Author Topic: AV Security 2012 (Read 11697 times)

Fran9932 · « **on:** November 16, 2011, 01:32:51 PM »

I have Windows XP on my desktop computer. We have no internet access at all. My son got the AV 2012 virus on the desktop. How do you recommend that we remove this?
I appreciate all your help.
Fran

Pondus · « **Reply #1 on:** November 16, 2011, 01:42:27 PM »

follow this guide and attach all log`s
http://forum.avast.com/index.php?topic=53253.0

if you have no internet access on infected computer, download tools to a USB stick and move over to infected comp

you may also see this guide http://www.bleepingcomputer.com/virus-removal/remove-av-security-2012

Essexboy will then help you later today...

Fran9932 · « **Reply #2 on:** November 18, 2011, 01:06:17 AM »

Thanks.
I had to start in safe mode and hope this still worked.
Malwarebytes report:

Pondus · « **Reply #3 on:** November 18, 2011, 01:26:33 AM »

If you start in Safe mode with networking...and then try to update Malwarebytes before you scan, as your log show it has a old signature database

It also looks as you have avast and Norton installed ?

Essexboy is notified...

Fran9932 · « **Reply #4 on:** November 18, 2011, 01:40:51 AM »

I have tried to remove the program in safe mode and went to the toolkit removal. I am told that I need internet access. I can't change my LAN settings because they are not checked any way. Any help is appreciated.
Fran

DavidR · « **Reply #5 on:** November 18, 2011, 02:24:27 AM »

When you boot into safe mode you could try safe mode with networking.

Fran9932 · « **Reply #6 on:** November 18, 2011, 01:08:02 PM »

Sorry Essexboy,
I am in safe mode with networking when I am on the infected computer. I cannot update malware because I cannot access the internet in safe mode either. I used to have Norton but removed it and just kept Avast. Perhaps it didn't totally remove?

?

I am worried that taking the flash drive back and forth to the uninfected computer will cause problems. This morning my laptop loaded funny and I had to reboot before i could access the computer. Worry or paranoia, not sure.

Thanks for your comments. Any further direction?

?

Pondus · « **Reply #7 on:** November 18, 2011, 01:35:03 PM »

when you are in "Safe mode with networking" you need cable connection and not wireless...do you have that

essexboy · « **Reply #8 on:** November 18, 2011, 08:25:49 PM »

Hi lets see if this will restore your internet. Are all your desktop icons, start menu programmes present ? OTL will reboot you to normal mode

As the fix is quite large I will need to attach it, download the fix.txt file to your desktop

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Click the run fix button
A dialogue will open asking for the location of the fix
Browse to and select the fix.txt that you downloaded
Press run fix again

Fran9932 · « **Reply #9 on:** November 20, 2011, 02:38:57 PM »

Sigh, sigh, sigh
I ran the program as you asked. Still no internet explorer. I cannot rerun avast as I am told the service as stopped.

I do not have an ip address, period. Can I restore to an earlier date. When I try to run rkill it stops and says that the program has been stopped by rkill. I get a error message when runntinn rkill that I am in safe mode. do I want to continue or go to the restore module.
2 hours this morning and nothing. However, the avast 2012 looks to be removed. Afraid to reboot as directions say need to run antivirus first.
Antivirus is now unsecured and fix now doesn't work and I can't get it to run.

essexboy · « **Reply #10 on:** November 20, 2011, 03:54:59 PM »

With regard to Avast could you run a repair on the programme - From control Panel > Add/remove
Select Avast and on the left of the uninstall dialogue are a series of options > select Repair

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
Quote
:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{77695730-F0FD-491C-8603-A3655CCEEF28}: C:\Documents and Settings\Owner\Local Settings\Application Data\{77695730-F0FD-491C-8603-A3655CCEEF28}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{EBBED563-9EA2-4D13-9E1F-2B0112FA1736}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{EBBED563-9EA2-4D13-9E1F-2B0112FA1736}\ [2010/03/25 18:02:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21F7A5FC-4004-41C2-8C1B-3493ADB664A6}: C:\Documents and Settings\Owner\Local Settings\Application Data\{21F7A5FC-4004-41C2-8C1B-3493ADB664A6}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E3C7DCA5-26A9-4B67-A356-88E0AE2B58C7}: C:\Documents and Settings\Owner\Local Settings\Application Data\{E3C7DCA5-26A9-4B67-A356-88E0AE2B58C7}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{335C706C-7314-4106-A9DC-8855F895E38C}: C:\Documents and Settings\Owner\Local Settings\Application Data\{335C706C-7314-4106-A9DC-8855F895E38C}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{09D24B01-9033-4AD1-A656-171EF16C2964}: C:\Documents and Settings\Owner\Local Settings\Application Data\{09D24B01-9033-4AD1-A656-171EF16C2964}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B376E164-DF2A-4E7B-9D3C-699FD67AB5CD}: C:\Documents and Settings\Owner\Local Settings\Application Data\{B376E164-DF2A-4E7B-9D3C-699FD67AB5CD}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{947382DB-39EB-46D6-BF28-547763E3BE3F}: C:\Documents and Settings\Owner\Local Settings\Application Data\{947382DB-39EB-46D6-BF28-547763E3BE3F}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D923AA26-308D-47A4-ADCB-72AECF9B5388}: C:\Documents and Settings\Owner\Local Settings\Application Data\{D923AA26-308D-47A4-ADCB-72AECF9B5388}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F6A2D5D5-1A79-48FF-9A15-5F4A07838DB6}: C:\Documents and Settings\Owner\Local Settings\Application Data\{F6A2D5D5-1A79-48FF-9A15-5F4A07838DB6}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{19177630-995E-4FA6-8397-8799911C1C7B}: C:\Documents and Settings\Owner\Local Settings\Application Data\{19177630-995E-4FA6-8397-8799911C1C7B}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C54C6E4A-CA87-4ABD-B130-09AEC372A5A2}: C:\Documents and Settings\Owner\Local Settings\Application Data\{C54C6E4A-CA87-4ABD-B130-09AEC372A5A2}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4189BEF2-2767-4294-A7B1-0C8B1EEFE490}: C:\Documents and Settings\Owner\Local Settings\Application Data\{4189BEF2-2767-4294-A7B1-0C8B1EEFE490}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7C566C15-DBB8-470D-8CD5-F3DCA576CF31}: C:\Documents and Settings\Owner\Local Settings\Application Data\{7C566C15-DBB8-470D-8CD5-F3DCA576CF31}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E82CDC65-D3B4-463B-A56E-85905920E8F1}: C:\Documents and Settings\Owner\Local Settings\Application Data\{E82CDC65-D3B4-463B-A56E-85905920E8F1}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F09D793D-913B-4F52-B5CE-48F93448829C}: C:\Documents and Settings\Owner\Local Settings\Application Data\{F09D793D-913B-4F52-B5CE-48F93448829C}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{258626A1-FA86-4D19-AD58-B71885453FAD}: C:\Documents and Settings\Owner\Local Settings\Application Data\{258626A1-FA86-4D19-AD58-B71885453FAD}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5BDB6C7C-54D2-48A3-90B9-0EDFF96B1BBA}: C:\Documents and Settings\Owner\Local Settings\Application Data\{5BDB6C7C-54D2-48A3-90B9-0EDFF96B1BBA}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0FDA65B4-3FEE-4E94-9EC3-C315C8C28519}: C:\Documents and Settings\Owner\Local Settings\Application Data\{0FDA65B4-3FEE-4E94-9EC3-C315C8C28519}\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{682C99AA-1B1E-4427-9092-48FC5CF159BF}: C:\Documents and Settings\Owner\Local Settings\Application Data\{682C99AA-1B1E-4427-9092-48FC5CF159BF}\

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and copy to the affected system the MSFixit from this page
http://support.microsoft.com/kb/299357

NEXT

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.[/b]

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Fran9932 · « **Reply #11 on:** November 20, 2011, 05:39:47 PM »

I was able to get avast to run by ignoring the error message - duh, and I have run the fix this is what the virus does, right? It ran successfully and stated no viuses were found.
I have run OTL and logs are attached.
I cannot run the fix from microsoft as I am told that the administrator prevents this. I tried to go to my security center to see why this might be so , but cannot understand what might be preventing me from running the check.

I am reluctant to go past this point as I am trying to go in order.

thank you for all of your help.
Fran

essexboy · « **Reply #12 on:** November 20, 2011, 05:46:19 PM »

Could you now run combofix please - it may run in reduced functionality mode but it will give me a clear look at your drivers

Fran9932 · « **Reply #13 on:** November 20, 2011, 06:02:14 PM »

Is it okay not to disable to avast. Following the directions I do not have the option to disable it........ The avast still says it is not working with an error message, but does run if I just ignore the error message.

essexboy · « **Reply #14 on:** November 20, 2011, 06:07:22 PM »

Just ensure that Avast does not sandbox any files or delete/quarantine any files whilst combofix is running

Author Topic: AV Security 2012 (Read 11697 times)

Fran9932

AV Security 2012

Pondus

Re: AV Security 2012

Fran9932

Re: AV Security 2012

Pondus

Re: AV Security 2012

Fran9932

Re: AV Security 2012

DavidR

Re: AV Security 2012

Fran9932

Re: AV Security 2012

Pondus

Re: AV Security 2012

essexboy

Re: AV Security 2012

Fran9932

Re: AV Security 2012

essexboy

Re: AV Security 2012

Fran9932

Re: AV Security 2012

essexboy

Re: AV Security 2012

Fran9932

Re: AV Security 2012

essexboy

Re: AV Security 2012