Jump to content

Infected with antivirus 2009, prunnet, deewoo


Recommended Posts

First may i say what a helpful site this appears to be. I have done some research about the "antivirus 2009", and have d/l MBAM. I found i could not start the program, Various popups seemed to prevent proper installation, anyway i found a previous post saying

Click on Start, click Run, and then type devmgmt.msc and click OK

On the View menu click on Show hidden devices

Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys

Highlight that driver and right click on it and select DISABLE

Now RESTART your computer.

Download a copy of Malwarebytes but DO NOT run it yet.

Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.

Once the program is installed go to the UPDATE tab and try to update the program if you can.

Then go to the SCANNER tab and run a Quick Scan and allow MBAM to fix anything found.

Well having restarted my pc into safe mode when i entered into the "devmgmt.msc" screen and clicked "show hidden devices" there was nothing in the open window.

Thinking (bad for me) that it was a safe mode issue i started pc in normal mode, now i can only get to the select users screen and pc appears to not respond. Mouse still moves but nothing happens.

Background info XP sp3 mcafee,spybot,adware, all installed but none will run. I do not have HiJackThis installed, and cant now that i cant log on.

Thank you for taking the time to read this, i hope somebody can help.

Link to post
Share on other sites

Just incase things prove too difficult, i am thinking of purchasing a new pc anyway, however if and when i can get into my infected pc will it be safe to transfer photo's and music to a new disc drive without transfering the virus/trojan (if attempts to clear it fail). Photo's have been backed up onto disc, music hasn't.

Link to post
Share on other sites

  • Root Admin

If you have access to a work computer or a friends computer where you can burn a disk please follow these instructions.

Once the PC is up and running well enough then post a new post as shown below.

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

    Avira AntiVir Rescue System
    Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to:


  • repair a damaged system,
  • rescue data,

  • scan the system for virus infections.


    Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.
    The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.

Then hopefully your system will be cleaned enough to get back into it and install / run MBAM. If so please follow these instructions.

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

Link to post
Share on other sites

Hello-

I also have been afflicted by AntiVirus 2009 w/ similar issues to the person that started this thread. I burned an Avira AntiVir Rescue System boot disc on another computer that I think may well also have this virus, but disc burn appeared successful.

I was able to boot the really badly afflicted computer with the Avira AntiVir Rescue System disc, but cant select anything but German for language, and so have no idea what i'm selcting after i hit SCAN. Why am I unable to select English? I can move the blue highlight bar up and down to highlight either English or Deutsch, but can't move the (X) to select English.....what am i missing here or is this damn av2009 locking me out of even that selection, similar to the way it wont let me safe mode boot or do a system restore.....?

Thanks!

Link to post
Share on other sites

Hello-

I also have been afflicted by AntiVirus 2009 w/ similar issues to the person that started this thread. I burned an Avira AntiVir Rescue System boot disc on another computer that I think may well also have this virus, but disc burn appeared successful.

I was able to boot the really badly afflicted computer with the Avira AntiVir Rescue System disc, but cant select anything but German for language, and so have no idea what i'm selcting after i hit SCAN. Why am I unable to select English? I can move the blue highlight bar up and down to highlight either English or Deutsch, but can't move the (X) to select English.....what am i missing here or is this damn av2009 locking me out of even that selection, similar to the way it wont let me safe mode boot or do a system restore.....?

Thanks!

When selecting english, hit the space bar and it should select it, then press enter.

Link to post
Share on other sites

  • 3 weeks later...
If you have access to a work computer or a friends computer where you can burn a disk please follow these instructions.

Once the PC is up and running well enough then post a new post as shown below.

Requires access to a working computer with a CD/DVD burner to create a bootable CD.

  • Avira AntiVir Rescue System

    Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to:

repair a damaged system,

rescue data,

scan the system for virus infections.

Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.

The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.

Then hopefully your system will be cleaned enough to get back into it and install / run MBAM. If so please follow these instructions.

Please read and follow the instructions provided here: Pre- HJT Post Instructions

When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

I've also had luck with BART PE bootable version of windows to allow running MBAM

Link to post
Share on other sites

Hello all! New to site and you guys are amazing! So very helpful! I am in the midst of booting the rescue CD....I boot it from the CD-ROM and it goes perfect! UNTIL...it comes up in German! LOL Any help?

Thanks

Dara!

I should clarify...I keep reading that all you have to do is select English, my problem is I am never prompted to select a language. It seems to me that Im not getting the full screen...its cut off at the bottom! Im sooo confused! Please help save the life of a teenager by helping me LOL It is my stepsons comp that I am trying to fix and he is a syllable away from getting duct taped :)

Link to post
Share on other sites

I was also infected with Antivirus 2009. I had McAfee updated and running, it did not stop it. With the malware running, McAfee was running but crippled, MSFT autoupdate was disabled, regedit was disabled. I did get Ad-Aware running, but it did no good. Spybotsd, Combofix, mbam all would not run. I tried Avira Rescue System CD, but that did not work for me. Finally I dowloaded a copy of Spyhunter as was suggested on a different site, and transferred it to the infected system via flash drive. Spyhunter did run and detected a root tool kit, disabled it, and rebooted my PC. After that, I was able to run mbam, spybot, and will probably run Superantispyware (suggested by the same post that suggested Spyhunter). Note the free version of Spyhunter would only detect, but not correct. But it did disable the root tool kit for me to be able to run mbam and spybotsd.

Link to post
Share on other sites

  • 4 months later...
Note: Renaming mbam.exe often confuses the malware, and allows it to launch.

I realize this is an old post but I thought I should comment. I have tried renaming both Malwarebytes and its installer dozens of times and not once has that ever tricked malware into letting it run. Avira is far more reliable when it comes to a preliminary scan to get Malwarebytes running to remove it all.

I also noticed someone above mention their Avira rescue disc seemed cut off. I have now encountered that twice and extensive searching has yielded no solution so far. Is there a solution or do I have to just recommend the users that can't run Avira or Malwarebytes just reinstall the OS and everything else on the computer?

RN

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.