Antivirus 2010 Attack

[Daedalus233]

Hello. I've checked dozens of other websites and all have been useless so I've turned here...

Today my computer was infected with Antivirus 2010. I've dealt with the 2009 variant in the past and successfully defeated it but this one is proving to be impossible to remove.

When the rogue "antivirus" program first popped up, my gut reaction was to perform a Malwarebytes scan -- however it was quickly closed and I received the error message "Windows cannot access the specified device, path or file. You may not have appropriate permission to access this file."

Through a command prompt, I restored access to Malwarebytes, but a secondary attempt got it closed and blocked off once more. I repeated that and renamed the actual Malwarebytes file, hoping that would trick the malware program, but it didn't, it was closed and denied me access once more, and I gave up on that.

I tried my backup antivirus program, AVG free, and that got about halfway through its scan before it too was closed off from access. I then tried an RKill.exe attempt, but the virus managed to catch that as well.

None of the associated programs for Antivirus 2010 show up in my windows processes, so I can't kill them from there. I also checked my program files and my registry, and oddly they're not showing up there either -- it's like it's completely gone, so I can't remove it, but I'm 100% certain I still have the program, or else my genuine antivirus programs wouldn't be continually blocked off from performing scans.

I'm not computer savvy, so I don't know what specs and other information you need, but my computer is an intel HP Pavilion, about 3-4 years old.

[rockstar_22]

I'm having the exact same problem. Have tried the same things to no avail. Someone please help us!!!!!!!!!!

Hello. I've checked dozens of other websites and all have been useless so I've turned here...

Today my computer was infected with Antivirus 2010. I've dealt with the 2009 variant in the past and successfully defeated it but this one is proving to be impossible to remove.

When the rogue "antivirus" program first popped up, my gut reaction was to perform a Malwarebytes scan -- however it was quickly closed and I received the error message "Windows cannot access the specified device, path or file. You may not have appropriate permission to access this file."

Through a command prompt, I restored access to Malwarebytes, but a secondary attempt got it closed and blocked off once more. I repeated that and renamed the actual Malwarebytes file, hoping that would trick the malware program, but it didn't, it was closed and denied me access once more, and I gave up on that.

I tried my backup antivirus program, AVG free, and that got about halfway through its scan before it too was closed off from access. I then tried an RKill.exe attempt, but the virus managed to catch that as well.

None of the associated programs for Antivirus 2010 show up in my windows processes, so I can't kill them from there. I also checked my program files and my registry, and oddly they're not showing up there either -- it's like it's completely gone, so I can't remove it, but I'm 100% certain I still have the program, or else my genuine antivirus programs wouldn't be continually blocked off from performing scans.

I'm not computer savvy, so I don't know what specs and other information you need, but my computer is an intel HP Pavilion, about 3-4 years old.

[LDTate]

rockstar_22, read the rules

If you're infected and need help start your own new post, do not reply in another users post

.

http://forums.malwarebytes.org/index.php?showtopic=12264

Daedalus233

Print out these instructions as we may need to close every window that is open later in the fix.

It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are 5 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click and choose Run as Admin

You only need to get one of them to run, not all of them.

1. rkill.exe
   
2. rkill.com
   
3. rkill.scr
   
4. WiNlOgOn.exe
   
5. uSeRiNiT.exe
   

Do not reboot your computer after running rkill as the malware programs will start again.

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
  
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform quick scan, then click Scan.
  
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• 
  
• Then click Remove Selected .
  
• When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  
• Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
  

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste". .

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!