Jump to content

Needs Help Quick with Antivirus 2010

Recommended Posts

This virus got on a co-workers computer. I will have to secure it more for external use. But, the virus calls itself Antivirus 2010 and looks like it, but no manual removal instructions work for it (uses all different file names and registry keys). I can disable it's service which prevents it from coming up, but it's removal prevention mechanism is still in place. Even when running in safe mode, and installing MBAM, it updates and opens fine. Once run, the program disappears.

Link to post
Share on other sites

Log from RKUnhooker:

RkU Version: 3.8.388.590, Type LE (SR2)


OS Name: Windows XP

Version 5.1.2600 (Service Pack 3)

Number of processors #2




0xF58B5000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 3637248 bytes (Intel Corporation, Intel

Link to post
Share on other sites

Hello jlspartz

Welcome to Malwarebytes.


  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.


Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Link to post
Share on other sites

I got TDSS to run, but it can't clean it.

2010/11/02 14:39:23.0277 TDSS rootkit removing tool Oct 26 2010 11:28:49

2010/11/02 14:39:23.0277 ================================================================================

2010/11/02 14:39:23.0277 SystemInfo:

2010/11/02 14:39:23.0277

2010/11/02 14:39:23.0277 OS Version: 5.1.2600 ServicePack: 3.0

2010/11/02 14:39:23.0277 Product type: Workstation

2010/11/02 14:39:23.0277 ComputerName: CDSMITH007

2010/11/02 14:39:23.0277 UserName: gsabel

2010/11/02 14:39:23.0277 Windows directory: C:\WINDOWS

2010/11/02 14:39:23.0277 System windows directory: C:\WINDOWS

2010/11/02 14:39:23.0277 Processor architecture: Intel x86

2010/11/02 14:39:23.0277 Number of processors: 2

2010/11/02 14:39:23.0277 Page size: 0x1000

2010/11/02 14:39:23.0277 Boot type: Normal boot

2010/11/02 14:39:23.0277 ================================================================================

2010/11/02 14:39:23.0402 Initialize success

2010/11/02 14:39:24.0683 ================================================================================

2010/11/02 14:39:24.0683 Scan started

2010/11/02 14:39:24.0683 Mode: Manual;

2010/11/02 14:39:24.0683 ================================================================================

2010/11/02 14:39:27.0120 Suspicious service (NoAccess): vbma17c8

2010/11/02 14:39:27.0120 vbma17c8 - detected Locked service (1)

2010/11/02 14:39:27.0323 ================================================================================

2010/11/02 14:39:27.0323 Scan finished

2010/11/02 14:39:27.0323 ================================================================================

2010/11/02 14:39:27.0323 Detected object count: 1

2010/11/02 14:39:33.0321 Locked service(vbma17c8) - User select action: Skip

2010/11/02 14:39:36.0445 Deinitialize success

Link to post
Share on other sites

I'd like to try to solve it, but time=money and we're ordering a new computer and wiping this one clean.

===The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance===

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article Some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

"How did I get infected in the first place?" Also this one by Tony Klein.

If your computer is slow Is a tutorial on what you can do if your computer is slow.

File sharing program dangers Reasons to stay away from File sharing programs for ex: BitTorrent,Limewire,Kazaa,emule,Utorrent etc...

===Free antimalware tools used for on demand scanning and cleaning no real time unless purchased===

Malwarebytes Antimalware


===Free antivirus links===

This is antivirus and antispyware.

Microsoft Security Essentials

This is free antispyware protection and Antivirus protection.

AVG free 9.0

This is just antivirus protection.


This is antivirus and antispyware protection.


Link to post
Share on other sites

  • 2 weeks later...
This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.