Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Do i still have Antivirus plus


  • Please log in to reply
5 replies to this topic

#1 xinofie

xinofie

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 01 July 2011 - 11:10 AM

I tried running rkill.exe and Malwarebytes in normal windows but it didnt work. So i ran it in safe mode and did the steps there and it found them and i hit the quarantine button. Then i started up windows in normal mode afterwards and Antivirus plus was still there. I just wanna check if i still have it. I ran rkill.exe and malwarebytes. Malwarebytes didnt seem to find anything. But i dont want to reset it and it pop up again.

BC AdBot (Login to Remove)

 


#2 xinofie

xinofie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 01 July 2011 - 12:50 PM

So i still have the Antivirus plus. What do i need to do now? becuase it seem that the steps did not work.

#3 xinofie

xinofie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 01 July 2011 - 01:40 PM

I ran hijackthis and found this

O4 - HKLM\..\Run: [nonoloz] "rundll32" "C:\Windows\system32\zubadir.dll" ,r

I cant find any information on it. Does anyone know what it is? Because i think its the antivirus plus that keeps coming back. And i dont want to delete it if its not.

#4 xinofie

xinofie
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:11:48 PM

Posted 01 July 2011 - 02:13 PM

Sorry i keep posting but. I decided to delete the

O4 - HKLM\..\Run: [nonoloz] "rundll32" "C:\Windows\system32\zubadir.dll" ,r

am happy to inform that the antivirus plus did not show up when i rebooted!

#5 Zestypanda

Zestypanda

  • Members
  • 603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny San Diego, California.
  • Local time:10:48 PM

Posted 01 July 2011 - 02:14 PM

This is all I could find of that .dll file translated page

Have a question, or just wanna chat? Send me a message. Or add me as a friend.

 


#6 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:04:48 AM

Posted 01 July 2011 - 02:21 PM

Hi xinofie,

removing that entry with HJT don't delete the file.

I suggest to you cleaning temp files with Temp File Cleaner:

  • Double click on TFC.exe to run the program
  • Click on Start button to begin cleaning process
  • TFC will close all running programs, and if ask you to restart computer allow it

then scan your pc with ESET Online Scanner following this steps:


  • Disable your Antivirus and other security software
  • Click here to open ESET Online Scanner
  • Click the Posted Image button
  • Only if you don' use Internet Explorer:
    • Click on Posted Image to download the ESET Smart Installer and Save it to your desktop
    • Double click on the esetsmartinstaller_enu icon on your desktop
  • Check Posted Image
  • Click Posted Image
  • Accept any security warnings from your browser
  • Under scan settings, check Posted Image and Uncheck Remove found threats
  • Click Advanced settings and select:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will download updates and install itself, then begin the scan. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Click Posted Image, and save the file to your desktop using a unique name, such as ESETScan
  • Click Posted Image
  • Click Posted Image
and next download Security Check, save it to your Desktop and:

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box
  • A Notepad document should open automatically called checkup.txt; save it to you desktop
Now you should to re enable the protections that you have previously disabled and i
nclude the contents of the reports in your reply.

Regards.


Edited by Clairvoyant, 01 July 2011 - 02:23 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users