close

Privacy guaranteed - Your email is not shared with anyone.

Anti Virus Pro 2009 (Malware) Grrrrrrr!

Discussion in 'Tech Talk' started by Chad Landry, Nov 11, 2008.


  1. Chad Landry

    Chad Landry
    Expand Collapse
    Cajunator®
    CLM

    Joined:
    Jun 18, 2005
    38,164
    19
    Location:
    Corpus Christi, TX
    Well, my wife done clicked the wrong popup again. This time none of the anti-malware programs will run, and it has my "System Restore" disabled.

    Any time I try to run any of the programs, "Malwarebytes", "Superantispyware", "HiJackThis", or "ComboFix", none will run except for "HiJackThis", and it comes back showing that everything is fine.

    I even deleted McAfee (again), because it was running in safe mode.

    This crap did something to my registry to where I can't even run any of these programs in safe mode.

    I'm about to reformat and reinstall Windows (again). Sigh.

    I told my wife that this is the last time, and that next time she can learn this stuff for herself.

    I download these programs on my laptop, then transfer them via memory stick to the desktop PC, and they won't run on it.

    She's pretty sure she clicked "OK" on a popup that asked if she wanted to fix her spyware problem.
     

    Wanna kill these ads? We can help!
  2. Blitzer

    Blitzer
    Expand Collapse
    Cool Cat

    Joined:
    Jan 15, 2004
    12,111
    0
    Location:
    The communist's play ground of OHIO
    NOD32 will kill the critters, I am slowly moving every PC from Zone Alarm Internet suite to NOD32. It works on a Pent 2 laptop with 128MB of RAM! Mighty tough software too.
     

  3. B. Somm

    B. Somm
    Expand Collapse
    Lady B/Team OAF
    Millennium Member CLM

    Joined:
    Sep 17, 1999
    1,472
    8
    Location:
    Northern Mexico...AKA: Arizona
    One of those damn things got me the other day! :steamed:

    I had to restart my computer several times before I could get my Spyware stuff up & running.

    When I got the popup, I clicked cancel as I didn't recognize the "program" that was informing me that my computer was infected with spyware. It started downloading it's "fix" anyway. Locked up my computer.

    Things seem to be running ok now. The only sites that I had gone to were my AOL mail, GT in the Outpost Forum and Photobucket. There was also a Flash Player update that kept coming up when I got my computer back up. Pissed me off royally!

    B. :sigh:
     
  4. Chad Landry

    Chad Landry
    Expand Collapse
    Cajunator®
    CLM

    Joined:
    Jun 18, 2005
    38,164
    19
    Location:
    Corpus Christi, TX
    Downloading NOD32 now, Blitzer. I'll try anything to keep from having to do another reformat on that machine.
     
  5. srhoades

    srhoades
    Expand Collapse

    Joined:
    Jul 14, 2000
    2,784
    9
    It's pretty easy to disable in the registry
    hkey local machine > software > microsoft > windows > current version > run
    and hkey current user "" "" "" ""

    Once you remove those entries restart and go into safemode with networking (so malwarebytes can update if needed). Malwarebytes should remove it. I should know I just removed it about 2 hours ago from a customers computer.

    If your wife is prone to his behaviour you can purchase the paid version of malwarebytes, it then runs as active protection and catches it in the act.
     
  6. Chad Landry

    Chad Landry
    Expand Collapse
    Cajunator®
    CLM

    Joined:
    Jun 18, 2005
    38,164
    19
    Location:
    Corpus Christi, TX
    I found several different lists of registry values to delete on different sites, and couldn't find any of the listed values in the registry.

    Once I've done running Blitzer's recommendation, I'll try it again.

    So far the NOD32 has found zero threats although the malware popups keep popping up.
     
  7. srhoades

    srhoades
    Expand Collapse

    Joined:
    Jul 14, 2000
    2,784
    9
    I would give combofix a whirl too. It's pretty effective.

    Also, if you have a linux live cd you can just delete the program in the program files entry. It's usually called AV09 or XPAV09 or even all spelled out.
     
  8. ppcrusa

    ppcrusa
    Expand Collapse

    Joined:
    Dec 13, 2002
    496
    0
    Location:
    ...
    It doesn't matter if she clicked ok,cancel, or even the red X at the top of the popup. At that point it was infected anyway. That Antivirus 2009 crap has caused me more heartache and pain than any other infection I've ran across at work. It all boils down to going to shady sites and hunting down that next "Freebie" or discount. I feel for ya.
     
  9. Chad Landry

    Chad Landry
    Expand Collapse
    Cajunator®
    CLM

    Joined:
    Jun 18, 2005
    38,164
    19
    Location:
    Corpus Christi, TX
    I have on "Local Machine".../run/optional components/ (then 4 sub folders)

    /imail

    /mapi

    and

    /msfs

    Under current user, I have "run" with six items under it.

    Do I just delete the entire "run" folder?
     
  10. ppcrusa

    ppcrusa
    Expand Collapse

    Joined:
    Dec 13, 2002
    496
    0
    Location:
    ...
    Yeah but the newest variant of that scum sucking malware also downloads friends to come and play too. Usually in the form of trojans. They immediately load up into processes and download yet more. It is like a giant snowball effect, except in this case it is brown and it stinks.
     
  11. srhoades

    srhoades
    Expand Collapse

    Joined:
    Jul 14, 2000
    2,784
    9

    No, don't delete any of those. If you just click run, the entries will be on the right. Look for one that is starting the offending program.
     
  12. Chad Landry

    Chad Landry
    Expand Collapse
    Cajunator®
    CLM

    Joined:
    Jun 18, 2005
    38,164
    19
    Location:
    Corpus Christi, TX
    I have no way of knowing which one is starting the offending program, as they are not named anything near av2009, or any variant there of.
     
  13. tantrix

    tantrix
    Expand Collapse
    J'aimeLouisiane

    Joined:
    Dec 27, 2003
    6,289
    0
    Location:
    Louisiana, CSA
    .....
     
    #13 tantrix, Nov 11, 2008
    Last edited: Nov 11, 2008
  14. Chad Landry

    Chad Landry
    Expand Collapse
    Cajunator®
    CLM

    Joined:
    Jun 18, 2005
    38,164
    19
    Location:
    Corpus Christi, TX
    NOD32 went through the entire scan and found nothing.

    I'm gonna uninstall it and then run Avast. That's what I have on my personal machine.
     
  15. James Markov

    James Markov
    Expand Collapse

    Joined:
    Mar 2, 2006
    826
    0
    Location:
    Kent, Ohio
    Same thing happened here-Spybot, AVG , and finally Commadore firewall helped. Also CC Cleaner is nice...
     
  16. Chad Landry

    Chad Landry
    Expand Collapse
    Cajunator®
    CLM

    Joined:
    Jun 18, 2005
    38,164
    19
    Location:
    Corpus Christi, TX
    srhoades, I have under "Current User/..../run/ four items

    Default Reg_sz (value not set)

    brastk reg_sz c:windows/system32/brastk.exe

    ctfmon.exe reg_sz c:windows/system32/ctfmon.exe

    svchost.exe reg_sz c:windows/system32/drivers/svchost.exe
     
  17. tantrix

    tantrix
    Expand Collapse
    J'aimeLouisiane

    Joined:
    Dec 27, 2003
    6,289
    0
    Location:
    Louisiana, CSA
    Here ya go cj...try it.

    1) Go to Start>Run and type in "msconfig".
    2) Go over to the tab named "Startup" and click disable all. Reboot.
    3) Download Avast Home, Spybot, and Adaware. Install and update all 3.
    4) Reboot and hit F8 during startup. Select "start computer in safe mode" and hit enter.
    5) Do a thorough scan with all 3 of the programs above...Avast 1st, Spybot 2nd, and Adaware 3rd.
    6) Report back. :supergrin:
     
  18. Chad Landry

    Chad Landry
    Expand Collapse
    Cajunator®
    CLM

    Joined:
    Jun 18, 2005
    38,164
    19
    Location:
    Corpus Christi, TX
    NOD32 found nothing, but now I notice that the malware prevents NOD32 from downloading updates.
     
  19. Chad Landry

    Chad Landry
    Expand Collapse
    Cajunator®
    CLM

    Joined:
    Jun 18, 2005
    38,164
    19
    Location:
    Corpus Christi, TX
    <---- slaps head

    I forgot about msconfig.

    I just ran it like that and used system restore. Rebooting now. Next I'll see what happens with Malwarebytes.

    Of course, there were so many programs in startup that were hiding from me in other places.

    Thanks for that advice, Tantrix. I think this may get it!
     
  20. BAILIFF

    BAILIFF
    Expand Collapse
    Piece Officer

    Joined:
    Oct 14, 2006
    5,578
    11
    Location:
    I'm over here now.
Loading...
Similar Threads Forum Date
Possible virus / malware: wrongInf Tech Talk Sep 30, 2012
Antivir Solution Pro Malware Tech Talk Jul 17, 2010
Malware Defender 2009 Tech Talk Mar 6, 2009
Virus/malware alert problem Tech Talk Jan 24, 2009
anti virus ? Tech Talk Jun 30, 2008