Jump to content

Antivirus 2010 removal not going well


Recommended Posts

Working with the latest version, latest rules, of malwarebytes. On a Windows 7 Pro machine.

I have another computer that is infested with Desktop Anti-Virus 2010. I have removed the drive from that machine... hooked it up to a usb external drive adapter and am scanning it from the Windows 7 machine that has malwarebytes installed.

During the scan, it is finding a lot of .exe files in the username\local settings\temp folder... but it is not tagging them as malware. Examples are lols.exe

destroyer.exe ploper.exe and many with names like bzqa43d.exe, etc... names with random alphanumeric characters that are usually malware... not to mention several that are obscene names that have to be malware.

Scan is continuing at the moment... but I know the machine is infected and I am very concerned that malwarebytes has finished scanning this folder and not tagged anything as malicious. We could be onto a new generation of malware that is somehow confusing malwarebytes.

Scan is stay running.. will finish by morning.

Any suggestions greatly welcome. Will post final scan results then.

Link to post
Share on other sites

Scan completed... it reports:

Objects infected: 0

The scan completed successfully. No malicious items were found.

This is totally wrong. During the scan I saw the items mentioned in my first post in the scanning screen... But malwarebytes would scan... NOT report a malicious item, then move on to the next file.

Something very odd - I have never seen malwarebytes behave this way when malicious items are present.

The first scan was a quick scan. I have just launched a full scan.

Will advise results.

Link to post
Share on other sites

Hi Tomster -

If you would like our experts to fully review your problem then these instructions below will show how to get help -

Quite often you have more than 1 infection and can cause your problems -

As we do not work on Malware removal or diagnostics in the general forums please follow these directions -

Please print out, read and follow What do I do now? , skipping any steps you are unable to complete.

The next step is post a New Topic Here.

One of the expert helpers there will give you one-on-one assistance when one becomes available.

After posting your new post make sure under options that you select Track this topic and choose one of the Email options so that

you're alerted when someone has replied to your post - Please allow at least 48 hours for a reply as the experts can get busy at times -

Also add a brief note to the experts as to your problems -

Alternatively, as a paying customer, you can contact the help desk at support@malwarebytes.org or via This Link

Always use the ADD REPLY Tab at the bottom of the page when you reply -

Thank You - :)

EDIT -

Anything else we can help with , Please post back -

Current update is Version 4481 - (Just FYI)

Link to post
Share on other sites

For reference purposes.

This system had an up to date version of AVG Anti-Virus.

It also had Malwarebytes (paid) that we left disabled as it was fighting with AVG.

When this problem happened... we could not update Malwarebytes to the latest version.

That is when I removed the drive and used the external scan strategy... and used a machine that had version 4478 also Aug 25. (That was latest version available just before I started the external scan).

The external scan strategy has saved me on many occasions before.

I scanned the drive with both Sunbelt Software Vipre (also up to date)... it found only two items which I removed. I then scanned with Malwarebytes and it reported nothing. I know both results were failures. I put the drive back into the machine, restarted the original machine and got the typical AV2010 warnings... but am unable to get past them.

The boys at AV2010 have put some new twists into their "product".

Fortunately, we have Ghost backups, and are going to restore one from yesterday before this one hit.

Link to post
Share on other sites

Additional information:

1) actual name of the rogue program is "Desktop Security 2010".

2) Before we restored the image file we observed the following behavior: The 2010 warning screens come up after reboot. The only way around them was to Ctrl-Alt-Del, go to processes and end program on Desktop Security 2010. I could then access the Start button, AVG and Malwarebytes. Full scan with AVG found 2 items that reported successfully cleaned... but reboot, brought us right back to the warning screens. I had already done a full scan with Malwarebytes externally... and had already decided to just restore the drive image file.

3) I am thinking that the exe files in the temp folder mentioned above, may just be "dummy malware" put in place by Desktop Security 2010 as "proof" that you are infected. They are probably not malicious... just named to look like they are, to convince an unsuspecting person that they need to buy the program.

4) But ignoring the exe files in the temp folder, we still have a problem that AVG, Malwarebytes and Vipre could not resolve with standard scans. Nasty stuff. Thankfully we image the PCs every night and had an "easy" way out.

Thanks to everyone for the replies and instructions. We may need the info next time. I would have liked to try the suggestions, but this machine needed to be put back in service immediately.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.