AntiVirus Soft virus (anyone ever get this beaut)

Vanity | 2-17-2010 | Frantzie

[Frantzie]

Somehow I picked up this beauty. I had Avast and old Norton which I need to remove.

I am now trying to remove it with Avast on a reboot scan. I tried to download Malware Bytes on this machine but this awful virus sucks up everything on the machine. Avast is at 10%. I am not sure it will get it.

[Anitius Severinus Boethius]

Any ideas where you picked it up?

I have a theory that these extortion-ware programs are broken up into pieces that are then hooked onto scripted portions of legitimate websites (hooking onto either flash or java). These pieces are small and innocous until all the pieces are downloaded in the temp files. A trigger will then cause them to launch and create the "virus".

Seems kind of far-fetched, but I have been fighting these and removing them weekly for almost 2 years now.

[driftdiver]

“Seems kind of far-fetched, but I have been fighting these and removing them weekly for almost 2 years now.”

You might try ccleaner and clean out your temp files on a regular basis. If you’ve been fighting them for that long then you may be routinely visiting an infected server or are not removing them entirely.

[Anitius Severinus Boethius]

For my job, not for my personal system.

[driftdiver]

Are there other computers on the network? Is this a customers PC or your PC at work?

[Anitius Severinus Boethius]

These are laptops of our clients. We have about 2,300 clients that travel and live all over the world. 1 or 2 cases of these viruses weekly end up on my desk.

[driftdiver]

job security then.

I’ve used avast for quite a while and haven’t had a problem. When I used norton or macafee I did have problems.

[John W]

Try System Restore to a date before you think you got it.

[philetus]

How to remove AntiVirus live

http://www.myantispyware.com/2009/12/07/how-to-remove-antivirus-live-uninstall-instructions/

Maybe

[Anitius Severinus Boethius]

I have plenty to do without these extortion-ware problems :)

[Sergio]

Bookmark.

[sushiman]

I vote for MSE as well . Recently uninstalled Norton ( 2 months free with new HP ) and installed it . All is well ...and free besides .

[ansel12]

Was your avast on automatic update and was it updating once or twice a day?

Is the virus allowing you to update it now?

The Norton may have been messing up your avast, you can’t have two antivirus programs at one.

[Nateman]

You can get a CD version of Linux called Ubuntu free. With that read only CD you can bring your computer up and either save all the stuff you want before doing a restore , or get AVG for Linux, then scan the Windows drive.

[Frantzie]

“Any ideas where you picked it up?”

No idea. I try real hard to avoid going any place that is questionable. I will look in IE logs to see where I went. I try to avoid surfing.

I had old stupid Norton and I think Avast wasn’t on full because of Norton. Norton factory pre-loaded is hard to get rid of.

I am at 77% on Avast at the boot drive but will have to put malware on a usb like the other fellow suggested. I dobt Avast will get it. This is a bad one.
FreeRepublic always has the best advice on stuff.

[philetus]

Remove Antivirus Soft (Uninstall Guide)

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft

[kara37]

I got rid of this by using System Restore. However, you only have about 30 seconds from when your computer starts up to get into system restore.

This bug will block you from getting into it, but it does have about a 30 second lag time before this virus boots up. You need to try to beat it.

[driftdiver]

Switch to firefox or Chrome for browsing. That also seems to help as fewer of the viruses are written for them.

[Cheerio]

My grandson somehow downloaded Malware "AntiVir 2010" which kept telling him he was infected and in order for him to remove the virus he had to submit credit card for $40. We were able to remove it using Ad Aware.

http://download.cnet.com/Ad-Aware-Free-Anti-Malware/3000-8022_4-10045910.html?tag=mncol

[daniel1212]

http://www.2-spyware.com/remove-antivirus-soft.html

Antivirus Soft manual removal:

Kill processes:
[RANDOM CHARACTERS]sysguard.exe, for example ghrtsysguard.exe [RANDOM CHARACTERS]sftav.exe

HELP:
how to kill malicious processes

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ""
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\AvScan

HELP:
how to remove registry entries

Delete files:
Windows XP: %UserProfile%\\Local Settings\\Application Data\\\\[RANDOM CHARACTERS]sysguard.exe Windows Vista and Windows 7: %UserProfile%\\AppData\\Local\\\\[RANDOM CHARACTERS]sysguard.exe %UserProfile%\\AppData\\Local\\\\[RANDOM CHARACTERS]sftav.exe

HELP:
how to remove harmful files

Delete directories:
%UserProfile%\Local Settings\Application Data\[RANDOM CHARACTERS]\ (Win XP)
%UserProfile%\AppData\Local\\ (Win Vista & 7)

[daniel1212]

Recommend Blocking Unwanted Parasites with a Hosts File. Used for years, and you can add sites that give you problems. Thank God for such.

http://www.mvps.org/winhelp2002/hosts.htm