Contravirus 2.0

londonman81

I seem to have suddenly acquired a program calling itself Contravirus 2.0.

It has installed a desktop icon and also in the taskbar a small 'X' in an orange circle which flicks between itself and a globe type icon.

Every so often a fake looking anti-spyware scan result pops up saying I have lots of dangerous spyware on my machine and that I should install the Contravirus 2.0 anti-spyware.

I have tried uninstalling the program from within 'Add/Remove programs' and the desktop icon disappears but the icon in the bottom right remains.

When i click on icon in the taskbar/tray it opens up a webpage advertising the Contravirus 2.0 anti-spyware program to download.

It all look quite fake and worrying.


Does anyone know how I can get rid of this? I have been able to delete some contravirus files from the registry but it still persists and is worrying me!

Thanks!

elite_2

Try following the instructions here

It is probably worth scanning your computer with adaware or similar to see if it can pickup how it got installed

Reluctant_spender

Or you could try these instructions - https://www.bleepingcomputer.com/forums/topic95405.html

Browntoa

I'd go with the 2nd option, never heard of the software in Elite's reply, the 2nd one is the standard removal tool for this type of infection

post a hijackthis log back here when you have done the clean up

elite_2

Browntoa wrote: »

I'd go with the 2nd option, never heard of the software in Elite's reply, the 2nd one is the standard removal tool for this type of infection

post a hijackthis log back here when you have done the clean up

To be clear I wasn't suggesting the software - mearly to follow the instructions!

Adaware is a well known product and detects malware & spyware - You need to identify how the software got on to the computer, otherwise it will just install again...

londonman81

I have run Ad-Aware and it detected Contravirus 2.0. I then selected 'Remove' and it just said 'unhandled objects still remain, are you sure you wnat to finish'.

Then restarted machine and the small orange thing in taskbar has returned although the desktop icon hasn't returned.

What is a 'hijack this log'??

Not sure what to do next..

elite_2

Press "ctrl + Alt + Delete" to bring up task manager

In the "processes" tab make sure "contravirus.exe" and "toolbarnotifier.exe" are not running - if they are end them

Remove any remaining registry entries (in the link in my first post) - being very careful following the instructions here

Unregister the dlls - following the instructions here

Delete the files & directory (in link in first post)

Make sure it isn't listed in "Start->All Programs->Start Up"


And you "should" be good to go

HTH

londonman81

It doesn't give full pathname for DLL files ans so it can't find it under cmd..

Reluctant_spender

If you follow the instruction from post 3 - it has an automated tool that will sort this problem out.

elite_2

londonman81 wrote: »

It doesn't give full pathname for DLL files ans so it can't find it under cmd..

Can you search for each dll and delete - you may need to be in safe mode to do this

pchelpman

londonman81 .... to reinforce what Reluctant Spender and, especially, Browntoa have already said .... Contravirus is a member of the Smitfraud family of scumware.

You WILL need Smitfraudfix, at the very least, to deal with it.

Go to the Bleeping Computer site and follow those instructions.

Then, as BT said, post a HJT log to THIS thread for final clear up.


PCH