Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AVASoft Professional Antivirus


  • Please log in to reply
30 replies to this topic

#1 angieInVA

angieInVA

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 22 March 2013 - 02:14 PM

somehow, someway I picked this up on a school laptop and when trying to follow the directions I found here,

 

http://www.bleepingcomputer.com/virus-removal/remove-avasoft-professional-antivirus

 

when I go into the safe mode or attempt too, I then have the network login where I usuall hit cntrl alt and delete to put in my passwrod and user id, but for whatever reason I can get it work and I know to get rid of this virus I need to do it from the safe mode......

 

any ideas??

 

thanks

 



BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:53 AM

Posted 22 March 2013 - 02:23 PM

Can you access desktop?



#3 angieInVA

angieInVA
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 22 March 2013 - 04:02 PM

yes but not in the safe mode



#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:53 AM

Posted 22 March 2013 - 04:09 PM

Can you run scans in normal mode?



#5 angieInVA

angieInVA
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 22 March 2013 - 04:14 PM

I don't think so I can't run malwarebytes in normal mode, but I did run superantispyware earlier today.



#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:53 AM

Posted 22 March 2013 - 04:17 PM

  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters


    tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now


    2012081514h0118.png

  • Click Start Scan and allow the scan process to run
  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue


    tds6.jpg
  • Click Reboot computer
  • Please post the contents of TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)in your reply
  • Due to forum upgrade you may face issues posting the TDSSkiller log.Just last few lines of log is sufficient

===================================================

RKILL
  • Please download Rkill by Grinler from one of the 4 links below (if one of them does not work try another.) and save it to your desktop:
  • Link 1
  • Link 2
  • Link 3
  • Link 4

  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • Note: You may have to run Rkill a few times before it is successful. You may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (file also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

===================================================

ESET Online Scanner

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    esetsmartinstaller_enu.png

    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.

  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button

===================================================

Junkware Removal Tool by thisisu
  • Please download Junkware Removal Tool
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply.

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • TDSSKiller log
  • RKILL log
  • ESET log
  • Junkware removal tool log

 
 



#7 angieInVA

angieInVA
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 22 March 2013 - 04:33 PM

sorry I can't run it

 

I downloaded the file you told me to download and run from another machine on to a flash and copied it to the desktop

 

I get this message when I double clicked it

 

Warning

 

Application cannot be executed.  The file tdsskiller.exe is infected.  Please activate your antivirus software.

 

also the AVA Soft appears to be running in the backgroud.

 

grrrrrr....



#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:53 AM

Posted 22 March 2013 - 04:36 PM

Can you run RKILL first and then run TDSSkiller?



#9 angieInVA

angieInVA
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 22 March 2013 - 04:38 PM

it does the same thing with RKILL, I guess thats why it was suggested to run it in the safe mode.


Edited by angieInVA, 22 March 2013 - 04:49 PM.


#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:53 AM

Posted 22 March 2013 - 04:52 PM

Do you have malwarebytes on the PC? What is your operating system?



#11 angieInVA

angieInVA
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 22 March 2013 - 04:56 PM

I had malwarebytes on a flash drive, when I tried to run it from the flash or after copying to the desktop I got the same message as above.  it's an WinXP machine



#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:53 AM

Posted 22 March 2013 - 05:02 PM

Rename mbam setup  to iexplore.exe .Insert the flash drive.Boot into safemode with command prompt.In command prompt window type

 

X:\iexplore.exe where X is flash drive letter.

 

If you do not know flash drive letter type notepad in the command window.Click on FILE-OPEN and you can see the flash drive.

 

Malwarebytes should install and let me know if you can run scans



#13 angieInVA

angieInVA
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 23 March 2013 - 01:21 AM

sorry I can't get into the safe mode, please see the attached photo.
 
the crt-alt-delete is part of the schools network.   even when using it at home I need to use my user name and password.  it doesn't connect to the schools network from the house. it's how the laptop is set up, I'm not sure if they don't want us in the safe mode or that it's the AVASoft maleware......and I won't know until Monday.  I hope that makes sense.

 

sorry I can't remember how to add a file to a post...the dialog box says,

 

welcome to windows and then has the instructions to use crt-alt-delete which brings up another dialog box for user name and password



#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:53 AM

Posted 23 March 2013 - 05:54 AM

I think you should be able to install malwarebytes by changing the setup name to iexplore.exe even  in normal mode.Just install it and update it.It may get blocked from scanning so go to

 

C:\programfiles\malwarebytes\chameleon folder

 

Run any of the executables like rundll32.exe.A black screen window should pop up killing all malicious files running the background.Malwarebytes should start running now.


Edited by narenxp, 23 March 2013 - 05:54 AM.


#15 angieInVA

angieInVA
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Local time:10:53 AM

Posted 23 March 2013 - 01:36 PM

the AVA Soft gives me this message when I attempt to intall malwarebytes....

 

warning

 

application cannot be excuted . the file ieplore.exe is infected.

 

and I did change the name to iexplore.exe


Edited by angieInVA, 23 March 2013 - 01:51 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users