PDA

View Full Version : Antivirus 8 spyware removal



Safari
04-01-2011, 10:13 PM
Is there any reliable removal tool to get Anti-virus 8 removed from a Windows 7 computer.
This is the one that displays fake alerts about infections on the computer.
Or will Malwarebytes do the job.

The person infected is not great wiith computers so really need an easy method if possible.

wainuitech
04-01-2011, 10:47 PM
Download Rkill (http://www.bleepingcomputer.com/forums/topic308364.html) to a clean PC put on USB drive -- links in blue in the page.

Download malwarebytes to the USB drive on a clean PC.

Boot the windows 7 into safe mode with networking - plug in the USB drive, run rkill - install malwarebytes - do its update - run in Full scan mode, remove anything it finds.

Once done run Spybot S&D, as well as super antispyware, all in safe mode, just to make sure - Malwarebytes doesn't get everything sometimes - then reboot the PC, pays to re-run the programs, at least Spybot and Malwwarebytes afterwards to make sure.

Also pays to disable system restore heres how (http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/)before doing scans to remove any infections on restore points. Only bad thing about doing that, is if something screws up, you cant run restore to put every thing back.

Safari
05-01-2011, 09:49 AM
Download Rkill (http://www.bleepingcomputer.com/forums/topic308364.html) to a clean PC put on USB drive -- links in blue in the page.

Download malwarebytes to the USB drive on a clean PC.

Boot the windows 7 into safe mode with networking - plug in the USB drive, run rkill - install malwarebytes - do its update - run in Full scan mode, remove anything it finds.

Once done run Spybot S&D, as well as super antispyware, all in safe mode, just to make sure - Malwarebytes doesn't get everything sometimes - then reboot the PC, pays to re-run the programs, at least Spybot and Malwwarebytes afterwards to make sure.

Also pays to disable system restore heres how (http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/)before doing scans to remove any infections on restore points. Only bad thing about doing that, is if something screws up, you cant run restore to put every thing back.

Thanks for that Wainuitech, will try that but as my daughter is in Melbourne
may not be easy.

wainuitech
05-01-2011, 09:59 AM
OK - what you / she can do is boot here computer into safe mode with Networking - you give her the links to Rkill & Malwarebytes - she can download and run them directly - doing it Via USB is a safe guard only as some infections may stop the programs from downloading.

Once she has run Rkill / Malware bytes, it may be enough, OR use Team Viewer (http://www.teamviewer.com/index.aspx) and you load in and run the other programs via remote.

Mind you, she can download Spybot S&D, just tell her not to use teatimer, and one other setting - (internet guard or something like that- cant remember off hand its name) in the options.

Safari
05-01-2011, 10:48 AM
OK - what you / she can do is boot here computer into safe mode with Networking - you give her the links to Rkill & Malwarebytes - she can download and run them directly - doing it Via USB is a safe guard only as some infections may stop the programs from downloading.

Once she has run Rkill / Malware bytes, it may be enough, OR use Team Viewer (http://www.teamviewer.com/index.aspx) and you load in and run the other programs via remote.

Mind you, she can download Spybot S&D, just tell her not to use teatimer, and one other setting - (internet guard or something like that- cant remember off hand its name) in the options.

Instead of using Rkill would it be enough to use Task manager to end process.
Does Antivirus 8 show in Control panel/Programs/Uninstall
I am on a Mac so I guess I can't use teamviewer

Safari
05-01-2011, 11:29 AM
Another thing, would system restore help, at least for the short term as I will be in Melbourne in a few weeks and be able to get hands on.

feersumendjinn
05-01-2011, 12:10 PM
Probably not (the files/exes are probably hidden) is the answer to your first two questions, there is a Mac version of Teamviewer (here (http://www.teamviewer.com/download/index.aspx)), and I wouldn't use system restore as it's probably infected too (as mentioned by WT in post #2).

Safari
05-01-2011, 12:20 PM
Probably not (the files/exes are probably hidden) is the answer to your first two questions, there is a Mac version of Teamviewer (here (http://www.teamviewer.com/download/index.aspx)), and I wouldn't use system restore as it's probably infected too (as mentioned by WT in post #2).

Thanks for that.

wainuitech
05-01-2011, 05:07 PM
Instead of using Rkill would it be enough to use Task manager to end process. Depends in the process is hidden or not.

Not all malware processes will show in Task Manager - Rkill will kill any malware infection process, thats what its designed to do.

Its idiot proof to use - simply download it, double click it, and when finished, it will say 'killed process" ( similar wording) close the app - Done - run malwarebytes.

kahawai chaser
05-01-2011, 08:04 PM
There is also the free of virus (http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html) blog that has a removal package for fake anti viruses, which includes Antivirus 8.

Safari
05-01-2011, 08:31 PM
There is also the free of virus (http://freeofvirus.blogspot.com/2009/05/remove-fake-antivirus-10.html) blog that has a removal package for fake anti viruses, which includes Antivirus 8.

Thanks for the link, at first glance it looked to be useful but after reading the comments on the download link and the problems it caused some people I think it needs to be used with caution.

Safari
09-01-2011, 04:24 PM
Making some progress with this, managed to install and run malwarebytes and if found some infections.
The AV 8 popups seem to have disappeared but getting IE browser redirects to strange websites when doing a google search. Also sometimes bluescreens and goes to safe mode when doing google searches
Gouing to try http://www.superantispyware.com/ and see if that can find anything.
Has anyone any experience with Hitman Pro as another option to try.

wainuitech
09-01-2011, 05:34 PM
You dont need that hitman pro, you have to be careful, some programs say they can do it all, when in fact they cant, OR are in fact another form of an infection.

All you should have to do, is run Malwarebytes, Spybot S& D, and Super antispyware - all on FULL scan modes - making sure System restore is turned off, other wise they can reinfect. ALSO download and run Trojan remover (http://www.simplysup.com/) - after its run or before , doesn't matter - under utilities - Run every thing - you will need to reset your home page after.

Some of these infections can be tricky to remove, and the programs mentioned dont always remove everything. there are several other options if AV8 wont install, or you have other problems still exist, but I dont mention here as some tasks require a bit of " hands on" OR the programs do have the effect of damaging the OS if you dont know what you are doing with them, and you have to know how to reverse the damage . :D

Safari
09-01-2011, 06:12 PM
Thanks Wainui, I will be careful.
It looks like what is there at the moment is some sort of google redirect virus so just wondered if there was something specific for that. I noticed there appears to be a lot of people getting google redirects problems when I did some research.

wainuitech
09-01-2011, 07:27 PM
Redirecting is one of the things some malware does - trying to get you to buying some rubbish.

Speedy Gonzales
09-01-2011, 08:48 PM
Routers can get hit too if you use one. If if you've tried everything thats been posted already (and it doesnt work). Reset / configure the router. That'll fix the prob

Safari
09-01-2011, 09:46 PM
Routers can get hit too if you use one. If if you've tried everything thats been posted already (and it doesnt work). Reset / configure the router. That'll fix the prob

Well she is in Melbourne on a Vodafone wireless connection so that may not apply.
This is the exact problem.
http://forums.pcworld.com/index.php?/topic/104909-google-redirect-virus/
It seems a lot of people have this issue and it does not always get removed after running the normal removal programs. Haven't tried them all as yet so hope yet.

Blam
09-01-2011, 10:06 PM
Regarding the redirect issue - have you tried resetting IE, as it seems to have fixed the problem for the OP in your link.

In IE its in Tools>Internet Options>Advanced tab>Reset

Safari
09-01-2011, 10:15 PM
Regarding the redirect issue - have you tried resetting IE, as it seems to have fixed the problem for the OP in your link.

In IE its in Tools>Internet Options>Advanced tab>Reset

Sorry I should have mentioned that, yes I have, it was one of the first things I did.

Speedy Gonzales
09-01-2011, 10:16 PM
Did you disable system restore / try booting into safe mode / safe mode / networking, then do a scan with malwarebytes??

Safari
09-01-2011, 10:26 PM
Did you disable system restore / try booting into safe mode / safe mode / networking, then do a scan with malwarebytes??

Yep turned off System restore and did a full scan in safe mode with Malwarebytes. It removed several nasties and antivirus 8 popups and icons have now gone but it has left this so called google redirect virus.
I have asked her to try another search engine to see if it only happens with google.
Doing a google search for google redirect virus brings up pages of reports and problems but no one thing seems to be able to kill it, even some suggestion that it could be some sort of root kit.

wainuitech
09-01-2011, 10:54 PM
Bring out the BIG GUNS :devil

Use this program at your own risk, its one of the ones I mentioned that "sometimes" will screw your system. I would say from experience, this time it "shouldn't" Meaning it can on a really badly infected PC - and you'd know about it if it were.

Turn ON system Restore - make a restore point - download and run Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix) - read the instruction on how to use it, ( basically double clik, agree and let it run)

WARNING: What ever you do DONT stop it once it starts - sometimes it looks like its doing nothing , but it is actually working once started. Once finished it will tell you to reboot, THEN reboot, once again, touch nothing till the report comes up -- may take a few minutes.

The reason it loads in the recovery console, is in case it all turns pear shaped, and you need to repair the system --- hence the warning.

Safari
09-01-2011, 11:00 PM
Cheers Wainui. Not sure if I should use that as what happens if the computer blue screens and restarts while that is running.
I now know why I use Macs.

feersumendjinn
09-01-2011, 11:48 PM
Alternatively, you could (now you've got it running sort of) is to save all data, and do a reinstall, from the recovery partition or discs, then you know it's clean.:2cents:
(Though now you've come this far, you might as well finish the job :thumbs:).

Safari
10-01-2011, 12:46 AM
Alternatively, you could (now you've got it running sort of) is to save all data, and do a reinstall, from the recovery partition or discs, then you know it's clean.:2cents:
(Though now you've come this far, you might as well finish the job :thumbs:).
Yeah that is probably the best option except I am doing all this over the phone so really need to be hands on for that.
Just had another thought, the hosts file may have been change by this crap so think I may have a look at that.

Speedy Gonzales
10-01-2011, 12:49 AM
Probably easier if u get into the system with teamviewer. Get them to boot into safe mode / networking. And fix it. Use trojan remover if the OS is 32 bit and reset everything. Or get into it and post a HJT log. Or tell them to get teamviewer tell them to give you the ID and pw. And I'll check it out from here

Safari
10-01-2011, 08:20 AM
Probably easier if u get into the system with teamviewer. Get them to boot into safe mode / networking. And fix it. Use trojan remover if the OS is 32 bit and reset everything. Or get into it and post a HJT log. Or tell them to get teamviewer tell them to give you the ID and pw. And I'll check it out from here

Thanks for the offer Speedy I will see how it goes. She was having trouble downloading Trojan Remover for some reason, corrupted file although managed to run Super antispyware which found and removed a lot of infections.
Will try downloading Trojan remover again
When in Safe mode/networking unable to connect to the internet with the wireless for some reason which does not help.

Speedy Gonzales
10-01-2011, 08:36 AM
Make sure she's getting trojan remover from the right site. www.simplysup.com

Safari
10-01-2011, 08:40 AM
Make sure she's getting trojan remover from the right site. www.simplysup.com

Yep that's where she was. Might try http://majorgeeks.com/Trojan_Remover_d903.html that should be ok, yes?

Speedy Gonzales
10-01-2011, 08:49 AM
Try the direct link (http://www.simplysupersoft.com/download/dl/trjsetup682.exe)

Safari
10-01-2011, 09:01 AM
Try the direct link (http://www.simplysupersoft.com/download/dl/trjsetup682.exe)

Thanks

Safari
16-01-2011, 08:51 AM
Had to get a computer tech in Melbourne to clean out the computer in the end. He ran just about every known program and had a lot of trouble getting it clean but Spybot finally got the last of it.
He has left Spybot on the laptop but not sure how he has configured it. I understand Teatimer is a bit unnecessary so will disable that but I understand Immunize and Resident SD helper are useful so any comments or experience on having those active.

At present she has Mcafee internet security installed so I am going to suggest she removes that and install MSSE and just use the Win 7 firewall and run Malwarebytes occasionally.
If MSSE is running with realtime protection on does that cause a problem if Spybot Immunize and Resident SD helper are also active or can they compliment each other.

If I had Windows I would be able to check out all this myself but as you know I am on a Mac and thankful for that.

wainuitech
16-01-2011, 10:13 AM
Had to get a computer tech in Melbourne to clean out the computer in the end. He ran just about every known program and had a lot of trouble getting it clean but Spybot finally got the last of it. Please note -- I suggested Spybot post #2 :rolleyes:

If you run the programs in safe mode first, turn off system restore, then rerun in normal mode they will get cleaned out - done it several times. Combo fix - Post22 - will have also got it.

Edited: Spybot Immunize and Resident SD helper can sometimes clash with other security programs - hence I normally dont run them.

Safari
16-01-2011, 10:25 AM
Please note -- I suggested Spybot post #2 :rolleyes:

Yes I know Wainui and thanks for all your help. I don't think it was just Spybot though but a combination of all the programs and he said it was a very tricky problem and took a very long time with other complications as well.
Anyway all done now. Surprised others are not reporting this search engine redirect problem as there is a lot of reports on Google.
The Google page opened ok and you can search for something but if you clicked on a search result it was redirected to another site. If the google search result URL was copied and pasted into the address bar it went to the correct web page.

wainuitech
16-01-2011, 10:47 AM
Good that it was finally sorted -- What often happens is these infections can and do often do other damage and have strange side effects. I have seen it happen countless times, remove the infections and the PC wont even boot to the welcome screen.

I dont mean any disrespect to anyone helping here, but as is sometimes the case, the suggestions here to clean a PC, are only a fraction of what really has to be done to repair the PC and isn't really "fixing" it completely.

There are numerous times when the infections are removed, the PC can in fact seem worse - crashing, lockups, "weird" happenings.
This is caused by damage to the OS. These problems need a hands on approach, as trying to help someone here, and relaying instructions can take days, where as having the PC in front of you, you can see the problems, and generally fix it in a reasonable time.

Safari
16-01-2011, 12:02 PM
Yeah this one needed hands on for sure.
What is your experience with McAfee.
Do you think removing it and using MSSE is a good move.

wainuitech
16-01-2011, 12:17 PM
McAfee :yuck:

MSSE :thumbs:

Safari
16-01-2011, 12:20 PM
McAfee :yuck:

MSSE :thumbs:
Cheers, that's what I thought.

FoxyMX
16-01-2011, 04:28 PM
She wouldn't have all these problems if she had a Mac. :)

Safari
16-01-2011, 05:12 PM
She wouldn't have all these problems if she had a Mac. :)

Too true Foxy. I think it was probably the cost, but what price peace of mind.