Author Topic: What is this kind of virus and how do I get rid of it?  (Read 1760 times)

Offline serge928

  • Newbie
  • *
  • Posts: 1
    • Personal Message (Offline)
What is this kind of virus and how do I get rid of it?
« on: January 02, 2010, 07:01:10 AM »
Hello, I'll start by saying I'm no expert. My daughter has activated a virus on my computer that infects every program I try to open or download (all antivirus or virus removers can not be opened after being downloaded).  Messages pops up saying application cannot be executed, the file ... is infected. do you want to activate your antivirus software now?. I am offered to buy a antivirus from http://platinumsoft2010.com/purchase?r=59.19 which calls itself "Antivirus live". A blue shield with a white transversal bar appears in my icons at the bottom with a windows security alert. All my attempts to close or or get rid of this virus have failed. My windows security center has been highjacked as has my internet explorer page. I bypassed this by going to firefox. Any help would be appreciated. UPDATE 2 Jan. Thanks to Pondus and Oldman for the help. I followed Pondus advice and got rid of the rogue virus, hurray!!! Happy New year to all.
« Last Edit: January 02, 2010, 09:55:21 PM by serge928 »

Offline Pondus

  • avast! √úberevangelist
  • Maybe Bot
  • *****
  • Posts: 21798
  • Gender: Male
    • Personal Message (Offline)
Re: What is this kind of virus and how do I get rid of it?
« Reply #1 on: January 02, 2010, 07:21:55 AM »
Remove Antivirus Live (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-live

follow the removal guide step by step
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.


Offline oldman

  • avast! Evangelist
  • Massive Poster
  • ***
  • Posts: 4165
  • Some days..... MOS...this bug's for you
    • Personal Message (Offline)
Re: What is this kind of virus and how do I get rid of it?
« Reply #2 on: January 02, 2010, 07:25:19 AM »
Hi

Those warnings are from the rogue that has infected you. If possible close the warning window with the X.

 If you post the logs from these 2 scan tools I would be more than happy to have a look.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Click the image to enlarge it

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

    • Save it where you can easily find it, such as your desktop, and post it in your next reply.

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


    NEXT

    Download OTL to your desktop.
    • Double click on OTL.exe  to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output
    • Check the boxes beside LOP Check and Purity Check.
    • In the window under Custom Scans/fixes, copy and paste the following bold text
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    /md5stop
    %systemroot%\*. /mp /s


    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in or attach them.

    Please post back with
    • GMER log
    • both OTL logs
    Thanks

    Offline dad24yar

    • Newbie
    • *
    • Posts: 1
      • Personal Message (Offline)
    Re: What is this kind of virus and how do I get rid of it?
    « Reply #3 on: January 08, 2010, 01:23:09 AM »
    I had the same virus too. I just tried the fix posted by Pondus and it worked like a charm. Thanks guys.

    Offline Shiw Liang

    • avast! Evangelist
    • Super Poster
    • ***
    • Posts: 1420
    • Gender: Male
      • Personal Message (Offline)
    Re: What is this kind of virus and how do I get rid of it?
    « Reply #4 on: January 08, 2010, 04:04:35 AM »
    Will malwarebytes not work on that ???

     

    Google Chrome

    AVAST recommends using the FREE Google Chrome™ browser.

    Download Google Chrome Now