Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Removing Antivirus 360


  • Please log in to reply
25 replies to this topic

#1 tomunc

tomunc

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 06 February 2015 - 02:36 AM

Hello,

 

 

I read through the one suggestion regarding the removal of Antivirus 360 on my wife's computer, using Malwarebytes, and I tried it + paid for the Premium version, and both failed to recognize the 360. I actually think that this virus is written well enough to sense the scan and hide from it.

 

Are there any more suggestions, perhaps from someone that has successfully removed it?

 

TIA,

 

tomunc



BC AdBot (Login to Remove)

 


#2 masterthemachines

masterthemachines

  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunnyvale, California
  • Local time:04:40 PM

Posted 06 February 2015 - 07:06 AM

Hello there,

 

Have you tried the more traditional way of uninstalling software through add/remove programs in Windows? 



#3 tomunc

tomunc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 06 February 2015 - 09:01 AM

Yes, thanks for responding. I have tried both that and trying to change the startup in msconfig.exe, and in both cases a complete failure. In msconfig.exe, as soon as you uncheck it and hit apply, the check mark reappears. This is ONE NASTY bugger.

 

BTW, will either Malwarebytes or Superantispyware work in Safe Mode? Perhaps that might work, and I'll try it when my wife gets home. Also, I'll try to disguise it by changing its name to a friendly name as well. Other than that I can't think of anything short of replacement...an option I would prefer to avoid.

 

Also, BTW, I see that this has been removed to a different Forum. I apologize to the moderators for my ignorance. I had thought to post it to the Forum of my OS, thinking that the methodology of removal could be different relative to which OS one had. I will try to be more conscious in the future.

 

"stoopid newbies"! :-)


Edited by tomunc, 06 February 2015 - 09:15 AM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 06 February 2015 - 11:43 AM

Hi tomunc :)

I feel like there's a bit of confusion here, are you referring to the Antivirus 360 rogueware below:

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-360

Or are you referring to Qihoo 360 Antivirus, which is a legitimate Antivirus product:

http://www.360safe.com/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 tomunc

tomunc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 06 February 2015 - 10:20 PM

I believe that my wife got it as a tag-along when she installed one of those Chinese chat apps like QQ, or perhaps one of their movie apps. I do know that she did not intentionally install it. I have been running Kaspersky on her machine for about 8 years now and this is the 1st one that slipped through. I also believe that it is the rogue one as no conventional methods of uninstalling it - or eliminating it from starting-up upon booting are successful. 



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 06 February 2015 - 10:21 PM

Is it possible for you to give us a screenshot of the program? This way we can see what we are facing exactly?

How to take a screenshot using the Snipping Tool
Follow the instructions below to take a screenshot using Windows' Snipping Tool:
  • Press on the Win Key + R to open the Run box;
  • Enter SnippingTool and press on Enter;
  • The Snipping Tool will open, asking you to choose the area to take in the screenshot;
  • Left click on the area where you want to start the screenshot, keep it, and drag the cursor across the screen;
  • Once done, release the left button to take the screenshot;
  • In the editing window, click on the File menu then Save As;
  • Save the screenshot in a folder that you can access easily;
  • Once done, attach that screenshot to your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 tomunc

tomunc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 06 February 2015 - 11:36 PM

Aura,

 

I will do it tomorrow. My wife is still busy.

 

I'll save the screen shot to a flash drive and post it. I am using MY computer to post here.

 

Oh, BTW, I left a flash drive in  her computer as I ran Malwarebytes and it fried the flash.

 

Thanks,

 

tomunc


Edited by tomunc, 06 February 2015 - 11:45 PM.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 07 February 2015 - 10:14 AM

In your next reply, if you could include the Malwarebytes log on top of the screenshot of the malicious program, it would help :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 tomunc

tomunc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 07 February 2015 - 11:24 AM

Very good...thank you. The wife is going away with our neighbors for the weekend in about 1/2 hour. This will then give me time to work on her system and reporrt back to you.

 

I appreciate any help you are/will be giving.

 

tomunc



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 07 February 2015 - 08:15 PM

Hi tom, did you get anything new for us? :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 tomunc

tomunc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 07 February 2015 - 08:25 PM

Aura,

 

Let's see if this helps. I can't see how to add the SNIPPING.png's. As for Malaware, I even tried running the .exe as a changed name. Didn't matter. This thing "knows" Malaware is running. It also will not allow me to install Kaspersky KIS-'15.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 2015/2/7
Scan Time: 19:35:12
Logfile: Mal.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.02.07.10
Rootkit Database: v2015.02.03.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Amy
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322420
Time Elapsed: 25 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 5
PUP.Optional.Ask.A, HKLM\SOFTWARE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}, , [e929d842a2e880b66586be415da5db25], 
PUP.Optional.Ask.A, HKLM\SOFTWARE\CLASSES\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}\INPROCSERVER32, , [e929d842a2e880b66586be415da5db25], 
PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, , [e929d842a2e880b66586be415da5db25], 
PUP.Optional.Ask.A, HKU\S-1-5-21-1040185525-2166472748-3994652557-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, , [e929d842a2e880b66586be415da5db25], 
PUP.Optional.Ask.A, HKU\S-1-5-21-1040185525-2166472748-3994652557-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, , [e929d842a2e880b66586be415da5db25], 
 
Registry Values: 4
PUP.Optional.Ask.A, HKU\S-1-5-21-1040185525-2166472748-3994652557-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{4F524A2D-5350-4500-76A7-7A786E7484D7}, ?¡§-?????????¨º????o???¨ª??, , [e929d842a2e880b66586be415da5db25]
PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4F524A2D-5350-4500-76A7-7A786E7484D7}, 0, , [e929d842a2e880b66586be415da5db25]
PUP.Optional.Ask.A, HKU\S-1-5-21-1040185525-2166472748-3994652557-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{4F524A2D-5350-4500-76A7-7A786E7484D7}, , [e32f44d61674fc3a20cba25dc53d3ec2], 
PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{4F524A2D-5350-4500-76A7-7A786E7484D7}, , [8c865bbfe2a838fea645fd02e220c53b], 
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.Ask.A, C:\Program Files\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll, , [e929d842a2e880b66586be415da5db25], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Edited by tomunc, 07 February 2015 - 08:31 PM.


#12 tomunc

tomunc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 07 February 2015 - 08:33 PM

Aura, BTW this is the Premium version I ran of Malwarebytes.

 

Tomorrow I can try SuperAntispyware, I guess.

 

Oh, I also tried Avenger. 360 wouldn't let it run to the reboot phase.


Edited by tomunc, 07 February 2015 - 08:47 PM.


#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 07 February 2015 - 08:48 PM

You can upload the screenshot on Imgur for me to see it:

https://imgur.com/

Also, it looks like you had Ask Toolbar installed, which isn't that bad. However, I would like to get a list of the installed programs as well.

3Al62Pm.pngList Installed Programs
  • Download MiniToolBox and move it to your Desktop;
  • Execute it by double-clicking on it;
  • Check the "List Installed Programs" checkbox;
    dE2KOUZ.png
  • Click on the Go button;
  • Once the scan is complete, a log will open.
    wRKHMXW.png
  • Copy/paste (select the Notepad, press Ctrl + A then Ctrl + C to copy, and Ctrl + V to paste) the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 tomunc

tomunc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:40 PM

Posted 07 February 2015 - 09:01 PM

1SbvuCW.png

 

 

 

Qik5JMb.png

 

 

Sorry that my wife isn't home to interpret the Chinese for me. I understand a lot of the Pinyin, but I can't read the Hanyu.


Edited by tomunc, 07 February 2015 - 09:03 PM.


#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,594 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:07:40 PM

Posted 07 February 2015 - 09:03 PM

Alright, can you give me the list of installed programs like I asked in the last post please.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users