1. Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

HELP! Anti-Virus 2010 Virus

Discussion in 'Networking & Security' started by TheMailMan78, Sep 4, 2009.

  1. TheMailMan78

    TheMailMan78 Big Member

    Joined:
    Jun 3, 2007
    Messages:
    21,848 (6.29/day)
    Thanks Received:
    8,491
    Well a buddy of mine works in my companies IT department and got a laptop in today with an epic virus. I've personally never seen one like this. The user downloaded "Anti-Virus 2010" thinking it was an anti-virus but its in fact a virus.

    Malware, Onecare, Spybot have not only been unsuccessful but were in fact deleted from the OS the second they were launched by the virus. Its also deleted all past restore points. Does anyone have ANY idea how to beat this thing without doing a clean install?
     
  2. choppy

    choppy

    Joined:
    Jul 18, 2007
    Messages:
    1,173 (0.34/day)
    Thanks Received:
    150
    Location:
    UK
    i had a virus that wouldnt let me run malwarebytes or spybot - the trick is to rename the files and they will launch.
    the most powerful cure i know of is called Combofix - where spybot and the rest fail, combofix does the job.
     
  3. Steevo

    Steevo

    Joined:
    Nov 4, 2005
    Messages:
    9,395 (2.32/day)
    Thanks Received:
    1,899
    Boot to a linux distro live on CD, delete the files and the backups of them, and then disconnect from the network and finish the cleanup in windows.
     
    10 Year Member at TPU 10 Million points folded for TPU
  4. Sir_Real

    Sir_Real New Member

    Joined:
    Feb 24, 2009
    Messages:
    706 (0.25/day)
    Thanks Received:
    94
    Location:
    Lincoln England
    Some viruses cannot be totally removed. They get so deep into system & registy files that you could use every antivirus or malware cleaner on the market & you'll still have system file damage & strings left.

    Sometimes a format & reinstall of windows is the only way. Then make sure it dont infected again.
     
  5. mcloughj

    Joined:
    Oct 27, 2005
    Messages:
    314 (0.08/day)
    Thanks Received:
    69
    Location:
    Dublin, Ireland
    Go into safe mode and try to install Spybot. Make sure you have the update for it available on flash drive or similar. If you get it setup and it runs in safemode then run the scan.

    If you can't run the scan in safe mode then run msconfig and disable all the startup items and non microsoft services then re boot as normal. Run scan and you should be in the clear.

    This is the third instance of win anti virus I've come across this week. Looks like they are pushing extra hard to make people's lives miserable. The bastards.
     
    Last edited: Sep 4, 2009
    10 Year Member at TPU
  6. 95Viper

    95Viper

    Joined:
    Oct 12, 2008
    Messages:
    5,524 (1.86/day)
    Thanks Received:
    2,526
    Location:
    στο άλφα έως ωμέγα
  7. kenkickr

    kenkickr

    Joined:
    Dec 5, 2007
    Messages:
    5,002 (1.52/day)
    Thanks Received:
    1,737
    I would try disabling System restore then install Avast in Safe Mode and then running a Boot-Time scan.
     
    Crunching for Team TPU
  8. Solaris17

    Solaris17 Creator Solaris Utility DVD

    Joined:
    Aug 16, 2005
    Messages:
    18,586 (4.50/day)
    Thanks Received:
    5,064
    Location:
    Florida
    i use to have to fix this in GS

    boot the system in safe mod.

    delete everything in the temp/prefetch folders.

    do a disk cleanup.

    install avast and schedule a boot time virus scan.

    tell it to delete everything it finds.

    then run malwarebytes

    and a reg cleaner.
     
    fullinfusion says thanks.
    10 Year Member at TPU
  9. mrhuggles

    mrhuggles

    Joined:
    Oct 10, 2007
    Messages:
    1,540 (0.46/day)
    Thanks Received:
    174
    or you could use my policy, do a fresh format/install and then pretend you didn't, that way you can feel good about yourself and not have to work so hard :)

    can always image the drive in case any important files need to be recovered later

    EDIT: i don't mean lieing to clients i just mean to yourself is all :p
     
    Last edited: Sep 4, 2009
  10. Metropolis

    Metropolis New Member

    Joined:
    Jan 9, 2009
    Messages:
    46 (0.02/day)
    Thanks Received:
    5
    Just wipe it, backup the stuff thats needed and that format because you will get left overs in the system, any reason why your saying you cant clean install?
     
  11. JATownes

    JATownes

    Joined:
    Nov 9, 2008
    Messages:
    2,070 (0.70/day)
    Thanks Received:
    791
    Location:
    Texas
    I had a client get this...believe it or not Windows Defender found and removed it when nothing else would...I was shocked!!!
     
  12. Morrison5891

    Morrison5891

    Joined:
    Mar 13, 2009
    Messages:
    809 (0.29/day)
    Thanks Received:
    92
    Location:
    Bannock County
    You can run this tool: http://siri.geekstogo.com/SmitfraudFix.php

    Which will remove it. But its also a good idea to run this as well: http://www.combofix.org/

    After you run both of these utilities, run super anti spyware

    I've removed anti-virus 2010 from a few PCs with both of these utils. They do work.

    Smitfraudfix is a great program that i've been using for a few years to remove hijackers.
     
  13. kenkickr

    kenkickr

    Joined:
    Dec 5, 2007
    Messages:
    5,002 (1.52/day)
    Thanks Received:
    1,737
    If Windows Defender can find it then way not just go here and run the complete scan. The downer is it requires IE but much more detailed than Win Defender.
     
    Crunching for Team TPU
  14. osirus99

    osirus99 New Member

    Joined:
    Sep 5, 2009
    Messages:
    11 (0.00/day)
    Thanks Received:
    0
    Ok...

    Let me guess. BraviaX was the initial trojan loader and you got it from a banner ad? Am I close? We've had several boxes recently infected and this is how we removed it. Malwarebytes won't get rid of it but it kills the portion that will prevent you from running other proggies like SUPERANTISPYWARE.

    We were finally able to get Malwarebytes to work on all the machines with a little bit of effort...let it find and clean as much as it can. Once finished DO NOT REBOOT (and just kill all the mini-pops you see with task mgr). Then install and run SuperAntiSpyware and clean the system with that. Finally let it reboot and run it one last time. Your bug should be gone. We've successfully removed it from several machines with this.
     

Currently Active Users Viewing This Thread: 1 (0 members and 1 guest)