Please HELP :Infected by av.exe (Anti Virus vista 2010) which wont allow MBytes

[jasonbt]

Hi I got infected by a malware which opens up a window called ANTI VIRUS VISTA 2010. I was told by a friend about MALWAREBYTES and its excellent forums and software. This malware runs a av.exe file in the processes each time I open a program and slows down my system.I tried to download the Mbam.exe BUT it wont allow it to run( It opens up a window which says which program do you want to use to open).

This is really frustrating. I would be really GRATEFUL and promise to buy the full version if you can help me solve this.

Thanks a lot.

[Spec-V]

Hi jasonbt and welcome to forums at Malwarebytes,

The malware might have messed up your .exe file association.

Pls try the solution in post #3 (last post):

http://forums.malwarebytes.org/index.php?showtopic=38629

Let us know how it works for you.

[jasonbt]

Hi jasonbt and welcome to forums at Malwarebytes,

The malware might have messed up your .exe file association.

Pls try the solution in post #3 (last post):

http://forums.malwarebytes.org/index.php?showtopic=38629

Let us know how it works for you.

How do I "launch" the .com file ? after renaming the file from exe to .com and on double clicking it gives a error # 1155 -" No application is associated with this file type"?

What do u suggest that i shud do now?

[noknojon]

Hi jasonbt -

The instructions Here are usually fairly easy to follow -

However some people prefer for one of our experts to fully remove it for them - We will do this for free if you wish -

You also could be infected with more than just the one basic problem - That is why our experts carefully check your computer -

As we don't work on Malware removal or diagnostics in the general forums please follow the steps listed below and one of our experts will assist you -

Please print out, read, and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that you're alerted when someone has replied to your post - As the experts are a bit busy , please be patient and they will get to you -

Thank You -

EDIT - Please use the ADD REPLY Tab when answering - Thank You -

[eflammer]

I just finished removing this from my PC and i have one question. If i had been running MBAM in the paid for resident mode would it have prevented this infection?

This things went right past my firewall and antivirus without so much a peep, so it is obvious to me that I need more protection from this type of infection. I just want to be sure that if I purchase MBAM It will fill in that gap for me.

[Maurice Naggar]

Hello,

The general answer is yes, MBAM with protection mode on, would have caught this rogue.

If you have no active anti-malware app installed, buying MBAM is the best investment you could make.

The license is good for lifetime. No renewal fees.

Keep in mind also that no one single product will always catch everything. You must have a layered defense and practice safe internet habits as well.

Keep in mind also the newest & latest malwares can carry some serious rootkits, that once on-board, are quite devilish to remove.

What firewall are you using?

What antivirus program? is it always kept up-to-date?

Do you keep up with Windows Updates?

[Spec-V]

jasonbt,

If the self help instructions don't work for you, please follow noknojon's advice.

Thanks.

[Maurice Naggar]

@TechSupport

That is only 1 part of the infection that you have pointed to.

The "antivirus" rogue variants come with other components that cause the infection to re-appear if the other aspects are not deleted in the same session. Things like random scheduled jobs & hidden files/folders.

Please stop giving specific advice on malware removal in this sub-forum.

This sub-forum is for general issues dealing with MBAM.

[AdvancedSetup]

I've removed the posts Maurice.

Thanks

[ridgerunner]

Great description of the problem and solution for getting rid of it.

But can someone explain how this rouge gets into the computer in the first place? I'm guessing that it has something to do with Internet Explorer and an active-x control - and someone clicking where they shouldn't have. Is there an article somewhere that describes the details of exactly how the program manages to install itself? When my friend got this last week, I was able to get rid of it with some difficulty, and when it was finally gone I recommended her to stop using IE (except for those few websites that won't work without it), and switch to Firefox and that will prevent it from ever happening again. Is this true?

[AdvancedSetup]

Nope plenty of users here with Firefox and Opera and they're infected. Its a lot more complex than that.

[ridgerunner]

Nope plenty of users here with Firefox and Opera and they're infected. Its a lot more complex than that.

I am aware that there are many ways into a computer, but this one got into my friend's box from simply browsing using IE. There has to be an executable with file access getting runtime one way or another and HTML/CSS/Javascript certainly can't do it alone. I'm very curious and would like to understand the precise entry mechanism. How can an executable get from a website through Opera into memory and then get CPU time? The only other thing besides active-x that I can think of would be Flash? But does that allow access to the file system?

Complex, yes. Can you please elaborate?

[AdvancedSetup]

You can learn more from the following resources if you're interested in learning more and helping others.

The following are websites who host training facilities: United Network of Instructors and Trained Eliminators

• Bleeping Computer
  
  
• Geeks to Go
  
  
• SpywareHammer
  
  
• Malware Removal
  
  
• What the Tech
  
  
• Spyware Info Forum
  
  
• That Computer Guy
  
  
• Tech Support Forum
  
  

[noknojon]

one got into my friend's box from simply browsing

You can get any of these infections just by clicking onto an advertisement on facebook or other networking sites (for example)- Have you ever seen an advertisement that says "Congratulations You are the 1,000th visitor" - (You could be the 1,000th person to be infected with something) -

There is No one answer except to have a good active antivirus (even free MSE) and a good active anti malware program -

We all just need to be careful when "just browsing" because that is where the traps always are -

AdvancedSetup has given a good list of sites that conduct classes in malware removal and we reccomend them to all who ask -

Safe and careful browsing - Also read our Self Help removal area just to see the latest 10-20 rogues that want your money -

Thank You -

[ridgerunner]

You can learn more from the following resources if you're interested in learning more and helping others. ...

The reason I ask a specific question here is that I assume that you folks are already malware experts. Your generic response: "If you want an answer to your question, go to school somewhere else and learn it for yourself" is not terribly helpful (and certainly does not answer my question). But thanks anyway for responding.

Once again, can anyone answer this (not-so-simple) question: "Exactly how, via a web browser, does the av.exe rogue trojan gain access to the CPU?"

Note that: "Clicking on a pop-up ad." is not an answer! I've been programming professionally for 30+ years and am interested in getting a technically detailed answer. Note that I myself have never installed any anti-virus software on any of my own machines and have never been infected (knock-knock! Although I do install anti-virus on machines that I set up for my clients). However, I *do* use a hardware firewall, don't use IE unless absolutely necessary and never open any suspect email attachments. I also never browse the seedier side of the internet. I just can't understand the mechanism of how an executable can gain access to the cpu from a web site via a web browser (except of course through active-x). Yes, one can place an exe file on a web page and someone can download and run it - that is obvious. But that requires that someone explicitly click on a "Run" or "Open" button after it is downloaded.

[AdvancedSetup]

The basic answer is no. We are not hear to educate user on how the underlying mechanisms work. People go to school and do a lot of studying to learn this. It is not a simple paragraph explanation of how it works. There are many websites with the basics of how it works that you can read on Wikipedia.

Thank you.

[Maurice Naggar]

A server-side script can push a malware exe & get it auto-started without user intervention.

For one example, server-side scripting [note: no ActiveX required] (just assume a website has a malicious page with a malicious script) is one mechanism used by the malware bad guys to "auto-push" a rogue program (for example).

One click on a link to a bad site is all it takes, and -blam- your pc is infected ---- even IF you have an active antivirus app installed. The rogue is pushed to the system even -before- the pc-owner sees the webpage load onscreen.

So, it is not a matter of having a compiled executable (as an example) which the pc-user has to execute.

It's all on auto-pilot.

The example I mention is known as a drive-by install.

HTH

Do some more reading as Ron mentioned.