Antivirus Suite Aftermath

[Apulver]

Our computer recently became infected with Antivirus Suite. I am running Windows XP on a laptop via integrated wireless connection.

Originally I had disabled the AV Suite pop-ups by hitting "end process" in the Windows Task Manager on a file installed by AV Suite. Norton still did not detect any viruses, etc. I then attempted running Norton with after restarting Windows with a diagnostic startup via MSCONFIG. Again, Norton did not detect anything. Windows was eventually returned to normal startup mode via MSCONFIG.

I proceeded to restart windows in SAFE mode and scan with Norton. Norton was able to identify/remove 4 threats.

Here is where things got bad.

After I restarted Windows in NORMAL (not safe) mode, I noticed a number of things had changed. First, the normally green-colored "start" button in the bottom left corner was now gray, smaller, and using different font. In fact, the windows font had been changed in numerous different places. Second, I noticed that even though MSCONFIG was running in normal (not diagnostic or selective) startup mode, there were only a few programs running in startup (the box in the bottom-right corner).

(1) There was no icons or programs dealing with internet connection, or signal strength, or anything dealing with my laptop's internal wireless system ("wireless network connection"). Needless to say, I have lost all internet connection ability. In internet explorer, hitting "diagnose connection problems" returns an error message to the effect that no device is assigned to the progrem and/or no device can be found

(2) There is NOTHING listed in the windows hardware Device Manager

(3) Some programs, like microsoft word and Nero, still open and function normally

(4) My printer is not functioning and is not recognized when powered and connected via USB, however the mouse and keyboards work fine

After doing some research I located Malwarebytes and ran the free version via directions listed here:

http://forums.malwarebytes.org/index.php?showtopic=53741

Please note that...

(1) Presumably due to my internet issues, I was NOT able to update the malware definitions, even after adjusting the proxy settings according to directions. I repeatedly recieved an error when hitting the update button that stated the following:

MBAM_ERROR_UPDATING (12007, 0, WinHttpoSendRequest)

(2) Without updating, I still was able to eliminate about 63 malware threats (4-5 which had names relating to the AV suite, the remainder being adware)

Since running the program, my desktop / internet connections / hardware task manager still look exactly the same. I am fearful that AV Suite has already done damage that will require replacement of my computer.

Without internet connection, I have to search for solutions via work computers and transfer files to my laptop. I have no idea what to do now.

PLEASE HELP! Is there any fix to this?

[gtyhfy]

Hello Apulver,

Please follow the instructions by Firefox below for the instructions of updating the database.

The expert helpers will help you to clean up the malware for free. You may follow the instructions below -

As we don't work on Malware removal or diagnostics in this forum, please follow the directions below.

• If you have already submitted for assistance at one of the other support sites on the Internet then you should not post a new log here, you should stay working with the Helper from that site until the issue is resolved.
  
• Please print out, read, and follow the directions here, skipping any steps you are unable to complete. Then post a NEW topic here.
  
• One of the expert helpers there will give you one-on-one assistance when one becomes available.
  
• After posting your new topic, make sure under options (top right of your topic screen), you select Track this topic and choose one of the Email options (prefer Immediate Email Notification) so that you're alerted when someone has replied to your post.
  
• Please be patient when waiting for an expert help as the expert helpers can get a bit busy.
  
• Please try not to post back (bump) your topic within the first 48 hours. Expert helpers will find the topics which has a zero post count first. By doing so, expert helpers may think the topic is replied and jump to other posts.
  If there is no reply from any experts after 48 hours, you can reply the topic for asking help again or send a Private Message to a Moderator asking for assistance.
  
• Please do not alter the system (eg install or uninstall any software, conduct some fixes, use any removal/scanning tool) after posting unless it is told by the expert helper. Using these other tools often makes the cleanup task more difficult and time consuming.
  

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or here for a prioritized support. Please remember to quote your cleverbridge Reference Number from the confirmation e-mail when requesting assistance.

Thank You and hope your computer back to normal

PS Please use the "ADDREPLY" button at bottom of forum window instead of other ones when you start replying.

edit - adding update DB info. and delete it as it is not a correct DB download link.

Edited June 24, 2010 by gtyhfy

[Firefox]

You can update the database, see Section A Issue #4 LOCATED HERE

Here is what it states:

ISSUE: I need to get the latest database onto a computer that cannot access the Internet.

SOLUTION: You can manually copy the database from a working computer using a flash drive or CD onto the infected PC. Our database file is stored in the following locations.

Windows XP and 2000

C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

Windows Vista and Windows 7:

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

You can also download a manual update from HERE - NOTE: This manual update will always be way behind in version level compared to updates from within the program