We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
I think I'm infected with a virus!
Jas0n_2
Posts: 16 Forumite
in Techie Stuff
Hi,
I've just found this Antivirus Plus software on my computer and I can't find how to get rid of it. I'm not very good with computers but I'm running Windows xp.
Any help is appreciated
Kind regards
Jason.
I've just found this Antivirus Plus software on my computer and I can't find how to get rid of it. I'm not very good with computers but I'm running Windows xp.
Any help is appreciated
Kind regards
Jason.
0
Comments
-
Download, run and install Malwarebytes' AntiMalware. Update and run a Quick Scan. When finished, choose Remove Selected. When completed, re-boot.0
-
Hi Donnie, thank you for the fast reply! I will run that now.0
-
Download, run and install Malwarebytes' AntiMalware. Update and run a Quick Scan. When finished, choose Remove Selected. When completed, re-boot.
Actually you should run a full scan. There's more chance of getting rid of the nasties on your computer!
After you've done this, download a Superantispyware scanner, update and run a full scan of that too. After that, we'll see where to go from there!Northern Ireland club member No 382 :j0 -
Full instructions at http://www.bleepingcomputer.com/virus-removal/remove-antivirus-pro-20090
-
I can confirm that Malwarebytes does remove this, I tend to remove it manually myself.
Don't whatever you do, pay for antivirus plus, ive had in excess of 15 customers who have done this and been hit 3 times for the amount (£60 x 3 I believe).
I feel like finding the people responsible for AVplus and sending the lads round to "sort them out", they must be millionaires by now! and that money probably goes toward terrorists and weaponry to fight our troops in Iraq/Afganhistan.
"Below are a few of the possible reasons you might have become infected with Antivirus Plus.
Reason #1: You downloaded a freeware or shareware program. Spyware is often found hidden in freeware/shareware programs. Find out about a program before you download it.
Reason #2: You installed a peer-to-peer (P2P) or shared network application. Some peer-to-peer file sharing programs may come bundled with Antivirus Plus or other forms of spyware as an add-on software.
Reason #3: You visited a questionable website. If you visit the wrong website you can accidentally click on a link that can automatically install unwanted software such as Antivirus Plus. Some websites can trick you by displaying a fake security pop-up that may install Antivirus Plus or direct you to a purchase page."“I may not agree with you, but I will defend to the death your right to make an a** of yourself.”
<><><><><><><><><<><><><><><><><><><><><><> Don't forget to like and subscribe \/ \/ \/0 -
Jason ~ it might be useful to open malwarebytes and goto LOGS and post the entire log for us to see as you may have other problems your not even aware of (Trojan activity etc):idea:0
-
Okay I did a full scan and it found 80 objects infected. It looks like that Antivirus thing has gone now (it rebooted). Do I still need to run Superantispyware?0
-
That was quick! Yep but post the full log anyway. There can be other stuff lurking and not every program picks everything up!Northern Ireland club member No 382 :j0
-
Did you remove them all?
Usually when Malware finds a few nasties, I like to give my system the once-over with Spybot Serch & Destroy (link).
When installing Spybot S&D, you must make sure that Use system settings protection (TeaTimer) is not installed - I find it confuses users unnecessarily!
Once installed, close all your browsers and programs, then run Spybot. Once it has loaded, click Search for Updates - make sure that all the available updates are ticked, and proceed to Update. Spybot will then restart.
Now, from the left hand side, select Immunize - if advised to do so, press the + Immunize near the top to immunize your system from harmful websites.
Again, from the left hand side, select Search & Destroy - this will take you to the window you saw when Spybot first opened. Close any programs, set aside 30 minutes, and click Check for problems - the scan could take 10-40 minutes to run, depending on the speed of your machine.
Remove all found infections, and restart if asked to do so.Everybody is equal; However some are more equal than others.0 -
Here is the log of the Malwarebytes scan:
Malwarebytes' Anti-Malware 1.38
Database version: 2333
Windows 5.1.2600 Service Pack 2
25/06/2009 15:41:00
mbam-log-2009-06-25 (15-41-00).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 88569
Time elapsed: 7 minute(s), 17 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 22
Registry Values Infected: 9
Registry Data Items Infected: 5
Folders Infected: 2
Files Infected: 39
Memory Processes Infected:
C:\Documents and Settings\Jason\Local Settings\Temp\b.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system\rundll32.exe (Rogue.Installer) -> Unloaded process successfully.
Memory Modules Infected:
C:\WINDOWS\system32\InternetExplorer.dll (Rogue.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b035573a-5f43-4862-a194-87d027c63012} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b035573a-5f43-4862-a194-87d027c63012} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b035573a-5f43-4862-a194-87d027c63012} (Rogue.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{56acb669-4139-5611-cbba-f5acb0f4db09} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\port135sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\port135sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\port135sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\securentm (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\securentm (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\systemntmi (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\systemntmi (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4efd3aea-b660-4f24-8519-12531d2a3b0c} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4efd3aea-b660-4f24-8519-12531d2a3b0c} (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cognac (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\shell (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D3 (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\pr (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\BN (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\gd (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D1 (Spyware.Ambler) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MSN\D2 (Spyware.Ambler) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
c:\documents and settings\All Users\Start Menu\Programs\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Program Files\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\InternetExplorer.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Documents and Settings\Jason\Local Settings\Temp\b.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system\rundll32.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Jason\local settings\Temp\winawame.exe (Trojan.Agent) -> Delete on reboot.
c:\documents and settings\Jason\local settings\temporary internet files\Content.IE5\0HMN8XQ3\InternetExplorer[1].dll (Rogue.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Jason\local settings\temporary internet files\Content.IE5\4HAJ8LI3\se[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Jason\my documents\downloads\installer_1.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\documents and settings\Jason\my documents\downloads\llllload.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{bd51a955-c178-472e-a872-0712038d27ec}\RP14\A0000519.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\msa.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vcmgcd32.dll (Virus.Sality) -> Delete on reboot.
c:\WINDOWS\system32\drivers\port135sik.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\securentm.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\systemntmi.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system\dop.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\antivirus plus\Antivirus Plus(1).lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\antivirus plus\Antivirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\antivirus plus\EULA(1).lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\documents and settings\all users\start menu\Programs\antivirus plus\EULA.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\program files\antivirus plus\AntivirusPlus.exe (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\program files\antivirus plus\AntivirusPlus.grn (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\documents and settings\Jason\application data\microsoft\internet explorer\quick launch\Antivirus Plus(1).lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\documents and settings\Jason\application data\microsoft\internet explorer\quick launch\Antivirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\documents and settings\all users\Desktop\Antivirus Plus(1).lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\documents and settings\all users\Desktop\Antivirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\vcmgcd32.dl_ (Virus.Sality) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmns.cfg (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avp.id (Rogue.AntiVirusPro) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\c2d.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\idm.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\q1.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nk.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system\cmd (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\Jason\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.1K Banking & Borrowing
- 252.7K Reduce Debt & Boost Income
- 453.1K Spending & Discounts
- 243K Work, Benefits & Business
- 597.4K Mortgages, Homes & Bills
- 176.5K Life & Family
- 256K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards