Privacy guaranteed - Your email is not shared with anyone.

Antivir Solution Pro Malware

Discussion in 'Tech Talk' started by LoadToadBoss, Jul 17, 2010.

  1. LoadToadBoss

    LoadToadBoss IYAAYWOT

    Apr 24, 2008
    Likes Received:
    Northwest Louisiana
    A friend called me today to take a look at his computer. He thought he had a virus. Sure enough, he was infected by a malware that tells him that his computer is infected and that he needs to download a Antivir Solution Pro to kill the virus. He was smart enough not to download the program, however the malware has so infected his machine that it won't allow access to any web sites, disabled his Norton Antivirus, and even kills Task Manager.

    I started Windows XP in Safe mode and was able to conduct a Norton scan, but no viruses were discovered. I rolled back the System Restore to a week earlier and all worked well for about 5-10 minutes, but then the "system infected" dialogue boxes started show up. I searched the registry for Antivir Solution entries, but found none (probably because the actual program wasn't downloaded yet.)

    This is a really insideous bugger. Everytime it senses that you're trying to kill it, it works to protect itself.

    Any ideas on how to kill this thing?
  2. GIockGuy24

    GIockGuy24 Bring M&M's

    Jul 14, 2005
    Likes Received:
    With Amber Lamps
    Download and write to a CD-R Avira Antivir rescue CD. Set the infected computer's BIOS to boot from CD first. When the CD is running Windows is not and the internet may work. Updates to the CD can be checked on the internet but may not be required or the internet may not connect. Doesn't matter too much. Then run a full scan of the computer with the CD and delete anything it finds.

    See above link for download. Have a blank CD-R ready. Download and save it to the desktop of the good computer and double click the program. It will write to the CD. It is a large download.
    Last edited: Jul 17, 2010

  3. JimmyN


    Sep 29, 2006
    Likes Received:
    The first time that box popped up, with a bogus notification his computer was infected, and he closed the box he actually downloaded and installed the trojan. Anything you click on in that popup box grants permission to install, even the 'X' close window box. Those bogus virus scanner trojans are pretty evil, and there are several of them out there.

    Technically it's a trojan rather than a virus. A virus is self replicating, a trojan is a program that misrepresents itself as something else to entice you to install it, in this case a virus scanner. Restoring to an earlier date won't fix it.

    You can't trust any of the files currently on the PC, the trojan will take control of the system. You will need a clean computer to download the scanners to a thumb drive or CD, and disconnect the PC from the internet until you get rid of the trojan completely. It will have some background processes running that will replace files you removed, that's what happened after you did the restore.

    I've removed it from three systems so far by running MS's 'Process Explorer' from a thumb drive to kill the processes (task manager won't do it). Then when the processes are no longer running and the popup boxes stop showing up run Malware Bytes. It only took about 15 minutes in each case to get it cleaned off. Then go turn off 'System Restore' so it deletes all restore points, then turn it back on and create a new restore point that is clean.