Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AnVi Scareware Infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 aninkling

aninkling

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 22 April 2011 - 08:50 AM

I've encountered scareware- Research into the type shows an AnVi directory under Roaming for the affected user. Running Malwarebytes removes a number of entries (about 13). The internet connection shows a proxy server instead of "automatic detect settings," though the host file shows no changes. McAfee has been disabled. Restarting the computer in normal mode and the malware reinstalls itself and begins the process again.

I tried a restore under normal conditions and restore is blocked. I did a repair of the startup using the recovery module. I then did an independent restore module and was able to restore the computer to a time likely before the infection insertion event took place. I am currently running in safe mode- oh, the infection appears to play some games with safe mode as well.

Currently the AnVi folder exists, with a time stamp of 11/20/2010. All the files in the folder are dated 8/4/2010. Today's date is 4/22/2010. Could the infection be that old? Since it did not manifest until last week, was it on a timer?

There are instructions on the removal of this scareware on the internet; they seem incomplete. There is also a lot of false help sites! I ound nothing in bleepingcomputer. I await your instructions...

Note... I am very familiar with the protocols this site has for submitting problems. However, this is a problem that extends into the boot. I do not want to run hijackthis in normal mode until instructed to do so. Thank you.

BC AdBot (Login to Remove)

 


#2 aninkling

aninkling
  • Topic Starter

  • Members
  • 105 posts
  • OFFLINE
  •  
  • Local time:06:58 PM

Posted 22 April 2011 - 09:24 AM

I think I found the instructions: http://www.bleepingcomputer.com/virus-removal/antivirus-removal. Please confirm and we can close this topic with this pointer to the instructions. Thank you.

#3 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:06:58 PM

Posted 22 April 2011 - 03:38 PM

I think I found the instructions: http://www.bleepingcomputer.com/virus-removal/antivirus-removal. Please confirm and we can close this topic with this pointer to the instructions. Thank you.

Yeah, those instructions should work for you to clean-up this infection.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users