Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Deleting AV folder


  • Please log in to reply
24 replies to this topic

#1 Brian67

Brian67

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 09 May 2015 - 10:07 AM

Hopefully somebody can help me with this problem. OS is Toshiba L50-B Satellite 8.1, bought about a month ago.

Unfortunately at the time I chose to install 360 Safe AV Free and as I started to have some hiccups with it, decided to uninstall it.

Attempted to uninstall from Control Panel>Add/Remove Programs with no success, so I installed Revo Uninstaller program and it seemed to do the trick. However, upon checking I saw there was still a 360 Safe file in the Registry and the application folder in Program Files had not been deleted. I tried to delete the folder but error message said that I required Administrators Permission, as the sole user of this laptop I am the Administrator but when I click the folder's Properties Box>Security tab I see that my name is not listed as 'Administrator' and I just cannot work out how to effect this change!

There's approximately 1,200 files in this folder and I want to get them off my laptop as quick as possible, incidentally, I'm still getting pop-ups for 360 Safe updates.

It would seem that Qihoo 360 Safe do not have an Uninstall Removal Tool and I have emailed their support re this problem but as yet no reply.

My computing skills are fairly basic so I would indeed be extremely grateful for any help at all, especially with how to effect the Permissions change.

 

Brian67


Edited by hamluis, 09 May 2015 - 11:15 AM.
Moved from Win 8 to AV/AM Software - Hamluis.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 09 May 2015 - 10:59 AM

Hi Brian67 :)

Once solution could be to reinstall Qihoo 360, and then uninstall it again and make sure that it uninstall properly. Another solution would be to use the Take Ownership Registry tweak, to take ownership of that folder and then delete it.

http://www.howtogeek.com/howto/windows-vista/add-take-ownership-to-explorer-right-click-menu-in-vista/

However, before you do, I would like to see if Qihoo's still installed on your system, but tagged as a "hidden" program.

3Al62Pm.pngMiniToolBox
  • Download MiniToolBox and move the executable file to your Desktop;
  • Execute MiniToolBox and check the following options:
    • List Installed Programs;
    • List Last 10 Event Viewer Errors;
      Yjt97o0.png
  • Once this is done, click on Go and wait for the scan to complete;
  • Once the scan is complete, a log will open. Please copy/paste the content of the output log in your next reply;

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:59 PM

Posted 09 May 2015 - 12:54 PM

This is a Vundo Trojan.
 
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-360
 
Please run Malwarebytes AntiMalware

Please download Malwarebytes Anti-Malware. After clicking on the link the download will start automatically.

1) Double-click on mbam-setup.exe, then click on Run to install the application, follow the prompts through the installation.

2) Malwarebytes will automatically open. If this is the first time you have run this version of Malwarbytes you will see an image like the one below.

mbam1_zps95cc812c.png

==========

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to have the time to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

  • Click on this link to open ESET OnlineScan in a new window.
  • The ESET Online Scanner page will open, click on Yes, I agree to the trems of use, then click on Start, the scan will now begine.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Edited by dc3, 09 May 2015 - 12:55 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:59 PM

Posted 09 May 2015 - 12:55 PM

I would reinstall, then uninstall.

Sometimes the uninstall works more effectively if you first stop and disable the program's service (and associated processes) or perform the removal in safe mode so there are less processes which can interfere with the uninstallation.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:59 PM

Posted 09 May 2015 - 01:03 PM

Dan, that removal guide is for an older rogue software application with a similar name. In this case, the OP indicated they have Qihoo 360, a Chinese-based provider of free security and Anti-virus software (360 Total Security, 360 Internet Security, 360 Browser, 360 Security, 360 Mobile Safe, 360 Vault, etc).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:59 PM

Posted 09 May 2015 - 01:12 PM

Thank you quietman7.  I had wondered about that since I found information linking the two, but found information about Qihoo 360 but did not include information about the rogue software.


Edited by dc3, 09 May 2015 - 01:12 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:59 PM

Posted 09 May 2015 - 01:18 PM

No problem...IMO Qihoo 360 is a dubious program anyway.

AV Comparatives, AV TEST and Virus Bulletin make allegations of inappropriate behavior by Qihoo 360
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Brian67

Brian67
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:59 AM

Posted 09 May 2015 - 04:52 PM

Many thanks Guys for your advice, very much appreciated. As I stated in my opening post my pc skills are fairly basic. However, I can confirm that 360 Safe processes are running in Taskmgr and it is running in services.msc.

 

My inclination is to take your advice Aura and quietman7 by installing and uninstalling again but I am very apprehensive as I don't want to end up with somewhere around 4,000 files that I cannot get rid of! If I did go ahead with a reinstall/uninstall and were the program successfully removed, is it likely that the 360 Safe files at present on my laptop would also be removed? 

 

Ideally, I wanted to delete the Program Folder via Propertys>Security tab but couldn't work out whether I needed to 'take ownership' or 'change permissions' and couldn't get any further down this avenue.

 

Once again, many thanks for help and advice.

 

Brian67



#9 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 09 May 2015 - 04:59 PM

If you want, you could reinstall it, and then use the portable version of Revo Uninstaller to uninstall it. Simply set the scan type to Advanced and then delete everything in the Registry, and every files and folders related to it after.

http://www.revouninstaller.com/download-free-portable.php

If I did go ahead with a reinstall/uninstall and were the program successfully removed, is it likely that the 360 Safe files at present on my laptop would also be removed?


Yes. If the uninstallation was successful, these files would have been removed.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:59 PM

Posted 09 May 2015 - 06:31 PM

In some cases even after uninstalling properly an anti-virus can leave files behind. Usually when that occurs you can manually delete them.

Anyway, I would do the uninstall in safe mode.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 09 May 2015 - 06:34 PM

The uninstallation might not work in Safe Mode if Qihoo's uninstaller works with the Windows MSI. If it does, it'll throw you an error message saying that you cannot uninstall the program since the service isn't running and you cannot enable it in Safe Mode. So you would have to go back in normal boot. All this to say that if it doesn't work in Safe Mode, that its normal and uninstalling it while in a normal boot will work.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:59 PM

Posted 09 May 2015 - 06:40 PM

Then he needs to stop and disable the program's service (and associated processes in Task Manager).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,596 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:59 PM

Posted 09 May 2015 - 06:43 PM

I agree. Configuring a clean boot could help with that since third-party services and programs like the ones associated with Qihoo 360 won't be launched on boot.

https://support.microsoft.com/en-us/kb/929135

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,271 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:59 PM

Posted 09 May 2015 - 06:44 PM

Just another reason to stay away from this vendor's software.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:06:59 PM

Posted 09 May 2015 - 07:51 PM

These are instructions for a Clean Boot, they may be easier to follow than those at Microsoft.
 
***This is a diagnotic tool for Windows Vista, Windows 7, and Windows 8.  This will not repair your computer, but it may point to where the problem lies so that a repair can be made.***
 
Warning:  Disabling items in Services or Startup may leave your anitivius disabled until the process is ended.  For this reason I would suggest that you perform this process off line.
 
Part A
 
(1)  Click on the Start orb, then type msconfig.exe in the Search programs and files box.  
 
(2)  When msconfig is seen in the pane above the search box and under Programs, right click on it, then click on Run as administrator.
 
afterstart_zps02764513.jpg
 
If you are prompted for an administrator password or for confirmation, you should enter the password or provide confirmation. 
 
Part B
 
(1)  Click on the General tab.   
 
(2)  Click the Selective startup option. 
 
(3)  Remove the check mark in the Load startup items  check box. 
 
msconfig_zps77b1ef82.png
 
Part C
 
(1)  Click on the Services tab. 
 
(2)  Place a check mark in the Hide all Microsoft services check box, this will remove the Microsoft Services from the list but will still be running. 
 
(3)  Click Disable all, this will remove all of the check marks in the Services list, then click on Apply, then OK.  Click on Restart in the window that opens.
 
Caution:  I repeat, by disabling the Services your antivirus will not be active, for this reason I suggest that this process not be run while online.
 
msconfig2_zpsef3c4759.png
 
(4)  If the problem does not reoccur after the reboot this means that there is a Service which is causing this proble, continue with the process of elemination to find the Service which is causing this in Option A.  If the problem does reoccur after the reboot go to Option B.
 
Option A
 
**The following is a process of elimination to find the Service or Startup item that is causing your problem**.  
 
*  If the problem does not reoccur after the restart go back to Services and place check marks in half of the boxes and restart the computer.  
 
*  If the problem still does not continue return to Services and remove the check marks that were added, then place check marks in the remaining half of the boxes and restart the computer.
 
If the problem resumes after a restart in one of these halves, you will procede with this process in the half where the problem occurs.  If this does not continue in either half you should repeat this process in Sartup
 
*  In the half of the Services that the problem is found, remove one check mark at a time and restart the computer to see if that  is the Service causing the problem.  Continue to do this with the Services untill the service causing this problem is  found.
 
Option B
 
Search Startup itmes If the problem is not found in Services, remove all of the check marks, click on the Startup tab and repeat the search process there.
 
Caution:  If this is a laptop, make sure, you do NOT disable any keyboard, or touchpad entries.
 
If this problem is found post the Service or Startup item that is causing it. 
 
 
When you are finished using the Clean Boot go back to System Configuration and click on the General, then click on Normal Startup, click on OK, then restart your computer.

Edited by dc3, 09 May 2015 - 07:52 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users