Title: New Variant of AntiVirus 2010 Post by: stfcinbmth on Friday, September 24, 2010, 10:45:27 Got it on a pc here. Kills Malwarebytes and any other genuine AV dead, even if run in safe mode and renaming the .exe
Looks like a reinstall Be careful Title: Re: New Variant of AntiVirus 2010 Post by: Simon Pieman on Friday, September 24, 2010, 14:52:46 If its a rootkit try gmer.exe
http://thetownend.com/index.php/topic,37724.msg791459.html#msg791459 Title: Re: New Variant of AntiVirus 2010 Post by: Sippo on Friday, September 24, 2010, 14:54:28 Had loads of them. You don't need to reinstall, it's all about the registry.
I find that if it 'flashes' then it must be worth installing... Title: Re: New Variant of AntiVirus 2010 Post by: stfcinbmth on Friday, September 24, 2010, 15:01:33 I'll have a crack with Gmer when F Secure rescue disc has finished. It's a right bastard thing worst I've come across
Not too worried about doing a reinstall as it's not my pc, easy way to give it a good clean up Thanks guys Title: Re: New Variant of AntiVirus 2010 Post by: stfcinbmth on Friday, September 24, 2010, 18:26:05 Any hints on how to use Gmer Si
No worries, reinstall it is, it even kills Gmer in safe mode, spent enough time fucking around with it Title: Re: New Variant of AntiVirus 2010 Post by: jonny72 on Friday, September 24, 2010, 20:41:18 My dad's computer has got "Antivirus IS" on it, fucking pain in the arse. Thought I'd got rid of it and its back again.
Strange thing is that it's only affected his user account, the others on his computer aren't infected. Never seen that before. As I don't use Windows much, can someone recommend the best way of stopping it from getting on there again? Don't mind paying as it will save me the time and hassle of removing it next time. Title: Re: New Variant of AntiVirus 2010 Post by: stfcinbmth on Friday, September 24, 2010, 21:09:19 My dad's computer has got "Antivirus IS" on it, fucking pain in the arse. Thought I'd got rid of it and its back again. Strange thing is that it's only affected his user account, the others on his computer aren't infected. Never seen that before. As I don't use Windows much, can someone recommend the best way of stopping it from getting on there again? Don't mind paying as it will save me the time and hassle of removing it next time. Malwarebytes Free version updated and run in safe mode is still the best it gets as far as I am concerned even tho It hasn't worked for me on this occasion Title: Re: New Variant of AntiVirus 2010 Post by: Simon Pieman on Friday, September 24, 2010, 21:38:48 If it is a rootkit is may not work in safe mode, so scanning for it won't find anything.
If I know I have a virus/malware/computer aids and it's difficult to remove I always disable system restore before running scans. Chances are something bad is going to be in there and no software will get rid of it so it will keep coming back. Disabling system restore will delete anything in it. Title: Re: New Variant of AntiVirus 2010 Post by: Barry Scott on Friday, September 24, 2010, 21:43:05 My dad's computer has got "Antivirus IS" on it, fucking pain in the arse. Thought I'd got rid of it and its back again. Strange thing is that it's only affected his user account, the others on his computer aren't infected. Never seen that before. As I don't use Windows much, can someone recommend the best way of stopping it from getting on there again? Don't mind paying as it will save me the time and hassle of removing it next time. I used to remove certain things manually before cleaning with malwarebytes etc using Eraser. I'd first check start up entires in msconfig for the exe/s, then restart in safemode, kill the process if running, and then Erase all instances of the exe and remove all mentions of it from the registry. Then I'd restart and run the various programs. It's pretty basic, but it often managed to get around the worst of it, unless the exe was actually an infected system file. |