Classicamiga Forum Retro Edition
1 2
Thread: Virus issues.
Stephen Coates 16:30 10th October 2010
Has anyone here had any issues with a 'virus' called 'Antivirus 2010'?

My Dad's computer seems to have this. It was causing the requester shown in the screenshot. Of course, it was 'imideatly' obvious to me that it was not caused by Windows or the McAffee antivirus which came with the computer back in 2005.

secalert.jpg

I uninstalled it using the 'Add/remove' programmes control panel, but I'm not sure if that got rid of it. When using the old version of Firefox 1.x which I installed years ago, some links on the Google search page went to other pages, and the system doesn't log off/shutdown (or at least, it doesn't for me). These issues could be caused by other things though.

I also removed the old McAffee and installed Avast, but Avast refuses to do anything, as shown in the screenshot. Not sure why.

avast2.jpg

Just wondering if anyone had any ideas. Next time I go I will run Malwarebytes and see if that does anything.

This was slightly concerning as my Dad almost lost several thousand pounds through online banking fraud. Fortunately he checked the account on the date the transaction was made and canceled it, so he didn't loose anything.
[Reply]
Bloodwych 21:44 10th October 2010
Hi Stepahn - I know this horrible pest well!

This virus has been around for quite a while (about a year) in different names, infection paths and slightly different signatures, to keep ahead of virus checkers. My brothers friend got it on his laptop, and it took me a few hours of cursing and reading the internet to get rid of it. At the time, maleware bytes, spyware monitors, windows defender etc didn't recognise it. I hate being "the computer guy" everyone comes to for help - I get all the sh*t.

It's a nasty bugger - it adds itself to various startup locations in the registry, including attaching itself to internet explorer or another browser to re-infect too. It also takes over *.EXE file execution, so you can't run virus checkers to remove it. It can be manually cleaned however - it's actual infection files usually resides in the User folders and has been dropped and executed in their via a Java exploit.

I got rid of it by running a program that kills all startup items (search for rkill.exe) and dodgy processes, then ran a script that returned the *.EXE files back to normal in the registry. Did all this in safe mode I think. Then I searched the registry and hard drive for the infected files. The one I had was called AVE.EXE, but it can be named different and the dropper file (the one responsible for downloading and re-infecting your PC) will have a random name, probably in the Sun Java folders if I remember rightly in my case but it may have been modified to infect differently. You can find the randomly named dropper file by searching for a file with a creation date the same as the AVE.EXE (or other common virus name it comes under) file.

I'm trying to remember back a year ago, so it's probably easier just to link you to my anandtech post when it was all fresh and to keep the facts straight: http://forums.anandtech.com/showthread.php?t=2067277 (read my second post down for more detail).

Sounds complicated, but I'd imagine there are auto cleaners out now that will do all this for you. Just suggest doing a search and read about AVE.EXE and RKILL.exe to get you on the right track if other programs fail. Good luck.
[Reply]
Harrison 00:09 12th October 2010
I recommend finding a scanner that can be self booted to check the drive, rather than one you run from inside windows. That will stop any system files being locked and able to be scanned or cleaned by a scanner. Download the latest version of HiRens 11.1 Boot disc as that has a load of scanners on the disc that can be booted directly into.
[Reply]
J T 05:04 13th October 2010
Format the drive, burn down the house, salt the ashes, take off and nuke the site from orbit.

It's the only way to be sure.
[Reply]
Stephen Coates 20:27 13th October 2010
Originally Posted by J T:
Format the drive, burn down the house, salt the ashes, take off and nuke the site from orbit.

It's the only way to be sure.
That would probably do the trick, but reinstalling Windows afterwards might be rather difficult.
[Reply]
Harrison 16:45 26th October 2010
It is true that you need to locate the source of the virus, otherwise you might have it on a backup, or something you downloaded, and even reinstalling the OS you might reintroduce the virus again from one of these. A full scan of the existing system is recommended.

But a clean install is really the only and best way when infected badly to ensure all system files are clean.
[Reply]
Stephen Coates 21:07 29th October 2010
I've installed Windows XP Home Edition from the CD which Dell included with the computer, updated it to Service Pack 3, installed all the device drivers, and am currently installing some useful programmes using Ninite.
[Reply]
Demon Cleaner 21:30 29th October 2010
Glad to read that you're using Ninite
[Reply]
J T 23:32 29th October 2010
Ninite does look useful. I'd not heard of that before.
[Reply]
Harrison 01:38 30th October 2010
I also used Ninite when i installed Win 7 recently on my main PC. Definitely speeds up installing a load of commonly used utilities and programs.
[Reply]
Tags:Array
1 2
Up