Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntiVira Av - need more assistance


  • Please log in to reply
16 replies to this topic

#1 orangesock

orangesock

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 16 February 2011 - 12:35 PM

Hello all, and thank you for any assitance in advance
This morning my computer was taken over by AntiVira Av. Luckily on my phone I found your site and followed the step-by-step instructions for how to deal with it.
I got both Rkill and malwarebytes. The malwarebytes scan found one trojan, and put it in quaratine. Then it said i have to reboot, so I did, however the rebooting to me straight to Normal Windows (non-safe mode) and there Antivira was still active, preventing me from doing anything. So i shutdown and restarted, going back in Safe Networking Mode. ( btw Im on a Vista) I am currently in the Safe Netwoeking Mode, and i can use everything no problem, no signs of Antivira. I turned off the proxy again (unchecked the box under LAN)
So my question is, what do I have to do to rid my Normal version of Windows or whatever its called of AntiVira???

Thanks again!

BC AdBot (Login to Remove)

 


#2 a4givensinner

a4givensinner

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 16 February 2011 - 12:44 PM

I hope you get an answer...I'm dealing with the same thing. I have a post up about this too...Maybe one of us will get some help.

#3 orangesock

orangesock
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 16 February 2011 - 02:18 PM

any help?

#4 orangesock

orangesock
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 16 February 2011 - 06:49 PM

ahhh!! so relieved, its fixed.
I restarted, went straight into normal mode where the virus was still present, and rank rkill and the cleaner again, took a little bit but appears to be gone now!
thanks

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:48 AM

Posted 16 February 2011 - 09:22 PM

Ok good.. Let's see if there were others on here as you had difficulty.

Clear your Temp files first.
TFC by OT
Please download TFC by Old Timer and save it to your desktop.
alternate download link

Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

Now run an online scan.
Please perform a scan with Eset Online Antiivirus Scanner.
This scan requires Internet Explorer,Opera or Firefox to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer.
  • If offered the option to get information or buy software at any point, just close the window.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply.
Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
If you did not save the ESETScan log, click Posted Image > Run..., then type or copy and paste everything in the code box below into the Open dialogue box:

C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Click Ok and the scan results will open in Notepad.
  • Copy and paste the contents of log.txt in your next reply.
-- Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

NOTE: In some instances if no malware is found there will be no log produced.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 a4givensinner

a4givensinner

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 16 February 2011 - 09:40 PM

I've got a simalar question I posted the day before this one at http://www.bleepingcomputer.com/forums/topic379825.html/page__gopid__2137091#entry2137091. Would it be okay for me to try the steps outlined here? Please someone help!

Thanks

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:48 AM

Posted 16 February 2011 - 09:51 PM

a4givensinner

After posting a log for analysis and help with malware infection, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Response Team member...nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process or make things worst which would extend the time it takes to clean your computer.

From this point on the Malware Response Team should be the only members that you take advice from, until they have verified your log as clean.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 a4givensinner

a4givensinner

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 17 February 2011 - 10:39 AM

I'm willing to do that, but when are they going to respond? Is there an ETA? I thought posts were answered in the order they were posted, but I posted before this one. If no one is going to respond, I have to do something else...If someone will help, I will gladly wait. Thanks.

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,750 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:48 AM

Posted 17 February 2011 - 11:48 AM

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, requests for help are not always answered in a timely manner. Although our staff work on hundreds of requests each day, they are all volunteers who contribute to helping members as time permits. No one is paid by Bleeping Computer for their assistance to our members.

New and more devious malware infections are released almost daily. It then takes time to investigate, analyze and test removal techniques before we can help members like yourself. Doing that means that we sacrifice speed of response for a quality response that will help remove the malware more effectively.

Further, our First Responder staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Not all staff members have access to or are familiar with every type of operating system version...some may only have Windows XP as they cannot afford to upgrade while others may only have Vista or Windows 7.

Although your topic looks lost in the queue of many pages where others have posted for help since you did, please be patient. It may take a while to get a response but your topic will be answered as soon as possible.

Thank you for understanding.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 orangesock

orangesock
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 17 February 2011 - 07:36 PM

Thanks boopme I will follow your steps right now, since the antivira had only been disengaged but is still on my computer, and I have to run rkill after each time I turn my comp on just to operate it.

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:48 AM

Posted 17 February 2011 - 07:48 PM

Yes RKill need s to be re run after any reboot.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 orangesock

orangesock
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 17 February 2011 - 07:56 PM

Oh no! Boopme help!
I was running the TFC scan, but in the process windowns said it stopes responding and it closed. But I still had no icons/ toolbar, nothing ! I rebotted , but there's nothing on my screen inn safemode! How do I get all my
stuff back????

#13 orangesock

orangesock
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 17 February 2011 - 08:00 PM

Ah phew they're back! But should I try tfc again? I'm hesitant to do so...

Actually! I think anti is gone, it's not showing up when before it wouldn't even let me use ie.
Do you recommed I still do te tfc ad the next step just to ensure that the malware is gone?

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:48 AM

Posted 17 February 2011 - 08:11 PM

Ok we we'll hold off on that. Did you run the ESET scan? Was this XP or another?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#15 orangesock

orangesock
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:48 AM

Posted 17 February 2011 - 08:14 PM

I'm on Vista. No i have not run Eset, should I? bypssing the TFC?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users