False Positive - Sysguard / Antivirus System Pro

Robbie · November 5, 2009

This is my first post here, so bear with me.

I was last night infected with Antivirus System Pro, telling me to buy its phony antivirus program. The malware blocked task manager and McAfee from opening. I worked around it in Firefox to find a solution and it led me to try Malwarebytes.

I downloaded this program, updated it, and ran it. It detected a few items and prompted for a reboot after I removed them. Much to my dismay, the malware was still operating at full strength, still blocking everything. I rebooted again and quickly opened my task manager as things were still loading and saw a strange process called ycslsysguard.exe which I terminated, and the malware did not start. I took the opportunity to perform full scans with both Malwarebytes and McAfee, but they both came up with nothing.

After a few hours of searching around, I decided to check my msconfig settings to see if there was a program booting that was suspicious-looking (I try to game on my laptop, so I keep very close track of the processes running and the programs that boot so I can run at maximum efficiency. The System Config > Startup tab showed that I apparently had "Microsoft

mbam_log_2009_11_04__13_35_44_.txt

mbam_log_2009_11_04__19_54_50_.txt

mountaintree16 · November 5, 2009

Hi Robbie, and welcome to the forums here at Malwarebytes.org

Please re-post the information in your post (and paste in the logs instead of attaching them if you are able to) here:

http://www.malwarebytes.org/forums/index.p...ew_post&f=7

as we do not work on malware removal in the general forums or in the False positive forum.

Also, you should check out this topic as well: http://www.malwarebytes.org/forums/index.php?showtopic=9573

As soon as one of our expert helpers are available, he or she will be happy to provide you with one-on-one assistance. Please be aware that the forum is quite busy at times, and it may take up to 48 hours or a bit longer before someone will be able to get back to you. If you haven't received a response within 48 hours though, feel free to reply to your post to "bump" it up for a request for review.

Thank you

nosirrah · November 5, 2009

There was an update a few hours ago that may have this handled , this sounds just like what I just worked .

mountaintree16 · November 5, 2009

@ Nosirrah

Oops, sounds like it might be a FP, I thought that by the description it might not be. Hopefully Robbie comes back to this thread and sees this :blink:

Edit: Maybe I mis-interpreted what you said, sounds like this is actually an infection after all.

Sign In

False Positive - Sysguard / Antivirus System Pro

Recommended Posts

Robbie

Link to post

Share on other sites

mountaintree16

Link to post

Share on other sites

nosirrah

Link to post

Share on other sites

mountaintree16

Link to post

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information