlien

    Inquisitor


  • Members
  • 6,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cowra NSW Australia
  • Local time:01:18 AM

Posted 12 November 2010 - 09:54 PM

I got it updated to 5104 is that good?

Looks better than good to me: Excellent!

Carry on ...
AustrAlien
Google is my friend. Make Google your friend too.

Posted Image

#15 rtc<3

rtc<3
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:18 AM

Posted 12 November 2010 - 09:54 PM

Thank you, let you know when it's done.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users