Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need some help with Vista Antivirus 2012 Removal


  • Please log in to reply
3 replies to this topic

#1 BlankTim

BlankTim

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 12 December 2011 - 05:49 PM

My Roomies computer is infected with this nightmare, and who knows what else.
I tried to follow the instructions at http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012 but nothing is working.
I can't make a backup, I can't run HijackThis!, I can't do anything with the machine. Every time I try, Vista Antivirus 2012 throws up a popup window, and halts the process I tried to run.

So, where do I start?

Thanks :)

EDIT: I guess it might be helpful to know the machine is running Vista Home SP2

Edited by hamluis, 12 December 2011 - 06:00 PM.
Moved from Vista to Am I Infected.


BC AdBot (Login to Remove)

 


#2 BlankTim

BlankTim
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 12 December 2011 - 07:00 PM

UPDATE:
Okay, I managed to get FixNCR.regto run. I had to close out all the windows that were opened by Vista AV 2012.
Once that was done, I was able to run RKill, and install MBAM. So, I'm making progress!

UPDATE:I think I've managed to get rid of the Vista Antivirus 2012 infection, but this machine is a mess. I've discovered that it's infected with something that causes the browsers to redirect to 63.209.69.107 So, I'm working on that now.

UPDATE: Still infected. I thought I had managed to get rid of the Vista AV 2012 stuff, but it has returned as "Security Defender".
ESET has found
C:\Users\Owner\AppData\Local\Temp\Low\jar_cache43050.tmp multiple threats deleted - quarantined
C:\Users\Owner\AppData\Local\Temp\Low\jar_cache43051.tmp a variant of Java/Agent.DT trojan cleaned by deleting - quarantined
C:\Windows\system64\consrv.dll Win64/Sirefef.E trojan cleaned by deleting - quarantined
Operating memory a variant of Win32/Sirefef.DN trojan

I'd prefer to avoid doing a complete restore on this machine, but I think I may have to.

Edited by BlankTim, 13 December 2011 - 10:54 AM.


#3 Taco John

Taco John

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 14 December 2011 - 01:23 AM

I had the same thing you had, and ended up doing a complete restore. Within 12 hours, Vista AV 2012 was back on my machine. I ended up running ComboFix. It said that I had something called Rootkit.Zero.Access which had inserted itselt in the tcp/ip stack, and that it was a particularly difficult infection. It seemed to clear up, but then 3 days later, I started noticing some weird things happening again. I just re-ran combofix, and it found the same infection again, and just cleaned it up. That's why I'm back here.

Good luck to you.

#4 BlankTim

BlankTim
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:44 AM

Posted 14 December 2011 - 04:13 PM

Yup. Had to reformat & reinstall. Everything looks good so far, but we'll see what happens I guess.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users