PDA

View Full Version : AntiVira Av



bogusted
13-02-2011, 12:59 PM
Hi,
Is there any advice on how to dislodge the above piece of "software" from our computer.
My main problem is that it has completely hijacked the computer and it will not even start in SAFE MODE.
In normal mode no program will run tho I have been able to move some files to relative safety.
Have been unable to change boot order to run recovery disc as well.
Your thoughts would be appreciated.
Thanks.

Speedy Gonzales
13-02-2011, 01:06 PM
Only other thing to do, remove the hdd, put it in a working system. Scan the whole hdd with a virus scanner / malwarebytes. What happens when you try and boot into safe mode? Try last known good config

bogusted
13-02-2011, 01:12 PM
When starting computer and doing the mad tap of f8 the computer stops at a blank black screen.
Am thinking I will just load windows to a new drive then use the corrupt one as a backup after a format.
Thank you for your imput.

CYaBro
13-02-2011, 01:19 PM
Had one of these just the other day.
Download Kaspersky Rescue CD and burn to a disc or put on a USB stick and boot off it.
Update it and then run a scan.
http://support.kaspersky.com/faq/?qid=208282173

Agent_24
13-02-2011, 02:39 PM
Are you talking about Avira Antivir? (http://www.avira.com/en/avira-free-antivirus)

That is a legitimate AntiVirus and would not 'hijack' your computer.

Speedy Gonzales
13-02-2011, 02:58 PM
Are you talking about Avira Antivir? (http://www.avira.com/en/avira-free-antivirus)

That is a legitimate AntiVirus and would not 'hijack' your computer.

This I think (http://www.bleepingcomputer.com/virus-removal/remove-antivira-av)

bogusted
13-02-2011, 04:23 PM
This I think (http://www.bleepingcomputer.com/virus-removal/remove-antivira-av)

Yes, that is the charming wee beastie.
Will give this a try
Thank you

Speedy Gonzales
13-02-2011, 04:27 PM
No probs

CYaBro
13-02-2011, 04:32 PM
Yea that was the one I had.

bogusted
13-02-2011, 04:34 PM
Not able to access BIOS to change startup order
Not looking so good ...

bogusted
13-02-2011, 09:00 PM
Ok we have a result

Who knew that the computer posts to the secondary monitor when loading and windows goes to the primary monitor, the one I was looking at, in a dual monitor setup.
So we get to bios and safe mode finally.

Thanks to CYaBro and Kaspersky Rescue CD we have control of our comp back.
And also thanks to Speedy Gonzales and malwarebytes, we gave it a good scrubbing.
Also scanned with HJT.
All seems to be normal at this stage
Thank you for your help.

Speedy Gonzales
13-02-2011, 09:27 PM
Sweet!

gdevaroa
18-02-2011, 01:09 PM
Ah yes, this lovely little troll. I am currently having big issues as well. I am running Vista Home.
I can't access any malware, antivirus etc from admin logon.
Can I do this from the guest location?

Speedy Gonzales
18-02-2011, 01:43 PM
Try whats already been posted. Dont think guests accounts will let you run anything / what needs to be run

wainuitech
18-02-2011, 02:02 PM
Done two of those ones this week :D

Safe mode with Networking, admin or normal user account then you can download files / updates.

The program/infection wont run in safe mode.

Running Rkill will stop it at first, but Malwarebytes doesn't always get it out.

On one of the PC's it did, the other I had to use Combofix, then manually remove some some entries - but Suspect the PC had other problems as well.

gdevaroa
18-02-2011, 04:08 PM
Success!!! Managed to kill it from guest account with Malwarebytes.

Thanks to all suggestions.