Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntiVira AV - Need More Help


  • Please log in to reply
6 replies to this topic

#1 profWalsh

profWalsh

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 17 February 2011 - 12:30 AM

Okay, here is what happened...

When I first got infected I ran mbam in windows, no need to use rkill as I caught it right at the start, I ran a quick scan.

mbam found 2 infections, told me to restart, I did.

I was still infected.

Standard infection symptoms, AntiVira comes up, it tells me I am infected, starts spamming me with fake info.

So, I booted into safe mode, ran mbam again, this time a full scan... Found nothing.

Then I panicked.

I used my laptop to get to here and I followed all of the steps... I got all the versions of rkill... And sat in the chat room freaking out as I tried to deal with the infection... Got back into windows... Ran rkill... It didn't seem to run, but the malware did disengage giving me full control of my computer once again, then I ran a full scan with mbam... mbam found... 1 infection...

So.. I restarted.

The virus was still there.

I ran rkill, but rkill doesn't seem to run right, but again the malware disengaged.

I can apparently use my computer but it still claims to be infected.

Any help would be appreciated.

Edit:
Adding some information:
Operating System - Windows Vista 64 Bit Edition

Strange Behavior - One of the version of rkill, the only one that the program allows to run, does seem to work but seems to stall in the command prompt box that says it is preparing. However this does seem to cause the malware to shut completely down.

Edited by profWalsh, 17 February 2011 - 01:46 AM.


BC AdBot (Login to Remove)

 


#2 profWalsh

profWalsh
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 17 February 2011 - 09:03 AM

Okay...

An update:

So... After running malwareBytes the first time, it like, came back as I mentioned above.

So I rKilled and ran malwareBytes again. It found 1 infection.

When I got up, just to check, I restarted my computer.

AVG went freaking ballistic when I restarted.

It found tons of things that it was terminating. (heh then it even tried to remove rKill)

However I got no indication that AntiVira AV kicked on.

Not sure how to proceed now.

#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:08 PM

Posted 17 February 2011 - 02:11 PM

Hello.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

~Blade


In your next reply, please include the following:
TDSSKiller Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#4 orangesock

orangesock

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 17 February 2011 - 07:18 PM

Very similar situation with my computer. Followed original instructions. However after several reboots AntiVira still present. As soon as i turn on my computer, its there. But i can easily run rkill and it disengages it. Allowing me to do everything with no problem. However the next time i turn off my comp and back on, its back. I will follow your further instructions Blade, hopefully it will help.

#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:08 PM

Posted 17 February 2011 - 07:33 PM

orangesock, please start your own topic to avoid confusion.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 orangesock

orangesock

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 17 February 2011 - 07:37 PM

Already got one, sorry about that.

#7 profWalsh

profWalsh
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:08 PM

Posted 21 February 2011 - 09:40 AM

Hello.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

~Blade


In your next reply, please include the following:
TDSSKiller Log


I will get on this as fast as I can Blade.

I know I am a little late, real life got in the way. As a note since the incident with AVG going ballistic I have had absolutely 0 problems with my computer. No AntiVira on start up. No issues opening programs. No problems what so ever. I will still run this though just to be safe.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users