Avast WEBforum
Other => Viruses and worms => Topic started by: serge928 on January 02, 2010, 09:01:10 AM
-
Hello, I'll start by saying I'm no expert. My daughter has activated a virus on my computer that infects every program I try to open or download (all antivirus or virus removers can not be opened after being downloaded). Messages pops up saying application cannot be executed, the file ... is infected. do you want to activate your antivirus software now?. I am offered to buy a antivirus from http://platinumsoft2010.com/purchase?r=59.19 which calls itself "Antivirus live". A blue shield with a white transversal bar appears in my icons at the bottom with a windows security alert. All my attempts to close or or get rid of this virus have failed. My windows security center has been highjacked as has my internet explorer page. I bypassed this by going to firefox. Any help would be appreciated. UPDATE 2 Jan. Thanks to Pondus and Oldman for the help. I followed Pondus advice and got rid of the rogue virus, hurray!!! Happy New year to all.
-
Remove Antivirus Live (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-live
follow the removal guide step by step
-
Hi
Those warnings are from the rogue that has infected you. If possible close the warning window with the X.
If you post the logs from these 2 scan tools I would be more than happy to have a look.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
(http://img.photobucket.com/albums/v666/sUBs/gmer_zip.gif)
Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).
- Extract the contents of the zipped file to desktop.
- Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
- If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
(http://i266.photobucket.com/albums/ii277/sUBs_/th_Gmer_initScan.gif) (http://i266.photobucket.com/albums/ii277/sUBs_/Gmer_initScan.gif)
Click the image to enlarge it
- In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- Sections
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
- Save it where you can easily find it, such as your desktop, and post it in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
NEXT
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
- Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output
- Check the boxes beside LOP Check and Purity Check.
- In the window under Custom Scans/fixes, copy and paste the following bold text
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in or attach them.
Please post back withThanks
-
I had the same virus too. I just tried the fix posted by Pondus and it worked like a charm. Thanks guys.
-
Will malwarebytes not work on that ???