i have a virus that gose by the name of ''antivirus securty pro''.

[chase21]

hello. i have had a bad virus on my PC for some time now, and have removed it time and time. or so i thought. and it only comes back worse then before. now i can no longer use anything on my PC. every time i open any program, or even a flash drive, a small window by the name of ''antivirus securty pro''. comes up and stops the program. even if i restart my PC in safe mode it will always power down. pleas help me.

[Pondus]

seems you are infected with a rogue security program

follow guide here and attach logs (not copy and paste).  http://forum.avast.com/index.php?topic=53253.0

run in order listed
AdwCleaner / Malwarebytes / OTL / aswMBR

when done, removal experts will be notified
when finish, all tools used will be removed

[TwinHeadedEagle]

Hi,

I don't need the logs Pondus asked, let's get straight to the point.

Go to this topic --> http://forum.avast.com/index.php?topic=53253.0 , and follow the guideline that starts from If you cannot  Boot the computer, and attach FRST report.

[chase21]

I'm sorry it took so long to reply and I thank you both for the speedy reply. I was wondering if it was at all possible if I could use a flash drive to boot from, instead of a cd. Thank you for any answer.

[TwinHeadedEagle]

It is possible. Tell me what is the version of your system? Windows XP/Vista/7/8, and tell me the architecture x86 or x64?

[chase21]

It's windows 7 and I believe it's x64. I can't get on the pc to double check, So I am sorry i can't say for sure.

[TwinHeadedEagle]

Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.

• Plug the flashdrive into the infected PC.
• Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
  
• Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.
  

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.

• In the command window type in notepad and press Enter.
  
• When notepad opens, click File and select Open.
  
• Select "Computer" and find your flash drive letter and close the notepad.
  
• In the command window type e:\frst64.exe and press Enter.
  

Note: Replace letter e with the drive letter of your flash drive.

• The tool will start to run. When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  

It will make a log (FRST.txt) on the flash drive. Please attach it to your reply.

[chase21]

I'm afraid I might be wrong about which version of windows I have. I press f8 and it doesn't take me to an advanced menu, it takes me to a boot menu.

[TwinHeadedEagle]

Is only one system installed, or more of them? Is it branded computer, and which one? Did you try to repeatedly press F8 until menu shows?

[chase21]

My brother helped put the system togethor, and until recently I hadn't been able to get in touch with him to ask some of these questions. But Now I can, and here's what he said about the build.

Of course since he helped to build it, it's not a branded computer, but the motherboard is a ASUS motherboard (M4A87T AM3 AMD 870) and it's only one system, Which is windows 7 64 bit.

When I press f8, It takes me to the boot menu and I'm not exactly sure if that's where I need to be or not. It wasn't the advanced menu and it didn't show anything that you were describing, so I figured that it wasn't what I was supposed to be seeing. But I did press F8 until a menu popped up, and I tried it a few times.

[chase21]

There has been a lot of family health issues in my family as of late, but I'm happy to say that I've finally had the chance to grab a burnable dvd and boot from it. I ran the farbar scan tool and now have the log to show for it. Sorry it took me so long to get this back to you.

[TwinHeadedEagle]

Open notepad.

• Click Start
  
• Type notepad.exe in the search programs and files box and click Enter.
  
• A blank Notepad page should open.
• Copy/Paste the contents of the code box below into Notepad.

Code: [Select]

HKLM\...\Run: [AS2014] - C:\ProgramData\7sXnp3Xs\7sXnp3Xs.exe [538112 2013-10-30] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\7sXnp3Xs\7sXnp3Xs.exe -sm,
C:\ProgramData\7sXnp3Xs
HKU\Chase Maxwell\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\Chase Maxwell\...\Run: [AS2014] - C:\ProgramData\7sXnp3Xs\7sXnp3Xs.exe [ 2013-10-30] ()
C:\Users\Chase Maxwell\Desktop\Antivirus Security Pro.lnk
2013-12-09 17:06 - 2013-10-30 23:20 - 00000118 _____ C:\Users\Chase Maxwell\Desktop\Antivirus Security Pro support.url


• Save it to your USB flashdrive as fixlist.txt
  

>>  Boot into Recovery Environment


Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

•     Press the Fix button once and wait.
  
•     FRST will process fixlist.txt
•     When finished, it will produce a log fixlog.txt on your USB flashdrive.
  

>>  Exit out of Recovery Environment and post me the log please.



Try to boot Windows normally...

[chase21]

Ok, I just got through running the FRST program and I've posted the fixlog down below. I also tried running windows and booted it up normally, which it seemed to do. Before it wouldn't come on at all, this time it just took a few moments before it finally came on. It was a black screen for a bit.

[TwinHeadedEagle]

Good, now run FRST from normal mode, make sure to tick Addition box and press Scan.

Attach both reports.

[chase21]

Alright, I ran the frst program in normal mode and have attached the files down below. I hope they help!