Antivirus8 removal help

rosy

I've been infected with antivirus8 - have looked online and have sen automatic removal tools but I don't know if the sites they are on are OK or not. Can anyone tell me if this downloadable fix is OK? http://www.2-spyware.com/remove-antivirus8.html Or if I should try something else? thanks.

dogmaryxx

Stick with Malwarebytes Anti Malware. Follow instructions posted here.

Browntoa

and then post the log file it produces for us to look at

rosy

Thanks, I'll do that - it might take some time as the pc is very slow and the popups are so frequent ( using other computer at the minute!) Thanks again

rosy

I have done the malwarebytes scan and it seems to have got rid of the Antivirus8. I had to reboot manually - it said it needed to reboot before all the infections could be removed. However when it started up again I was getting avast alerts ( this was also happening all through the scan - I ignored them in case it was in response to the scan going on).I also seem to have lost some buttons from my start up bar (like skype for instance) though don't think it's crucial as I can still access these programs from the desktop.
I'd be grateful if anyone who is knowledgeable could have a look at the scan log and tell me if I need to worry about anything? Thanks a lot.

Internet Explorer 8.0.6001.18702

31/12/2010 15:48:13
mbam-log-2010-12-31 (15-48-13).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 229988
Time elapsed: 2 hour(s), 20 minute(s), 1 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 6

Memory Processes Infected:
c:\program files\AV8\av8.exe (Rogue.Antivirus8) -> 2096 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6B0D7DE-9992-4D75-9631-AEFE85458926} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A6B0D7DE-9992-4D75-9631-AEFE85458926} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6B0D7DE-9992-4D75-9631-AEFE85458926} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AV8 (Rogue.Antivirus8) -> Value: AV8 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\AV8 (Rogue.Antivirus8) -> Quarantined and deleted successfully.

Files Infected:
c:\documents and settings\family\local settings\temporary internet files\Content.IE5\6AEI2JEL\custom[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\cpnprt2.cid (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\dsls\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\family\Desktop\antivirus8.lnk (Rogue.Antivirus8) -> Quarantined and deleted successfully.
c:\program files\AV8\av8.exe (Rogue.Antivirus8) -> Delete on reboot.
c:\program files\AV8\av8 .exe (Rogue.Antivirus8) -> Quarantined and deleted successfully.