Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus.net


  • Please log in to reply
9 replies to this topic

#1 kirstyme

kirstyme

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 03 February 2011 - 07:50 AM

Last night whilst browsing online, I started recieving alerts from antivirus.net telling me I was infected etc.
I closed all related tabs, but they kept appearing despite me using a pop up blocker.

I thought I would simply restore my computer to a few days before but that almost ended in disaster, with it freezing and then only loading to a black screen. Used my ipad and got details of how to solve that problem.

No more pop ups or messages appeared from antivirus.net apart from my google page which was my home page, is redirected to their warning page, saying internet explorer unable to load page as visiting this website may be harmful to your computer. The links to sort it, link the to them.

Im able to get on all other websites without problems, just not google.

I found your very helpful step by step guide on how to remove the antivirus.net.
I followed the steps - used the Rkill and then downloaded malwarebytes. The full scan took over 2hours to run and found no infected files. I ran several quick scans afterwards to with no results. I use windows securoty essential and have ran full and quick scans with it also that have detected nothing.

I tried to run the windowslive safety scanner after looking on microsoft pages for help, but it will not load on my pc.
I also ran something called tdsskiller that I read someone else advised to use, but again this detected nothing!

I am running windows 7 home premium, I am not a computer expert obviously and would appreciate any help and advise as Im worried about using the computer for anything!

I look forward to your advise, thanks kirstyme

BC AdBot (Login to Remove)

 


#2 kirstyme

kirstyme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 03 February 2011 - 08:10 AM

Just done another quick scan so I could show the results, on my way out and dont like to leave my laptop running when Im gone

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5667

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03/02/2011 13:06:50
mbam-log-2011-02-03 (13-06-50).txt

Scan type: Quick scan
Objects scanned: 151435
Time elapsed: 6 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#3 kirstyme

kirstyme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 03 February 2011 - 03:11 PM

No advice? :wacko: :mellow:
Common guys please!! :inlove:

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:26 PM

Posted 03 February 2011 - 03:51 PM

Hello,please run RKill again. It unloads after any reboot.

First Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply

Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.


Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 kirstyme

kirstyme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 03 February 2011 - 05:44 PM

Thanks for the advice and steps

Followed everything as instructed

Eset scan found 1 infected file

C:\Users\Kirsty\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\1526f290-676e3804 multiple threats deleted - quarantined

But running malwarebytes found nothing again!!

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5671

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03/02/2011 22:42:01
mbam-log-2011-02-03 (22-42-01).txt

Scan type: Quick scan
Objects scanned: 150994
Time elapsed: 4 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Any ideas??

Thanks kirsty

#6 kirstyme

kirstyme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 03 February 2011 - 05:58 PM

And after all that I can now get on google again!

Do you think my laptops safe now? Been to paranoid to sign into any secure sites, banking, hotmail, ebay, facebook etc incase its still infected!

Thanks for your help

kirsty

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:26 PM

Posted 03 February 2011 - 06:58 PM

Hi kristy, looks good now. No password steelers or keyloggers.
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 kirstyme

kirstyme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 04 February 2011 - 05:57 AM

The system restore on mines doesnt give me an option to create a restore point?
It also doesnt give me much scope to roll back, it only gives a couple of days previous to restore to?
It appears to have created a new restore point last night after I updated some stuff so that should be ok?

Thanks again for all your help!

Is it safe to uninstall all these downloaded programs I have downloaded to clear this or should I keep them all?

Thanks kirsty

#9 kirstyme

kirstyme
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 04 February 2011 - 06:06 AM

Sorry for the last post! Re-read your post and saw the seperate links for windows 7, have now created a new restore point and delted previous!! Thanks for all your help!! :thumbsup: :thumbsup: :clapping: B) :lol:

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:26 PM

Posted 04 February 2011 - 12:07 PM

Yes you can remove everything. You may want to consider keeping MBAm and updating and scanning weekly.

You're welcome from us all!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users