Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


AV Gaurd (malware) have tried tutorial still need help!

  • This topic is locked This topic is locked
2 replies to this topic

#1 octagonproplex


  • Members
  • 38 posts
  • Local time:02:49 PM

Posted 10 October 2011 - 03:09 PM

Warning, I'm very inept with computers so please treat me like an idiot. I really need your help very badly.

So I first noticed this AV Gaurd thing a few (4 or 5) days ago when I came back to my computer and saw it there pretending to detect all these problems. Seeing as I didn't recognize the program I immediately figured it was bogus and clicked off of it. I then thought I perhaps dodged a bullet as I saw no sign of it the day after. However Java kept wanting to automatically update and I was afraid maybe that had something to do with that bogus AV Gaurd thing so I kept declining to update for a couple of days.

Then yesterday (sunday 10-09-11) all hell kind of broke lose and AV Guard made its presence known with a bunch of bogus pop-ups that were difficult to get off of. So I looked up how to fix it and downloaded and ran Malwarebytes. When first attempting a scan with Malwarebytes, AV Guard started pretending it was trying to protect the computer by shuting windows down but then the bogus screen disappeared and malwarbytes was still sitting right there on windows performing a scan.

Malwarebytes discovered 15 items in the quick scan and said to have resolved them after a reboot. After rebooting I ran it again and it discovered 6 more but didn't require a reboot to resolve. Then again and again and it just keeps coming up with the same 6 things. One file and five generation keys (or whatever they're called).

Then I did something I'm sure I shouldn't have; I deleted the stuff that Malwarbytes was quarentining. I didn't recognize them and thought maybe they were the cause of the six things that kept coming up upon every quick scan. It didn't help.

Then I tried doing the complete tutorial on here. I went into safe-mode with networking, made sure the proxy connection box was unchecked in the internet options, and proceeded to try and run the renamed TDSS Killer (I renemed it 123.com as suggested) -

The TDSS Killer said something to the effect that there was an error and that it couldn't find a driver, but then it loaded and did a very quick scan (30 seconds or so) before showing no results. -

Then I ran the RKill. Which I guess worked. Although I'm not really sure what if even does.

Then Malwarebytes (full scan). Which after some time, again came up with the same six issues to resolve. Immediately after that, I ran a quick scan with Malwarbytes once again and sure enough, almost immediately, those six thing still show up in need of being resolved. So again I click resolve, it says it's been resolved and then upon another quick scan those six things continue to appear.

After this headache I just turned off the computer for the night (last night, Sunday).

Today I turned on the computer in safe-mode with networking and noticed that my Microsoft Essentials Security isn't running and can't be turned back on (at least not in safe-mode), the same also for computer Audio Service (both of which appear in the right hand corner tray with the clock and whatnot).

I then went online to continue serching for solutions about AV Gaurd where at either here at "bleepingcomputers" or at "ihowtoremove.com" a phone number for Super PC Support (www.superpcsupport.com - 800-290-4109) was provided. I called thinking they might give me some free help as I currently have no job, credit card or any money to speak of. The Super PC Support technician then wanted remote access to my computer to diagnose it. I gave it to him and then he just tried to sell me a subscription to their service. I declined. I really hope those guys were legit and didn't furthure plant some junk on my computer when I allowed them romote access (I told you I was an idiot). However seeing as you guys aren't trying to sell anything if you wanted to do that I would allow it.

I noticed there is a thing called "combofix" that could be helpfull, but that it needs to be used under supervision of someone who knows what there doing so I didn't try anything with that.

Is there a way to fix this whole problem by doing a System Restore Point think?

Anyway, tell me what to do and I'll gladly do it. As of right now, in safe-mode, my Microsft Essential Security wont run, neither will my computer's Audio Service and again I don't think TDSS Killer worked correctly and Malwarebytes continuosly finds six items to remove.

Help me please, thanks.

Edited by octagonproplex, 10 October 2011 - 03:20 PM.

BC AdBot (Login to Remove)


#2 Broni


    The Coolest BC Computer

  • BC Advisor
  • 42,769 posts
  • Gender:Male
  • Location:Daly City, CA
  • Local time:02:49 PM

Posted 10 October 2011 - 05:02 PM

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

My help doesn't cost a penny, but if you'd like to consider a donation, click DONATE


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator

  • Moderator
  • 37,106 posts
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:49 PM

Posted 13 October 2011 - 02:11 PM


Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic422892.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users