Jump to content

AV Antivirus Suite Virus program


Recommended Posts

Hi,

I have been reading some of the posts here and it says I should not follow the guidance for someone else even if I have a similar problem. So my problem is as follows:

I have Windows XP Professional.

I had McAfee Antivirus Enterprise version on my computer with the free version of Antimalware Bytes program that was not updated for this problem. (I have since removed the Enterprise version since I thought it was no longer working and bought the McAfee Total Program 2010 program and am currently running this as my antivirus software.)

About two weeks ago I noticed that un unwanted IE page would open automatically when I signed in to my Google homepage. Other than thinking this was a annoyance I did not think much of it. Then I got the Control Center virus-at the time I did not know what it was and over the next two weeks determined that it was a hijack virus and thought I had removed it by downloading the rkill program which in turn allowed me to update MBAM (free version latest update was April 29, 2010) which removed what I thought was the files. For about two-three days it seemed everything was back to normal except I still had the unwanted "pop-ups" when signing into my Google homepage. Now I have a new hijack virus called the AV Antivirus Suite which has taken over and will not allow me to open any applications and has set up that annoying "proxy server" on my IE that I keep seeing is one of the signature problems with this virus.

What I have done to try and fix so far:

-Downloaded onto flash drive all the rkill programs that I could find-rkill.exe. rkill.scr, rkill.com, exehelper.exe, and I believe iexplorer.exe and none of them seem to kill the active processes of this virus (different from the Control Center virus which I was able to kill with the first above and run MBAM to remove files).

-Tried running MBAM in Safe Mode with Networking and it detected one infected file and removed but when I rebooted in Normal Mode the virus was still there. Also tried updating MBAM in Safe Mode with Networking and could not do so. One post said that the version dated in June 2010 would remove this particular virus.

Not sure how to proceed since there seem to be so many different ways to go about trying to remove this virus. Need help at this point. Thanks.

Link to post
Share on other sites

Hi k.perro and Welcome to Malwarebytes Forum

AV Antivirus is a rogue that is very malicious. We talked about it at:

http://www.kickenhardware.net/forum/showthread.php?t=19778

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

---------------------------------------------------------------------------------------------

  1. Download ComboFix from below:
    Combofix download
    * IMPORTANT !!! Place combofix.exe on your Desktop
  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  3. Double click on combofix.exe & follow the prompts.
  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    cfRC_screen_1.png
    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
    The Recovery Console was successfully installed.
    cfRC_screen_2.png
    Click on Yes, to continue scanning for malware.
  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  6. When finished, it shall produce a log for you. Post that log in your next reply
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
    ---------------------------------------------------------------------------------------------
  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
    ---------------------------------------------------------------------------------------------

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.