I came across this useful guide and tried using it to remove the Antivirus Action malware that found its way on my computer earlier today. I followed it step-by-step, however, am still getting attacked upon logging in
Steps I took:
1) Run Safe Mode
2) Run RKILL via iExplore
3) Install Malwarebytes and run a full scan, deleting the infected files
4) Restarting as requested
This is where things may have gone awry- when the machine restarted, Windows launched normally (not in safe mode), however, I assumed that Malwarebytes would still run as normal. Unfortunately, it didn't. Windows gave me the message that it blocked some programs from starting up (i.e. Malwarebytes) and the Antivirus Action was doing its thing- pop-ups in the form of Windows messages, scary things next to the Start bar, etc. I thought this may be due to the host file step which I promptly completed, however, that didn't change anything.
I'd love to get some help on getting this resolved. The only way I'm able to get online and browse is by running RKILL and changing system settings in Chrome to not use the proxy setting any more. Whatever help you can provide will be much appreciated!
Edited by coot66, 05 December 2010 - 04:01 AM.