[Resolved] Severe Infection on Sister's Computer

[BRANDONN2008]

Today I got a call from my Dad, asking me to help my sister, whos computer is infected with a fake AV. Its giving her lots of fake alerts, and she can't even get on the internet, because all the sites are marked as bad. I had her run a scan with an Avira Rescue CD, because its easier to make than Dr.Web (I have to do all of this over the phone) but it only found 3 things and it didn't fix the problem. Then in safe mode, I had her run a scan with SUPERAntiSpyware portable, but it can't update, and it only found MyWebSearch toolbar, some games, and other adware. Next I had her copy Malwarebytes to her jump drive, then install it in safe mode, but a quick scan only found the MyWebSearch toolbar, which for some reason wasn't removed by SAS, and two instances of Trojan.Vundo. I though that might be it, but almost every computer I've scanned with Malwarebytes has two inert Vundo infections. Now I am stumped, I can't update anything which could be the problem. Right now I'm having her run a full scan with MBAM, and I'm coming to you for help. Its a Dell Inspiron with Windows 7 or Vista 64 bit. I think she said the rogues name is Antivirus Power. Thank you.

P.S. Way to go Norton!  

Also, she has Norton 360 2010 installed. Frequents Facebook a lot. Limewire is present but she doesn't know how it got on there. Also, she is not very good with computers.

[Jtaylor83]

This forum is for avast users only. Please use the Norton Community forums.

[BRANDONN2008]

Lol, really? People on this forum have helped non-Avast users before. It has nothing to do with Norton, it's about an infection that I know people on this forum have the expertise to help. Plus after today they'll probably take my advise and switch to Avast!.

[Jtaylor83]

Alright then. Please follow Essexboy's instructions on OTL.

[Marc57]

Hey brandon, You can do an offline update of MBAM, Look at issue 5 and click on the link.

http://forums.malwarebytes.org/index.php?showtopic=10138&st=0&p=49525&#entry49525

[Marc57]

Also there's manual removal instructions Here:

http://www.removeonline.com/remove-power-antivirus-2009-power-antivirus-2009-removal-instructions/


But if your sister doesn't know much about computers, She could have problems with this.

[BRANDONN2008]

Got the Malwarebytes defs loaded from a good pc to hers. I think she said it was Antivirus Power, not Power Antivirus, but she could be wrong.

[Marc57]

Got the Malwarebytes defs loaded from a good pc to hers. I think she said it was Antivirus Power, not Power Antivirus, but she could be wrong.

Just in case, here's more removal instructions:

http://www.spywareremove.com/removeAntiviruspowercom.html

[BRANDONN2008]

The updated Malwarebytes found 4 rogue items and removed them. Now she can actually log in with no alerts. Her internet still seems pretty useless, but it may just be a poor connection. I'm having her run a scan with her Norton to find anything Mbam may have missed. Thank you Marc. I never considered copying the definitions from one PC to another.

[Marc57]

No Problem, Glad to help.

You might also have her try Dr.Web CureIt, It's free and doesn't have to be installed to work.

http://www.freedrweb.com/cureit/?lng=en

P.S. You might also have her consider getting rid on Norton, I did years ago.

[essexboy]

Sometimes these programmes mess the proxy settings

Her internet still seems pretty useless, but it may just be a poor connection.

Go to Control Panel and select Internet Options
Select the Connections TAB
Select LAN settings button
Ensure there is no tick in the Proxy Server box
Select OK and restart Internet explorer


And for Firefox there are instructions on this page and you want the setting to be no proxy

[BRANDONN2008]

Thanks for your help. Her computer appears clean and her internet works, I've told her to run a scan with malwarebytes every few days just to make sure.