Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

is vista antivirus 2012 fully removed?


  • Please log in to reply
6 replies to this topic

#1 bitesized1612

bitesized1612

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:11:48 AM

Posted 25 December 2011 - 10:57 PM

Recently had a desktop running Vista Home Premium 32bit come down with some rouge antispyware called Vista Antivirus 2012. Followed the spyware removal guide for it (over here), deleted like one registry entry (going in the registry makes me really nervous) but I want to be sure that it's completely gone. Any advice?

Edited by bitesized1612, 25 December 2011 - 10:57 PM.


Windows 7 Professional SP1 (64-bit) // HP EliteBook 8460p = 2.50GHz + 8GB RAM 

 

AVAST! - Google Chrome & Mozilla Firefox - LibreOffice - Rainmeter

 

Currently Testing: Linux Mint 17.3 XFCE on a Dell Inspiron 531 (2.1Ghz +3GB RAM)

Status: steady with some minor issues


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:48 PM

Posted 26 December 2011 - 12:18 AM

There are no guarantees or shortcuts when it comes to malware removal. The severity of infection will vary from system to system, some causing more damage than others. The longer malware remains on a computer, the more opportunity it has to download additional malicious files which can worsen the infection so each case should be treated on an individual basis.

In any case, we can only go by what the scan logs show (what was detected/removed) and your description of whatever signs or symptoms of infection you are experiencing.

You can try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
  • If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
  • Vista/Windows 7 users need to run Internet Explorer/Firefox as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green Posted Image button.
  • Read the End User License Agreement and check the box:
  • Check Posted Image.
  • Click the Posted Image button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check Posted Image and make sure that the option Remove found threats is NOT checked.
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop as ESETScan.txt.
  • Push the Posted Image button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 bitesized1612

bitesized1612
  • Topic Starter

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:11:48 AM

Posted 26 December 2011 - 01:37 AM

Here's the log:

C:\Users\wilbert\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\2aadf8d3-164faa49 Java/Exploit.CVE-2011-3544.L trojan
C:\Users\wilbert\Desktop\cnet_7-ZipPortable_9_20_Rev_2_paf_exe.exe&isDlm=1 a variant of Win32/InstallCore.D application
C:\Users\wilbert\Desktop\InternationalPrimoPDF.exe Win32/OpenCandy application
C:\Users\wilbert\Downloads\winzip160 (1).exe Win32/OpenCandy application
C:\Users\wilbert\Downloads\winzip160.exe Win32/OpenCandy application


I'm going to bed right now, so I'll login on this computer later in the afternoon. Thanks for your help! :)


Windows 7 Professional SP1 (64-bit) // HP EliteBook 8460p = 2.50GHz + 8GB RAM 

 

AVAST! - Google Chrome & Mozilla Firefox - LibreOffice - Rainmeter

 

Currently Testing: Linux Mint 17.3 XFCE on a Dell Inspiron 531 (2.1Ghz +3GB RAM)

Status: steady with some minor issues


#4 NoahB

NoahB

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:48 AM

Posted 26 December 2011 - 02:47 AM

I had the same Malware infection (Vista Security 2012). I am running Vista 32 bit. I used Malwarebytes to remove it and only could execute it by running as admin. It removed the Malware issue but now cannot open any program on my computer without a prompt saying "choose the program in which you want to open this program with". Malwarebytes quarantined 2 files, 1 registry data and 1 registry value.

Are my registry values now corrupted and/or missing? I also noticed that my sidebar no longer loads upon boot up and also a few taskbar items are missing as if it's in selective start-up. I also did a full Mcafee scan after the malware was removed and reported no issues. I can however open any program but only right clicking as an administrator.

I wasn't sure whether to start a separate thread for the same issue so apologies if that is the case. Thanks for any help.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:48 PM

Posted 26 December 2011 - 09:06 AM

Rerun Eset Online Anti-virus Scanner again, but this time under scan settings, be sure to check the option to Remove found threats. Save the log as before and copy and paste the contents in your next reply.

Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure.

Your log shows detections related to OpenCandy.

OpenCandy is an advertising application distributed by the OpenCandy Software Network which displays ads in other programs. The use of advertisement is a way to promote software packages and recover development costs. OpenCandy is not installed on a computer, does not collect personally identifiable information and in most cases allows the user to choose whether or not to install advertised software recommended by the vendor. Although no personal information is collected, the software does collect anonymous statistics about events and other data during installation. See What information does OpenCandy collect?

This is what OpenCandy has to say about their product.

OpenCandy provides a plug-in that developers include in their software to earn money by showing recommendations for other software in their installers. Developers use this money to keep their software free and invest in further software development. The installer uses the OpenCandy plug-in to present a software recommendation...during installation. You have complete control to accept the software recommendation by selecting either the “Install” or “Do not install” options on the software recommendation screen.

What is OpenCandy?

The OpenCanday network has partnered with various popular and trusted software developers who bundle their product as part of the program's software installation package. A list of such developers can be found here. Some vendors will clearly advise the use of OpenCandy before downloading their software, while others may provide confusing or no information at all. An example would be SIW (System Information for Windows) which clearly indicates on their website the use of OpenCandy.

What is OpenCandy?
OpenCandy is similar to Google AdSense, except it displays advertisements in installation program instead of websites. These advertisements promote another software packages. The advertisements are selected by providers of software being installed. When user installing a software (SIW) chooses to install promoted package, revenue is generated and shared between OpenCandy and software providers (SIW developers).

SIW Home Edition is bundled with OpenCandy

OpenCandy is not a virus or malware. However, since it is responsible for displaying advertisements, it may be detected (and sometimes removed) by various anti-virus and other security scanning tools as Adware, a classification that broadly defines the term as any software package which automatically displays advertisements in any form in order to generate revenue. For example, the Microsoft Malware Protection Center (MMPC) detects the program as Adware:Win32/OpenCandy, a low level threat and so does McAfee.

In response to this detection, OpenCandy has provided the following information:Of course OpenCandy is in business to make money so they are going to defend their product and portray it in a positive light. For another opinion, you may want to read: OpenCandy: A New Kind of Adware/Spyware.

IMO, removal of OpenCandy detections is an optional choice. I have provided the information so you can make an informed decision as whether to remove it or not.


I had the same Malware infection (Vista Security 2012)....I wasn't sure whether to start a separate thread for the same issue so apologies if that is the case.

Yes, if you have an issue or problem you would like to discuss, please start your own topic. Doing that will help to avoid the confusion that often occurs when trying to help two or more members at the same time in the same thread. Even if your problem is similar to the original poster's problem, the solution could be different based on the kind of hardware, software, system requirements, etc. you are using and the presence of other malware. Further, posting for assistance in someone else's topic is not considered proper forum etiquette.

Thanks for your cooperation.
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 bitesized1612

bitesized1612
  • Topic Starter

  • Members
  • 161 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:11:48 AM

Posted 26 December 2011 - 02:37 PM

It's not my computer and I don't know all of the programs that are on it so I'll leave that to the discretion of the regular users. It's the machine my father uses to test virtual machine software and my mother uses to check emails. As long as it's not actively harming the system, it's fine where it is. I've added an extra layer of protection to the system via freeware so it should be fine for now. Thanks!


Windows 7 Professional SP1 (64-bit) // HP EliteBook 8460p = 2.50GHz + 8GB RAM 

 

AVAST! - Google Chrome & Mozilla Firefox - LibreOffice - Rainmeter

 

Currently Testing: Linux Mint 17.3 XFCE on a Dell Inspiron 531 (2.1Ghz +3GB RAM)

Status: steady with some minor issues


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:48 PM

Posted 26 December 2011 - 03:50 PM

You're welcome.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Posted Image > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Posted Image > Run... and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users