ANTIVIR Virus on Windows 7 hp, Please Help!!!

The Scop

The Scop

The Scop

Associate
Joined
1 Aug 2008
Posts
194
Location
UK
Hi, turned on my pc today and it has a virus! Some fake thing called Antivir Solution, basically it won't let me open my genuine anti-virus software, the registry editor, etc, it compltetely f'ed me. Gone into safe mode with networking and managed to get my anti virus going on a full scan (all I have is microsoft security essentials (the free version)).

Please give me any advie/instuctions I'm begging. Operating system is Windows 7 Home Premium 64 Bit.

Any help and advice very much appreciated, you will be a lifesaver.

Many thanks in advance

The Scop
 
To be honest i'd backup your data and do a re-install of windows. These fake programs can be a pain in the ass to remove. You may find it's a better use of your time to just reinstall.

depending how long you've had the pc a fresh start will improve performance once the junk is cleared out.
 
PapaLazaru said:
Last time I got a nasty I fixed with it by following this - http://www.bleepingcomputer.com/forums/topic308364.html

*edit*

I can see what you have is from the same family as the one I had.

Run rkill which will stop it, then run malwarebytes which will quarantine it. I did not have to mess about with safe mode as stuff. That rkill program is brilliant and it takes about a second to stop it.
Click to expand...

but will 'quarantining it remove it for good, my current anti virus said it quaratined something call trojan etc etc FakeSpyPro but the thing is still causing havok on my comp, wont let me turn on my anti-virus. will try what you said
 
PapaLazaru said:
It worked for me. :)
Click to expand...

Thanks so much both of you for your help it worked, rkill followed by malwarebytes fixed it :), only one problem though my internet still doesn't work, when i found out the virus was on there i tryed to open internet explorer and it didn't work just said "Internet Explorer can not display the webpage for any page i tryed. What do you reckon it is?, because everything else works fine again as far as i know.
 
Op i had the same virus today, didn't take long for malwarebyte to find it.
must have came from my brother music as i haven't downloaded anything.
 
I had the same virus today too. I wonder if it came from the forums somehow...

My thread
http://forums.overclockers.co.uk/showthread.php?p=17108593#post17108593

After fiddling about for half an hour or so with the internet off, antivir solutions just stopped running, at which point I ran a full scan with microsoft security essentials (couldn't before, antivir said it was corrupted) and it picked everything up (bunch of java stuff and a trojan).
 
There have been many reports of this style of virus in the past week on these very forums.
I wonder as to the source, occasionally people post regarding this, but in the last week, many have posted. New variant perhaps.
 
I got the exact same virus 2 days ago, clever little scamp, impersonating a popular antivirus! :) It appeared while browsing these forums for me as well. At the time I doubted I got it from here, but seeing as other folks got it too, the mods might do well to scan their servers!

I think this is a worm called Dropper.4Maximus (at least, that's the only one I found on my system after scanning, so I reckon it must be it). Apart from popping up the annoying window pretending to be Antivir and scanning my computer, it also popped up fake security notifications in the system tray, and it changed my browser's proxy settings to go through 127.0.0.1 (which is my own computer, so it was basically routing all traffic back to itself so it could show me those "This page might harm your computer" sites).

It's a crafty little bug that would've taken in most people, but I was lucky:
1. I have Windows Security Centre switched off, so I knew the systray warnings were fake
2. the "Antivir" scanning window was skinned like Vista, whereas I'm on XP,
3. the "Internet Explorer has detected that this website contains malware, which might harm your computer" sites it was showing me weren't convincing, because I'm using Chrome! :p

The craftiest thing about it though is that it won't let you launch any other application, not even the Task Manager, popping up another systray warning saying "this application is infected and may harm your computer" or something. However, if the fake Antivir window is in the background, then you can launch task manager and kill it, so that then you can launch your antivirus/antimalware software and nuke it from orbit.

Dons/Commisarios, please scan the forum's servers - as well as the shop's servers too, I was also browsing those!
 
How do you get it without installing or running anything, this is what I do not understand, is it exploiting a hole in your chrome browser, and running code remotely?
 
I don't get it either. I didn't visit any dodgy sites and I certainly didn't try installing any unknown programmes. Reading around on the web about this virus suggests that it mostly spreads itself through ads on social networks like Facebook, but I certainly never click on Facebook's spammy ads or install any of the stupid applications on it, not even the little quizzes. It's possible it's exploiting vulnerabilities in Chrome, but my impression was that it was pretty secure (or was, up until April. But I suppose it's possible that it's exploiting vulnerabilities in Flash (or Java, but I don't think the forums use Java, ifthis is where we really got it from).
 
i fix PCs for a living, and this type of virus has been doing the rounds for ages and there are a good few variety's of it.

Sometimes the Rkill method works but sometimes it doesn't, there a few methods to use the most extreme is a re install or creating another log in as it only usually infects the current user and tackling it from there, some make it impossible to run any *.exe file so you have to set up file associations again.

Remember when you have found it and got it quarantined to dig it out of your registry, you will also have to change back your settings of IE or firefox and manually set up your anti virus again.

Its one of most common viruses doing the rounds...and is a criminal scam as they ask for a payment to sign up to there antivirus software :(
 
Sayso said:
i fix PCs for a living, and this type of virus has been doing the rounds for ages and there are a good few variety's of it.

Sometimes the Rkill method works but sometimes it doesn't, there a few methods to use the most extreme is a re install or creating another log in as it only usually infects the current user and tackling it from there, some make it impossible to run any *.exe file so you have to set up file associations again.

Remember when you have found it and got it quarantined to dig it out of your registry, you will also have to change back your settings of IE or firefox and manually set up your anti virus again.

Its one of most common viruses doing the rounds...and is a criminal scam as they ask for a payment to sign up to there antivirus software :(
Click to expand...

Must fix 3 of these a day.

Step one remove HDD.

Step two scan as slave in another PC.

Done (well when back in original pc a quick run of combofix and malwarebytes for good measure but hey). Works a charm everytime! ;)
 
Gah. It's back, thought I'd removed it.

Restarted this evening and the little buggers still there...

In safe mode now and am scanning for viruses. When (if) it removes them, do I then have to clean the registry to ensure it doesn't come back? CCleaner?
 
A cumulative effort between Rkill, Malwarebytes, Superantispyware, Avast 5, TDSSkiller and finaly Combofix did the trick and completely cleansed this complete pain of a pest from a system belonging to a friend I was working on at long last. Combofix seemed to be the turning point of the whole shooting match and prevented the Google5 redirector ( which sometimes infects alongside Antivir and a relation of it - Defense Centre ) from rearing its ugly head after a scan. So glad I got rid of it without having to backup and reformat/reinstall. Hate doing that even though it seems the easy way out. Really hate these Malware pests beating me so I generally go all out to blitz them without resorting to reformatting.

Remember to run all of these in Safe Mode and turn off System Restore to prevent any traces lurking within the restore volume popping back up again.
 
You must log in or register to reply here.
Back
Top Bottom