Tech Problem Aggregator

Antivirus System Pro demo

Q: Antivirus System Pro demo

Thanks for looking. I have been searching for other posts with this problem. But could not see the fix.

There is a program in the system tray that wants me to buy. Antivirus System Pro
A demo program that wants to scan the compter. It shows all kinds of fake viruses. Even though I tried not to run it. I could not find it in the remove program list of add and remove
programs.

This program is not in the task bar of all users on this compter.
And only that user can not view most websites in internet explorer.

Can you help me remove the demo program. Norton found some kind of trogen fake
file but it could not delete it.
Thank You,
Susan~a2000greetings

Here is what Norton Antivirus said:
Settings\Temporary Internet Files\Content.IE5
\0X6V49QV\antivir-systempro_com{1}.txt
Click for more information about this threat:
Trojan.Fakeavalert
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:56 PM, on 6/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Common Files\Virtual Token\vtserver.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\SKDAEMON.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\windows\ld10.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" target="_blank" class="invilink">http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O1 - Hosts: ::1 localhost
O1 - Hosts: 209.44.111.57 prosoft.microsoft.com
O1 - Hosts: 209.44.111.57 antivir-systempro.com
O1 - Hosts: 209.44.111.57 www.antivir-systempro.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: BHO - {A30E9EC0-1468-4d88-BF35-0538BB3E2AEB} - C:\WINDOWS\system32\iehelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ControlCenter] "C:\Program Files\IBM fingerprint software\ctlcntr.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld10.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244690839859
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://download-games.pogo.com/online2/pogo/luxor_amun_rising/mjolauncher.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Protector Suite Virtual Token (vtserver) - UPEK Inc. - C:\Program Files\Common Files\Virtual Token\vtserver.exe

--
End of file - 7078 bytes

Update:

Hi,
I followed a thing where it said download ComboFix and I turned of security and Norton.
I closed everything and ran. I had problems with a note saying Norton fileC:\32788R22FWJFW\av.vbs but I kept getting it of. It came on a lot javascript running stopped and got
comofix to update and run. The things still kept comming up while running but I shut them off as quick as I good. And got como fix to run:

ComboFix 09-06-22.01 - Travis 06/22/2009 16:04.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.674 [GMT -7:00]
Running from: c:\documents and settings\Travis\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\driver
c:\program files\driver\driver.dll
c:\program files\driver\driver.sys
c:\windows\sysguard.exe
c:\windows\system32\iehelper.dll
c:\windows\system32\pwdmon.dll
c:\windows\system32\wbem\proquota.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DRIVER
-------\Legacy_DRIVERDRV
-------\Service_driver
-------\Service_driverdrv
((((((((((((((((((((((((( Files Created from 2009-05-22 to 2009-06-22 )))))))))))))))))))))))))))))))
.

2009-06-22 23:06 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-06-22 22:50 . 2009-06-22 22:50 13568 ----a-w- c:\documents and settings\Travis\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-22 19:09 . 2009-06-22 19:09 -------- d-----w- c:\program files\Trend Micro
2009-06-22 07:23 . 2009-06-22 07:23 2 ----a-w- c:\windows\010112010146118114.dat
2009-06-22 07:22 . 2009-06-22 07:22 27648 ---h--w- c:\windows\ld10.exe
2009-06-21 22:57 . 2009-06-21 22:57 -------- d-sh--w- c:\documents and settings\Greg\IECompatCache
2009-06-21 06:17 . 2009-06-21 06:17 -------- d-sh--w- c:\documents and settings\Travis\IECompatCache
2009-06-21 06:16 . 2009-06-21 06:16 -------- d-sh--w- c:\documents and settings\Travis\PrivacIE
2009-06-21 06:16 . 2009-06-21 06:16 -------- d-sh--w- c:\documents and settings\Travis\IETldCache
2009-06-19 11:52 . 2009-06-19 11:52 -------- d-----w- c:\windows\system32\scripting
2009-06-19 11:52 . 2009-06-19 11:52 -------- d-----w- c:\windows\system32\en
2009-06-19 11:52 . 2009-06-19 11:52 -------- d-----w- c:\windows\system32\bits
2009-06-19 11:52 . 2009-06-19 11:52 -------- d-----w- c:\windows\l2schemas
2009-06-19 11:50 . 2009-06-19 11:50 -------- d-----w- c:\windows\ServicePackFiles
2009-06-19 05:10 . 2009-06-19 05:10 -------- d-sh--w- c:\documents and settings\SunshineSue\IECompatCache
2009-06-19 05:05 . 2009-06-19 05:05 -------- d-sh--w- c:\documents and settings\SunshineSue\PrivacIE
2009-06-19 05:05 . 2009-06-19 05:05 -------- d-sh--w- c:\documents and settings\SunshineSue\IETldCache
2009-06-19 05:00 . 2009-06-19 05:00 -------- d-sh--w- c:\documents and settings\Greg\PrivacIE
2009-06-19 04:58 . 2009-06-19 04:58 -------- d-sh--w- c:\documents and settings\Greg\IETldCache
2009-06-19 04:57 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-19 04:57 . 2009-04-30 21:22 1985024 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-06-19 04:57 . 2009-04-30 21:22 11064832 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-06-19 04:57 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-19 04:57 . 2009-06-19 04:57 -------- d-----w- c:\windows\ie8updates
2009-06-19 04:57 . 2009-05-12 05:11 102912 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-06-19 04:56 . 2009-06-19 04:57 -------- dc-h--w- c:\windows\ie8
2009-06-18 04:19 . 2009-06-18 04:19 -------- d-----w- c:\documents and settings\SunshineSue\Application Data\EA
2009-06-18 04:19 . 2009-06-18 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\EA
2009-06-18 04:18 . 2009-06-18 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-18 04:17 . 2009-06-18 04:17 -------- d-----w- c:\program files\Oberon Media
2009-06-18 04:17 . 2009-06-18 04:17 -------- d-----w- c:\program files\Common Files\Oberon Media
2009-06-14 05:37 . 2009-06-11 01:32 -------- d-----w- c:\documents and settings\Travis\Application Data\Symantec
2009-06-13 15:01 . 2009-06-22 07:47 13568 ----a-w- c:\documents and settings\SunshineSue\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-13 07:11 . 2004-08-04 05:29 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-06-13 04:37 . 2009-06-19 11:42 -------- d-----w- c:\windows\system32\NtmsData
2009-06-13 00:37 . 2009-06-13 00:37 -------- d-----w- c:\documents and settings\SunshineSue\Local Settings\Application Data\Identities
2009-06-12 05:10 . 2009-06-12 05:10 -------- d-----w- c:\windows\Sun
2009-06-12 05:09 . 2009-06-12 05:08 410984 ------w- c:\windows\system32\deploytk.dll
2009-06-12 05:08 . 2009-06-12 05:08 -------- d-----w- c:\program files\Java
2009-06-12 05:08 . 2009-06-12 05:08 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-06-12 05:08 . 2009-06-12 05:08 152576 ------w- c:\documents and settings\SunshineSue\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-11 21:15 . 2008-10-16 21:06 268648 ------w- c:\windows\system32\mucltui.dll
2009-06-11 09:29 . 2009-06-11 09:29 -------- d-s---w- c:\documents and settings\Greg\UserData
2009-06-11 07:40 . 2009-06-11 07:40 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-06-11 07:37 . 2009-06-11 07:37 -------- d-----w- c:\program files\MSXML 4.0
2009-06-11 07:07 . 2009-06-11 07:07 -------- d-----w- c:\windows\IBM
2009-06-11 04:20 . 2009-06-11 04:20 -------- d-----w- c:\documents and settings\SunshineSue\Application Data\AdobeUM
2009-06-11 04:20 . 2009-06-11 04:20 -------- d-----w- c:\documents and settings\SunshineSue\Local Settings\Application Data\Adobe
2009-06-11 04:20 . 2008-04-13 18:45 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
2009-06-11 04:20 . 2008-04-14 00:11 7168 ----a-w- c:\windows\system32\hccoin.dll
2009-06-11 04:19 . 2009-06-11 04:19 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-11 04:18 . 2009-06-11 04:18 -------- d-----w- C:\DRIVERS
2009-06-11 04:18 . 2009-06-11 04:18 -------- d-----w- c:\windows\Cache
2009-06-11 04:15 . 2009-06-11 04:15 -------- d-----w- C:\MFG
2009-06-11 04:15 . 2009-06-11 02:07 -------- d-----w- C:\ibmtools
2009-06-11 03:34 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-11 03:34 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-06-11 03:34 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-06-11 03:34 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-06-11 03:33 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-06-11 03:33 . 2008-09-04 17:15 1106944 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-06-11 03:33 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-11 03:33 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-06-11 03:32 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-06-11 03:32 . 2008-10-03 10:02 247326 ------w- c:\windows\system32\dllcache\strmdll.dll
2009-06-11 03:30 . 2009-01-08 01:21 26144 ------w- c:\windows\system32\spupdsvc.exe
2009-06-11 03:03 . 2009-06-11 03:03 -------- d-s---w- c:\documents and settings\LocalService\UserData
2009-06-11 02:54 . 2009-06-11 02:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\Symantec
2009-06-11 02:43 . 2009-06-11 02:43 -------- d-----w- c:\program files\SymNetDrv
2009-06-11 02:35 . 2009-06-12 07:11 -------- d-----w- c:\windows\system32\Adobe
2009-06-11 02:27 . 2009-06-11 02:27 -------- d-sh--w- c:\documents and settings\SunshineSue\UserData
2009-06-11 01:51 . 2009-06-11 01:51 -------- d-----w- C:\RRUbackups
2009-06-11 01:39 . 2003-04-10 23:04 77824 ------w- c:\windows\system32\WindowsAccessBridge.dll
2009-06-11 01:39 . 2003-04-10 23:04 28672 ------w- c:\windows\system32\JAWTAccessBridge.dll
2009-06-11 01:39 . 2003-04-10 23:04 139264 ------w- c:\windows\system32\JavaAccessBridge.dll
2009-06-11 01:39 . 2004-07-02 00:33 65536 ------w- c:\windows\system32\ProgressTrace.dll
2009-06-11 01:39 . 2004-07-02 00:33 86016 ------w- c:\windows\system32\PcdrKernelModeServices.dll
2009-06-11 01:39 . 2009-06-11 01:39 -------- d-----w- c:\program files\PC-Doctor for Windows
2009-06-11 01:38 . 2009-06-11 01:38 -------- d-----w- C:\Books
2009-06-11 01:37 . 2009-06-14 07:00 -------- d-----w- C:\IBMSHARE
2009-06-11 01:37 . 2009-06-11 01:37 32256 ------w- c:\windows\system32\drivers\psasrv.exe
2009-06-11 01:37 . 2009-06-11 01:37 13184 ------w- c:\windows\system32\drivers\psadd.sys
2009-06-11 01:33 . 2009-06-11 02:46 -------- d-----w- c:\program files\Norton AntiVirus
2009-06-11 01:32 . 2009-06-11 01:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Symantec
2009-06-11 01:32 . 2006-09-16 05:52 91904 ------w- c:\windows\system32\S32EVNT1.DLL
2009-06-11 01:32 . 2006-09-16 05:52 124016 ------w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-11 01:32 . 2009-06-12 01:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-11 01:32 . 2009-06-11 02:43 -------- d-----w- c:\program files\Symantec
2009-06-11 01:32 . 2009-06-11 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-11 01:32 . 2009-06-11 01:32 -------- d-----w- c:\program files\IBM fingerprint software
2009-06-11 01:32 . 2009-06-11 01:32 -------- d-----w- c:\program files\Common Files\Virtual Token
2009-06-11 01:32 . 2009-06-11 01:32 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-11 01:30 . 2009-06-11 01:30 -------- d-----w- c:\documents and settings\All Users\Application Data\ibm
2009-06-11 01:29 . 2009-06-11 01:29 -------- d-----w- C:\icons
2009-06-11 01:29 . 2003-09-19 08:47 10368 ------w- c:\windows\system32\drivers\pfc.sys
2009-06-11 01:29 . 2002-11-21 17:57 204800 ------w- c:\windows\system32\IVIresizeW7.dll
2009-06-11 01:29 . 2002-11-21 17:57 200704 ------w- c:\windows\system32\IVIresizeA6.dll
2009-06-11 01:29 . 2002-11-21 17:57 192512 ------w- c:\windows\system32\IVIresizeP6.dll
2009-06-11 01:29 . 2002-11-21 17:57 192512 ------w- c:\windows\system32\IVIresizeM6.dll
2009-06-11 01:29 . 2002-11-21 17:57 188416 ------w- c:\windows\system32\IVIresizePX.dll
2009-06-11 01:29 . 2002-11-21 17:57 20480 ------w- c:\windows\system32\IVIresize.dll
2009-06-11 01:29 . 2009-06-11 01:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-11 01:29 . 2009-06-11 01:29 -------- d-----w- c:\program files\InterVideo
2009-06-11 01:28 . 2009-06-11 01:28 -------- d-----w- c:\program files\IBM
2009-06-11 01:27 . 2009-06-11 01:27 136 ------w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-06-11 01:27 . 2009-06-11 01:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-06-11 01:27 . 2009-06-11 01:27 -------- d-----w- c:\program files\Windows Media Connect
2009-06-11 01:26 . 2004-12-17 16:57 53248 ------w- c:\windows\system32\SKUSBKBD.DLL
2009-06-11 01:26 . 2004-12-17 16:57 53248 ------w- c:\windows\system32\SKSETUP.DLL
2009-06-11 01:26 . 2004-12-17 16:57 49152 ------w- c:\windows\system32\SKHOOKS.DLL
2009-06-11 01:26 . 2004-12-17 16:57 40960 ------w- c:\windows\system32\SKDAEMON.EXE
2009-06-11 01:26 . 2004-12-17 16:57 155648 ------w- c:\windows\system32\SKUNINST.EXE
2009-06-11 01:26 . 2004-12-17 16:57 114688 ------w- c:\windows\system32\SKUTIL.DLL
2009-06-11 01:26 . 2009-06-11 01:26 -------- d-----w- c:\program files\Synaptics
2009-06-11 01:26 . 2009-06-11 01:26 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-11 01:23 . 2009-06-11 01:23 -------- d-----w- c:\windows\system32\URTTemp
2009-06-11 01:23 . 2009-06-19 20:17 -------- d--h--w- c:\windows\$hf_mig$
2009-06-11 01:21 . 2005-02-22 23:33 163840 ------w- c:\windows\system32\igfxres.dll
2009-06-11 01:21 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-06-11 01:21 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-20 16:51 . 2009-06-11 02:07 -------- d-----w- c:\documents and settings\SunshineSue\Application Data\IBM
2009-06-20 06:29 . 2009-06-20 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-06-19 11:54 . 2004-08-09 17:54 86695 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-15 17:26 . 2009-06-15 17:25 -------- d-----w- c:\documents and settings\SunshineSue\Application Data\GetRightToGo
2009-06-11 02:15 . 2009-06-11 02:07 -------- d-----w- c:\documents and settings\SunshineSue\Application Data\Symantec
2009-06-11 02:07 . 2009-06-11 02:07 47 ------w- c:\windows\system32\drivers\IBM_8143_DE1.MRK
2009-06-11 01:32 . 2009-06-11 09:27 -------- d-----w- c:\documents and settings\Greg\Application Data\Symantec
2009-06-11 01:31 . 2009-06-14 05:37 -------- d-----w- c:\documents and settings\Travis\Application Data\IBM
2009-06-11 01:31 . 2009-06-11 09:27 -------- d-----w- c:\documents and settings\Greg\Application Data\IBM
2009-06-11 01:31 . 2009-06-11 01:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\IBM
2009-06-11 01:31 . 2009-06-11 01:31 -------- d-----w- c:\program files\IBM DLA
2009-06-11 01:31 . 2009-06-14 05:37 -------- d-----w- c:\documents and settings\Travis\Application Data\Sonic
2009-06-11 01:31 . 2009-06-11 09:27 -------- d-----w- c:\documents and settings\Greg\Application Data\Sonic
2009-06-11 01:31 . 2009-06-11 02:07 -------- d-----w- c:\documents and settings\SunshineSue\Application Data\Sonic
2009-06-11 01:31 . 2009-06-11 01:31 -------- d-----w- c:\program files\Common Files\Sonic
2009-06-11 01:31 . 2009-06-11 01:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sonic
2009-06-11 01:31 . 2009-06-11 01:31 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-06-11 01:31 . 2009-06-11 01:31 -------- d-----w- c:\program files\Sonic
2009-06-11 01:31 . 2009-06-11 01:31 -------- d-----w- c:\program files\IBM RecordNow!
2009-06-11 01:27 . 2009-06-14 05:37 136 ------w- c:\documents and settings\Travis\Local Settings\Application Data\fusioncache.dat
2009-06-11 01:27 . 2009-06-11 09:27 136 ------w- c:\documents and settings\Greg\Local Settings\Application Data\fusioncache.dat
2009-06-11 01:27 . 2009-06-11 02:07 136 ------w- c:\documents and settings\SunshineSue\Local Settings\Application Data\fusioncache.dat
2009-05-13 05:15 . 1980-01-01 07:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 1980-01-01 07:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-17 12:26 . 1980-01-01 07:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 1980-01-01 07:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-22 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-22 126976]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-07-14 36864]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-03-07 122939]
"ControlCenter"="c:\program files\IBM fingerprint software\ctlcntr.exe" [2005-01-28 286818]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 58984]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-12-16 90112]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2009-06-11 100056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-12 148888]
"Hot Key Kbd Daemon"="SKDAEMON.EXE" - c:\windows\system32\SKDAEMON.EXE [2004-12-17 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-01-28 00:49 110176 ------w- c:\program files\IBM fingerprint software\psfus.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:driver

R2 ibmfilter;ibmfilter;c:\windows\system32\drivers\ibmfilter.sys [12/16/2004 4:12 AM 63616]
R2 SmiHlp;SMI helper driver;c:\windows\system32\smihlp.sys [1/27/2005 5:42 PM 3328]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-20 c:\windows\Tasks\Norton AntiVirus - Scan my computer - SunshineSue.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-08-18 19:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A30E9EC0-1468-4d88-BF35-0538BB3E2AEB} - c:\windows\system32\iehelper.dll
HKLM-Run-UC_SMB - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 16:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(696)
c:\program files\IBM fingerprint software\psfus.dll
c:\program files\Common Files\Virtual Token\psutil.dll

- - - - - - - > 'explorer.exe'(472)
c:\windows\system32\WININET.dll
c:\windows\system32\SKHOOKS.dll
c:\windows\system32\SKUtil.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Virtual Token\vtserver.exe
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\CCEVTMGR.EXE
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Norton AntiVirus\IWP\NPFMNTOR.EXE
c:\windows\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2009-06-22 16:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-22 23:10

Pre-Run: 59,747,942,400 bytes free
Post-Run: 59,840,192,512 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect

273 --- E O F --- 2009-06-20 14:43
Now:
the Antivirus System Pro is gone. I am using internet explorer still. But my computer said it is not my default internet browser. I can not see another one. So do not know what is.

I have a red X in my system tray. It says you have exceeded yourprofile space by 990504 KB
Before you can log off. You need to move some files from you profile to......

Thanks again.

A: Antivirus System Pro demo

7 more replies
Answer Match 56.28%

I'm a noob to bleepingcomputer so please forgive me for not knowing all the rules and regs. I have been helping a family member clean a computer and I possibly made it worse although I don't know how that could happen.

Right now the computer has malware defence, antivirus live and swp 2009 demo virus's. I was called to help when it just had malware defence. I was able to boot in safe mode run rkill and then malwarebytes. I ran multiple quick and full scans until it found 0 infections. I was also able to run in normal mode and run the scans as well.

Since the computers antivirus ran out I downloaded avg (its free but is it good enough?). When I started to install AVG it told me that I should remove malware defence since avg and it were incompatible and could cause problems. The problem is I can not locate malware defence since I ran Malwarebytes. The malware defence folder is not in the Add/Remove programs or in the System32 folder. I can find no traces of this program.

No one has been on the computer all weekend but this morning I get a call saying that the computer now has antivirus live and swp 2009 demo virus's. Like I said earlier we are able to run Malwarebytes from normal mode so I didn't think this fell into any previous form discussions.

The computer is a Dell Optiplex 755 running XP Pro.

Can someone please help?!

More replies
Answer Match 52.08%

I downloaded the demo for Watchmaker. It immediately crashed and has screwed up my system. Numerous error and illegal operation messages came up. Scandisk fixed about a dozen errors however I still cant get Netscape 4.77 or EI 5. to run. I reinstalled Netscape but still no luck. Help!
 

A:Game demo screwed my system

11 more replies
Answer Match 52.08%

i'm looking for a game demo i can download that has high system requirements; crysis 2 is about mid level; thanks
 

A:demo with high system requirements ?

Metro 2033 is often used for benchmarking....
maybe give the demo a try.

Metro 2033 system requirements
Minimum:
Dual core CPU (any Core 2 Duo or better will do)
DirectX 9, Shader Model 3 compliant graphics cards (GeForce 8800, GeForce GT220 and above)
1GB RAM

Recommended:
Any Quad Core or 3.0+ GHz Dual Core CPU
DirectX 10 compliant graphics card (GeForce GTX 260 and above)
2GB RAM

Optimum:
Core i7 CPU
NVIDIA DirectX 11 compliant graphics card (GeForce GTX 480 and 470)
As much RAM as possible (8GB+)
Fast HDD or SSD
 

1 more replies
Answer Match 45.78%

After install a antivirus if I change the operating system of my laptop does the antivirus keep working?????

More replies
Answer Match 42.84%

Hello,

This is my first post on BC. I am running XP Pro with 2 gigs of RAM on a 4 year-old HP laptop. I had Norton AntiVirus 2009 installed and it expired while I was on vacation. Now I am infected with what appear to be two viruses - Antivirus Live, and Antivirus System Pro. I cannot get online. When I try to do so my browser redirects tothis site: winsecure2010.microsoft.com/block.php?r=59:2

What can I do? I can't download anything to that machine, and when I tried using a USB drive to install Spybot, it would not let me.

Thanks for your support.

dickybobs

A:Antivirus Live and Antivirus System Pro

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.Please save this file to a USB stick on a non-infected computer, and make sure that you rename it first, and then try to run it on the infected one following these instructions. Please download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view... Read more

1 more replies
Answer Match 42.42%

I ran a full scan on Avast yesterday, it found 3 infections in my windows folder, can't remember the specific paths anymore.. I think one was in Sys64 or something.
It managed to quarantine 2 of them but it couldn't find the specified file path (or something) of the infection in Sys64 (or something).
So, Avast suggests that I restart and run a scan. I click yes, computer restarts, starts running a scan before Windows starts. After an hour it is done, I log on my account...

The startup is a bit faster than usually, but I notice that the programs that should start on startup won't (MSN Messenger, Skype, etc. including Avast itself. Comodo firewall starts as it should though).

I try to open some programs, including Firefox, Avast, Messenger... nothing happens when I click the shortcuts.
I can use explorer to browse my folders, but if I try to open an application nothing happens (usually, CCleaner worked however).

I tried system restore to an earlier state, but once the restore was "done" and I logged back in, it said that system restore failed because an antivirus program was running a virus scan.

I tried to clean registry and remove some files with CCleaner, but no effect.
I also tried to system restore to a different point multiple times: same effect. Fail.

So I tried to uninstall Avast, nothing happens when I click it at the control panel "uninstall or change programs" thing.

Next I go on rampage and try to delete the folder of Avast Antivirus, it sa... Read more

A:System restore fails after Avast Antivirus messes up the system

Seems Avast definitions are flagging important system files as infected. Many are saying sfc/scannow corrects the problem.

Just check the Avast forum and you'll see how many current threads there are on it.

3 more replies
Answer Match 42%

I've recently had the scareware of Windows System Defender and Antivirus System Pro. I ran Malwarebytes and I ran several scans with AVG, and deleted most of the files. They seem to be gone; however, I cannot open Task Manager. Also, even though it says I'm the admin of the computer, I'm not the admin. Here's the log from HijackThis:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:59:55 AM, on 10/24/2009Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\hp\support\hpsysdrv.exeC:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exeC:\Program Files\Java\jre1.6.0_01\bin\jusched.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exeC:\Program Files\TortoiseSVN\bin\TSVNCache.exeC:\Program Files\HP\HP Software Update\hpwuSchd2.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\AVG\AVG8\avgtray.exeC:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exeC:\Program Files\Rainlendar2\Rainlendar2.exeC:\Windows\ehome\ehtray.... Read more

A:Recently had Windows System Defender and Antivirus System Pro

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

2 more replies
Answer Match 41.16%

These two nasty viruses have completely taken over my computer. I am able to get online but am unable to launch any anti virus or malware programs to remove them. System Restore will not open and trying to run in Safe Mode only gives a blue screen. Please help!!

A:Help!! System Security & Antivirus System Pro virus.

You may want to have a look through this!http://www.bleepingcomputer.com/virus-remo...irus-system-pro(If running the Malwarebytes Anti-Malware setup doesn't work, try renaming the mbam-setup.exe to h6maj5.exe)

6 more replies
Answer Match 39.48%

Alright - I'm looking for big help! I really appreciate forums like these - I'm part of a forum myself, but we provide a very different service! SO thank you in advance!

So here's the breakdown. These are the various problems I've encountered within the last hour of the infection hitting.

It started with the blue background, with red on black writing saying YOUR SYSTEM IS INFECTED" and then Antivirus System PRO (which I understand to be a form of malaware) started popping up all over the place. I have no Task Manager (no Ctrl Alt Delete), and no keyboard. I even copy-pasted taskmgr.exe into the Run command and it is fully disabled.

I tried to restart in Safe-mode, and that was a no go - it simply couldn't start and asked me to chose from the Startup options again (Safe Mode, Safe Mode with Command Prompt ect ect ect). I also tried system restore, but surprise surprise that's not working either. Now I'm getting porn pop-ups as well.

Where the hell do I start killing this thing off?!?!?

Thanks in advance again,

A:"Your System is Infected" + Antivirus System Pro

hello bormac1lets have a look with this program http://www.malwarebytes.org/mbam.phpIf you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy. * Make sure you are connected to the Internet. * Double-click on mbam-setup.exe to install the application. * When the installation begins, follow the prompts and do not make any changes to default settings. * When installation has finished, make sure you leave both of these checked: o Update Malwarebytes' Anti-Malware o Launch Malwarebytes' Anti-Malware * Then click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan. * If an update is found, the program will automatically update itself. * Press the OK button to close that box and continue. * If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.On the Scanner tab: * Make sure the "Perform Quick Scan" option is selected. * Then click on the Scan button. * If asked to select the drives to scan, leave all the driv... Read more

5 more replies
Answer Match 39.48%

The other day these annoying Antivirus System Pro (ASP) messages started showing up. I got confused by the many different windows that sprang up and accidentally activated this bugger when I thought I was stopping it with my antivirus program. Now I'm having a devil of a time even trying to clean it. I've completely disconnected the infected PC from the internet and am working off of my laptop and transferring files back and forth with a memory stick. I downloaded and tried to run both Spyware Doctor and Malwarebytes' Anti-Malware programs, these along with most other programs {including AVG anti-virus} are being stopped from being run by ASP. I think the thing is even deleting the main executable for Malwarebytes' Anti-Malware after the install is run. I almost couldn't get DDS to run as ASP kept preventing it, but somehow while trying to shut down windows ASP closed but another program hung open and I was able to get DDS to run and created the log below. Since then I haven't been able to get DDS to run a second time, I hope this one is ok but I worried it might be invalid due to ASP not running at the time of the log. I should also mention that somehow I'm being blocked from entering Safe Mode, whenever I try the F8 method on startup it allows me to choose Safe Mode options, but then just reboots.
DDS (Ver_09-10-26.01) - NTFSx86
Run by Jon at 19:27:58.65 on Mon 11/02/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Profession... Read more

A:System hammered by Antivirus SYstem Pro

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

19 more replies
Answer Match 38.22%

I'm helping clean a laptop that is infected by Antivirus System Pro. I'm able to connect to the internet after closing a service on task manger. I downloaded and installed malwarebytes. When I try to run it the exe file is missing. Please help.

A:Help Getting rid of Antivirus System PRO

Welcome toBCRun this application first and then run mbamPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it againAlso run thisWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan com... Read more

1 more replies
Answer Match 38.22%

I am not sure how, but I just booted up my PC and Antivrius System Pro took over. I tried to follow the removal instructions posted here and downloaded rkill.com and tried to run it. ASP immediately sees it and kills it - closing the DOS window. It also kills MalwareBytes as soon as I start it.So ... what do I do now?ThanksPS .. I am running an almost current (as of last Friday) version of Mcafee.Edit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ Animal

A:Antivirus System Pro

Hello and welcome.Please rerun RKill and next SAS.. (note if you have to reboot you will need to run RKill again).Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen.Back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan.Click "Next" to start the scan. Please be patient while it scans your computer.After the scan is complete, a Scan Summary box will appear with potentia... Read more

1 more replies
Answer Match 38.22%

My computer seems to be infected with the Antivirus system pro. But only seems to be affecting one of my user log-ons. I have windows XP. I have to idea how to get this thing off here. please help it will not let me go to the internet it just brings up its own site. and it tell me that whatever i click on is infected.

-Michael
 

More replies
Answer Match 38.22%

I was surfing the web today and at two different instances I was interrupted by the screen changing to a message. I clicked the X on the message and it took me to a page with a "virus scan." I know this is malware, I just have no clue how to remove it.
 

A:Antivirus System PRO

13 more replies
Answer Match 38.22%

Hi everyone going crazy can not get rid of antivirus system pro!!!!!!!!!!!!!!!!!!!!!!!!!Edit: Moved topic from Introductions to the more appropriate forum. ~ Animal

A:hi can not get rid of antivirus system pro

Have you taken a look here? Remove Antivirus System Pro (Uninstall Guide)Welcome to BleepingComputer.

1 more replies
Answer Match 38.22%

I have antivirus system pro for the second time in few months. can;t run malwarebytes. Need help

A:antivirus system pro again

Seeing how you never completed your HJT post you probably never totally got rid of it the first timeFirst run this application and then run mbamPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again===================================Also runWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system dri... Read more

5 more replies
Answer Match 38.22%

Our computer was infected with the antivirus pro system, I think I was able to remove most of it but when I try to visit certain websites, like this one, it always directs me to other random sites. I am not sure what to do or how to proceed. I appreciate all the time and effort that you guys put into this, this has been a learning experience for me as I am not very crafty with computers.
DDS (Ver_09-10-26.01) - NTFSx86
Run by Michelle farmer at 9:10:01.06 on Sun 11/15/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.88 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
... Read more

A:antivirus pro system

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No inp... Read more

2 more replies
Answer Match 38.22%

Antivirus system pro has infected my computer, and I cannot get rid of it.
 

A:Antivirus System Pro

please post a HJT log - the program is inthe link in my signature - i'll move to the malware forum
 

1 more replies
Answer Match 38.22%

Hi there. For the past few hours I've been using the guides on this website to help get rid of a virus, which I have now identified as antivirus system pro, from my computer. I've followed all the steps, only it hasn't worked!
I ran the rkill program, which seemed to work because it got rid of all of the annoying messages. Afterwards I ran the anti-malware program, which found one threat. There may have been more, because I tried it earlier on safe mode and it found and took care of 40 threats. At any rate, I got rid of the threats, and everything seemed good. I restarted my computer to check, and the annoying popup for antivirus system pro came up again!
Will I have to do this process every time I log in?
Because I thought this would completely get rid of it.

I'm running Windows XP Home edition.

A:Help with getting rid of antivirus system pro

Here is a copy of the latest log from the anti-malware software.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 2

22/11/2009 9:33:59 PM
mbam-log-2009-11-22 (21-33-59).txt

Scan type: Quick Scan
Objects scanned: 119713
Time elapsed: 18 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


My computer is working fine at the moment, but I'm worried that as soon as I shut it down and restart it the stupid thing will come back again.

1 more replies
Answer Match 38.22%

Hello everyone, I got hit today with Antivirus System PRO and I don't know how to handle it. The last time I had to send my computer back to the corporate office and I would prefer not to have to do it again. Is there any help for this?
Thank you in advance for your help.
Alan

A:Antivirus System PRO

Some types of malware will disable Malwarebytes Anti-Malware and other security tools. If MBAM will not install, try renaming it first.Right-click on the mbam-setup.exe file file and rename it to mysetup.exe.Double-click on mysetup.exe to start the installation.If that did not work, then try renaming and changing the file extension. click this link if you do not see the file extensionRight-click on the mbam-setup.exe file, rename it to mysetup and change the .exe extension to .scr, .com, .pif, or .bat.Then double-click on mysetup.scr (or whatever extension you renamed it) to begin installation.If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files.Right-click on mbam.exe, rename it to myscan.exe.Double-click on myscan.exe to launch the program.If that did not work, then try renaming and change the .exe extension in the same way as noted above.Double-click on myscan.scr (or whatever extension you renamed it) to launch the program.If using Windows Vista, refer to How to Change a File Extension in Windows Vista.Be sure to update MBAM through the program's interface (preferable method) or manually download the definition updates and just double-click on mbam-rules.exe to install. Then perform a Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/pa... Read more

1 more replies
Answer Match 38.22%

so i got this virus, the antivirussystem pro bullbleep that is so very frustrating.......i followed the instuctions on this site, i downloaded malware bytes anti maleware, from the link i got from here....
it seems to work but before the malware program is finished scanning it just closes and dissapears.....

A:antivirus system pro

Hello,I see that you have an HJT log posted here: http://www.bleepingcomputer.com/forums/t/239883/removing-the-anti-virus-pro/ into which I have pasted in the information in the above post. We do not allow more than one topic for the same computer and the same issue as this causes confusion, and in this case may make the disinfection process more difficult.This leaves you with a choice:1) Have this thread reopened and the HiJack This log topic deletedOR2) Keep this thread closed (and have it deleted later) and wait for assistance in the HiJack This log forum. Please note that that forum is VERY busy.Please send a Private Message indicating your choice.Assuming you wish assistance in the HiJack This forum, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted befor... Read more

1 more replies
Answer Match 38.22%

Please help, I am infected again, this thing seems to have many names and this time its antivirus system pro. I finally got hijackthis to run, here is the log.
Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:48:09 PM, on 11/10/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\iWin Games\iWinTrusted.exeC:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\Brother\Brmfcmon\BrMfcWnd.exeC:\Documents and Settings\Wanda_2\Local Settings\Application Data\rhgwqw\twndsysguard.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Brother\ControlCenter3\brccMCtl.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files\Brother\Brmfcmon\BrMfcmon.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeC:\Program Files\Internet Explorer\iexplore.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myembarq.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R... Read more

More replies
Answer Match 38.22%

I posted on here a few days ago (thread here), and I got to where I could actually use my computer enough to use the Anitvirus System Pro Removal Tutorial on here. It pretty much got me back to normal last night, but then today, just randomly a pop up came back about it. It didn't like, stop my entire computer from working like before, but it certainly slowed things down drastically. I kinda panicked when I first saw the pop up and ran rkill immediately. But then I ran a DDS and Root Repeal. Don't know if this stuff is still hanging around on my computer, but if anyone can take a look, that would be great. ThanksDDS (Ver_09-10-26.01) - NTFSx86 Run by Justin at 16:00:09.91 on Sun 11/22/2009Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_15Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1004 [GMT -6:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exesvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exec:\program files\common files\logitech\lvmvfm\LVPrcSrv.exeC:\Program Files\Synaptics\Sy... Read more

A:Antivirus System Pro

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

2 more replies
Answer Match 38.22%

Browsing yesterday when Antivirus System Pro showed up on the bottom toolbar. It kept giving me warnings saying I had a virus and should click "yes" to run the program and clean up the comptuer. It did this in four or five different ways but each seemed to steer me twords running this program. I have McAfee, though it is outdated, so I knew this Antivirus System Pro wasn't my normal program. After many dead ends I did find a program file labeled "btgq....something" paired with the same icon labled "e". Each were created near or at the time of the incident and each were 280 kb. I moved each to the recycle bin. I was still having problems...I couldn't get to interenet options, I couldn't add or delete programs, any dummy way I knew to try and get rid of a program was blocked. Eventually I had to restart the comptuer. After doing so the Antivirus System Pro was gone but now I had McAfee pop-ups telling me that part or some of my files weren't working. At this point I attempted to just remove McAfee from the Add/Delete function but I was unable to do so. No real reason, it would just open a box real quick and close it before any text even showed up. As though it was trying to run the uninstall program but something else closed it immediately. Eventually I used the restore function to restore the system to the day before it all happend. To the best of my knowledge the incident was at 10:57 yesterday morning (monday 23) and I restored it... Read more

A:Antivirus System Pro

Hello,We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up.My name is Syler and I will be helping you to solve your Malware issues. If you have since resolved your issues I would appreciate if youwould let me no so I can close this topic, if you still need help please let me no what issues you are still having, in your next reply.Download random's system information tool (RSIT) by random/random from here and save it to your desktop.Double click on RSIT.exe to run RSIT.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)Then please post back here with the following: log.txt info.txtThanks

11 more replies
Answer Match 38.22%

So I'm infected with it and I cant get combofix, malwarebytes, or hijackthis to run. So can anyone please help me?

A:Antivirus System Pro

Run this application and then try mbam againPlease download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Do not reboot the computer or you will have to run it again==============================Also try thisWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time... Read more

3 more replies
Answer Match 38.22%

I ran into a the same mal-ware (Antivirus System Pro) issue as the link below. I followed the Buckeye Sam's procedure and it cleaned my issue. It took several tries and some quick clicking to get Combo Fix to catch the mal-ware before it interrupted the fix. http://www.bleepingcomputer.com/forums/ind...irus+System+ProThank you Buckeye SamIt looks like there may be another step, so I attached my ComboFix txt file for additional help. I guess it is to long, so I have to do it in 2 parts

A:Antivirus System Pro

I can't add the rest. I Compressed the entire txt file.

3 more replies
Answer Match 38.22%

Hi,

I have two friends that I have been trying to help get rid of this virus/malware/rogue ware. The first friend is who I am posting about here she lives local and I can get to her computer. Here is what has been happening.

About a month ago her computer was infected with this. It, as you know, has paralyzed her PC. She is running Windows XP. The program comes up on start up and stops all of the actions on her computer. You can do things but it constatntly comes up with "your computer is under attack" type windows. It then stops the action you are attempting and you have to close all the pop up things and start again, after about eight attempts it will do what you were trying to do. It tries to stop her antivirus software, windows task manager, system searches, etc. It also occasionally pops up sexually explicit websites every so often.

I and another computer person have run just about everything. We have run FixIEdef, Malwarebytes, AVG, IObit Security 360, SpyHunter, and maybe a few more. Many things have been removed but it still comes back. I went in twice and tried to delete the "iehelper.DLL" file, once in safe mode once not. I have emptied the recycle bin. It still comes up!!! I uninstalled the program with the windows Uninstall Program tool in control panel while in safe mode and on reboot---IT STILL COMES UP!!!!

I'm about to throw the mouse at the monitor! What can we do? Please Help!!... Read more

A:Antivirus System Pro

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explanation about the tool. No input is needed, the scan is running.Notepad will open with the results.Follo... Read more

2 more replies
Answer Match 38.22%

My computer time after time keeps getting AntiVirus System Pro. I've followed the instructions for removal online. Problem is, it's different. Everytime the computer starts, it opens two processes XXXXsysguard.exe (where XXXX is 4 random letters) I find the folder located in C:\Documents&Settings\username\Application Data\XXXX\XXXXsysguard.exe and delete it. That seems to work until the next day when I start up and see that it's back. Here's the HJT log. Hopefully someone can be of assistance!

EDIT: In addition, while I think I finally removed all traces of it with Spybot S&D, when I surf the web, I'll click a link and randomly be redirected to sites such as webtatoos or something completely unrelated to what I'm looking for. The links I click are those such as news articles from reputable news sites so I know it's not an errant link.
 

A:AntiVirus System Pro

New HJT log file in reference to edited post
 

1 more replies
Answer Match 38.22%

I think I posted in the wrong place. But I need some help removing the virus "antivirus System Pro" after unsuccessfully using several downloadable programs claiming to remove it I have had no success.

I am using MS Vista . The virus is giving me pop up windows that claim "security alerts" as well as directing my browser to a porn site. The 4 pop ups come at the same time or sequentially. When I try to find any files with my search bar, the virus prevents me.

I need some basic help quick-PLEASE

A:Antivirus system pro

Hello Faiway. Let's try getting some more data.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update... Read more

5 more replies
Answer Match 38.22%

This virus is insane. It wouldn't allow me to load any program files or access any websites. I tried restarting and I kept getting error messages. I finally got it to start in Safe Mode. I ran Malwarebytes and it deleted one file (avscan something) but the computer still won't start in normal mode. I just ran a HiJackThis scan. This is the log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:55:36 PM, on 11/28/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe,O1 - Hosts: ::1 localhostO1 - Hosts: 91.206.201.8 oemantivir.microsoft.comO1 - Hosts: 91.206.201.8 oemantivir.comO1 - Hosts: 91.206.201.8 www.oemantivir.comO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!�... Read more

A:Antivirus System Pro help?

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloadedClick rootkit-tab and then scan.Don't check
Show All
box while scanning in progress!When scanning is ready, click Copy.This copies log to clipboardPost log in your reply.

2 more replies
Answer Match 38.22%

DDS (Ver_09-07-30.01) - FAT32x86
Run by Administrator at 17:52:16.23 on Wed 09/16/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.96 [GMT -5:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\svchost -k DcomLaunch
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Progr... Read more

A:Antivirus System PRO

I haven't received any replies so I went ahead and followed through on the advice on www.bleepingcomputer.com/virus-removall/remove-antivirus-pro-2010 and so far so good. I think it is fixed.

2 more replies
Answer Match 38.22%

Hello,

Out of no where I am being attacked by this virus/trojan. Antivirus system pro (whatever that is?) is somehow in my system tray and keeps running scans warning me I'm infected. Of course I'm not stupid, I've dealt with these before, but I'd like to know how to get rid of it? I'm running my McAfee now, but I know that never does it all. Windows won't stop popping up, I need help.

Thank you so much,
Brittney
 

A:Antivirus system pro

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

 

1 more replies
Answer Match 38.22%

If anyone could help me I'd be eternally grateful. I have some how picked up this "antivirus system pro" rogue anti-spyware program. And can't get rid of it. I've tried using the malwarebytes program in this link http://www.bleepingcomputer.com/virus-remo...irus-system-pro ,but I can't even get it to install. I think this program or some other I may be unaware of may be blocking the installation. It keeps rerouting my homepage to some bs site trying to sell me this junk malware. I also can't update ad-aware which i think is because of this program. I did manage to run a DDS scan which I hope is helpful. Any help would be deeply appreciated.DDS (Ver_09-05-14.01) - NTFSx86 Run by John at 16:35:24.81 on Tue 06/23/2009Internet Explorer: 7.0.5730.11Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1.#QNAN.1487 [GMT -4:00]AV: Panda Antivirus 2008 *On-access scanning disabled* (Updated) {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}============== Running Processes ===============C:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exeC:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXEC:\WINDOWS\System32\svchost.exe -k netsvcssvchost.exesvchost.exeC:\WINDOWS\system32\spoolsv.exesvchost.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:&#... Read more

A:"antivirus system pro"

Hello howardsan and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the re... Read more

20 more replies
Answer Match 38.22%

I somehow have download a virus while surfing the internet for free sheet music. It is the "Antivirus System PRO" Can you offer a solution to remove this virus from my computer.

Thanks,

Janice

A:Antivirus System PRO

Hello and welcome please run these next. If you have Spybot installed temporarily disable it.Next run ATF:Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".Please download ATF Cleaner by Atribune & save it to your desktop.Double-click ATF-Cleaner.exe to run the program.Under Main "Select Files to Delete" choose: Select All.Click the Empty Selected button.If you use Firefox browser click Firefox at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browser click Opera at the top and choose: Select AllClick the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.Next run MBAM (MalwareBytes):NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do ... Read more

3 more replies
Answer Match 38.22%

Hello and thank you in advance, Helping a friend fix there computer. the virus is blocking malwarebytes and other programs. removed harddrive and scanned on second computer with malwarebytes, removed virus it said but when rebooted they are there again blocks in safe mode also. Origanally popped up as virus attacks and then blue screen protect, ran malware from another computer got rid of blue screen but still anti virus system pro was popping up, ran again through malwarebytes and now antivirus pro is gone but still blocking malware bytes and online here is the log thanks again
DDS (Ver_09-06-26.01) - NTFSx86
Run by PAMELA RINN at 15:01:48.87 on Thu 07/23/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.228 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\msiexec.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k... Read more

A:Antivirus system pro

Here is the hijack this log also: when starting in safe mode iexplorer is running twice in process list? Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:17:01 PM, on 7/25/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 (8.00.6001.18702)Boot mode: Safe mode with network supportRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Trend Micro\WHijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mirarsearch.com/?useie5=1&q=R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/f... Read more

4 more replies
Answer Match 38.22%

Hi-I was receiving help from "Boopme" on this thread. After some troubleshooting I was advised to post on this message board the logs from OTL.Here is the content from the file OTL.txt:OTL logfile created on: 8/11/2009 9:30:24 PM - Run 1OTL by OldTimer - Version 3.0.10.6 Folder = C:\Documents and Settings\Owner\DesktopWindows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 7.0.5730.11)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 502.48 Mb Total Physical Memory | 110.59 Mb Available Physical Memory | 22.01% Memory free1.20 Gb Paging File | 0.64 Gb Available in Paging File | 53.06% Paging File freePaging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 53.89 Gb Total Space | 6.15 Gb Free Space | 11.41% Space Free | Partition Type: NTFSDrive D: | 2.00 Gb Total Space | 0.65 Gb Free Space | 32.53% Space Free | Partition Type: FAT32E: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loaded Computer Name: OGNIB3309LAPTOPCurrent User Name: OwnerLogged in as Administrator. Current Boot Mode: NormalScan Mode: All usersCompany Name Whitelist: OffSkip Microsoft Files: OffFile Age = 30 DaysOutput = Standard ========... Read more

A:Antivirus System Pro

Please download The Comedian.exe by Rorschach112 to your desktopPlease disable all of your antivirus/firewall before doing this step. Please visit HERE if you don't know how..Double click the program to run it. It will only take around several minutes to run.It will do a series of tasks and tell you when each one is finished.You will be prompted to press any key after each stepWhen it is done it will close and exit itself automatically.You can delete The_Comedian.exe once it is finishedSTOP! if you can't complete this step.. Tell me more about it..OTL Fix stepOpen OTL then do below..Copy/paste the following into the Costum Scans/Fixes box and then click on Run Fix button.:processes
explorer.exe

:services

:OTL
O1 - Hosts: 91.212.127.220 intsecure.microsoft.com
O1 - Hosts: 91.212.127.220 intsecure-2009.com
O1 - Hosts: 91.212.127.220 www.intsecure-2009.com
O3 - HKU\S-1-5-21-1961663005-505800229-699386506-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1961663005-505800229-699386506-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [msupdate] File not found
O4 - HKU\S-1-5-21-1961663005-505800229-699386506-1003..\Run: [system tool] C:\Program Files\wodgen\lloosysguard.exe (Microsoft Corporation)
[2009/08/11 21:18:04 | 00,012,032 | ---- | C] () -- C:\WINDOWS\System32\iehelper.dll
[2009/08/09 23:43:11 | 00,219,... Read more

41 more replies
Answer Match 38.22%

I did not download it, I can't find it on my control panel to delete it, and it pops up every 5 seconds to inform me that I have a virus and that I should pay it 50 bux for the full version to remove all viruses, I also am getting pop ups non stop, can someone please help me Mod Edit: Topic moved from HJT to more appropriate forum~ TMacK

A:antivirus system pro

Hello and welcome to Bleeping Computer.Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.Lets take a look with MalwarebytesPlease download Malwarebytes' Anti-Malware from here:MalwarebytesPlease rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exeMBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Double Click zztoy.exe to install the application.* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.* If an update is found, it will download and install the latest version.* Once the program has loaded, select "Perform Full Scan", then click Scan.* The scan may take some time to finish,so please be patient.* When the scan is complete, click OK, then Show Results to view the results.* Make sure that everything is checked, and click Remove Selected.* When disinfection is completed, a log will open in Notepad and y... Read more

1 more replies
Answer Match 38.22%

i ran the dds tool and root repeal, or rather i tried to but they start and are interrupted. same with malwarebytes. superantispyware finds infections, but even when i keep running it and reboot it still finds infections and i keep getting false infections from the rogue program. also tried to run HJT. the programs start then disappear.
wife's
dell laptop
xp pro sp2

A:antivirus system pro

Hi, miztrniceguy Welcome.Please follow these steps:Step 1Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here. "%userprofile%\desktop\win32kdiag.exe" -f -rStep 2Please download ComboFix from Here or Here to your Desktop.**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**If you are using Firefox, make sure that your download settings are as follows:Tools->Options->Main tabSet to "Always ask me where to Save the files".During the download, rename Combofix to Combo-Fix as follows:

It is important you rename Combofix during the download, but not after.Please do not rename Combofix to other names, but only to the one indicated.Close any open browsers.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Click on this link to see a list of programs tha... Read more

23 more replies
Answer Match 38.22%

I have Antivirus System Pro on my computer. I saw it in my tool bar a few days ago but now its isnt there. I know its still on my computer because I am redirected at times. Please help!
DDS (Ver_09-05-14.01) - NTFSx86
Run by Oneika Lawrence at 20:10:09.42 on Tue 06/23/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.254.43 [GMT -4:00]
============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe -k podmena
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch... Read more

A:Antivirus System Pro

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.??If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine.??Please perform the following scan:Download DDS by sUBs from one of the following links.??Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool.??No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 38.22%

HELP!!!!!
My main computer is infected, I think, with the Antivirus System Pro virus. It took over my computer this morning. I cannot do any searches on the internet. I, fortunately, had hijackthis already installed on that system so I ran a scan and below are the results. I remember having a similar virus about a year or so ago and had to have it removed by the local GeekSquad. Is there a way I can get rid of this myself? I have been considering switching to a MAC. Is it true that they get less viruses?

Thanks for your help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:27 AM, on 6/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Fi... Read more

More replies
Answer Match 38.22%

Trying to help my mother with her computer. I can run Firefox and download, but cannot run. I downloaded HJT, but it will not let me open it, says the file is infected. I cannot open any other files or programs without this thing going crazy with the security warnings. I'm on a different computer right now.

Any help would be appreciated. I am new to things like this.

Chris
 

A:Antivirus System Pro -- Can't Run HJT

I got HJT to work in safe mode (any assistance would be greatly appreciated):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:34:24 PM, on 11/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1060915
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Securi... Read more

3 more replies
Answer Match 38.22%

Hope I'm posting correctly. First, thanks to you all for this invaluable assistance. I'm pretty sure my one month new (yes, new - I wanted XP) Lenovo XL 500 laptop with XP Pro has contracted "Antivirus System Pro" or a variant thereof. Unfortunately the restore disk is for Windows 7 and I'd like to keep XP.Using AVG 8.5, Stopzilla and system restore to an earlier date, I've managed to beat out some of the usual brushfires, such as bogus search engine, dire warnings of viruses, porn sites, etc.After that, Ask.com (they've sunk to this?) kept popping up in my browser. That stopped after I removed the Stopzilla toolbar which had a link to them and have also blocked Ask.com using Stopzilla. Now, clicking on some links in Gmail result in Visual C++ Runtime Library message: "abnormal program termination" and all the IE7 windows' close.Downloaded and ran Hijack This which is what brings me here. I'm not IT saavy enough to know all the stuff listed in the resulting log. Although I found a site that lists tools claiming to analyze the results automatically (nice if legit?), I've been looking here for several days and am more impressed by your site. Here's the system info followed by the log file:Microsoft Windows XP Professional version 2002,, SP3. Intel Core2 Duo T5870 @2.00 GHzLogfile of Trend Micro HijackThis v2.0.2Scan saved at 9:43:00 AM, on 11/10/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16915)Boot mode: No... Read more

A:Antivirus System Pro

Case closed. Lenovo support was quite good. I got a live human with a minimum of voice mail jail. Turns out they have a hidden partition on the laptop hard drive for recovery which wiped the hard drive and did a clean install of XP.

As soon as I get printer, scanner and other stuff set up again, I'm getting some kind of disc imaging software and putting it on one of my external hard drives.

2 more replies
Answer Match 38.22%

Came home from work tonight and found my daughters computer infected with Antivirus System Pro. Tried to download Malwarebytes to run but it won't completely install so I can't get it to run.
Booted in Safe Mode and received the 'blue screen'.
AVG won't run.
IE8 was open at the time virus started and it repeatedly opens porn websites.
Any suggestions or is it just toast?

A:Antivirus System Pro

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

2 more replies
Answer Match 38.22%

I have had versions of this virus before but seemed to get rid of it with Antimalware. Not this time. I can't start-up in safemode. I was finally able to run antimalware after running combofix (saw another recommendation on this site). But, anti-malware still not able to get rid of it. So rather than trying on my own, I'm here for help. If someone can help, I'll wait for further instruction before trying anything on my own.

I cannot run Hijack this, no internet access (I'm writing from a clean computer), and running malwarebytes is iffy.

Thanks.

A:Antivirus system Pro

You can try this application and then run your scan toolsPlease note that whenever you reboot the computer you will need to run it againRkill.scrhttp://download.bleepingcomputer.com/grinler/rkill.scrWhen you double-click on the Desktop icon, a small DOS window will open and the application will run on it's ownIt should only take a few minutes and it will close by itselfDo not reboot the machine

1 more replies
Answer Match 38.22%

Help please - My son's laptop has become infected with this nasty thing. I saw the removal instructions on the bleeping computer page, but i can't get his computer to do anything. I can't get any webpages to come up at all. i'm sending this from another computer. Please help us take back control.

More replies
Answer Match 38.22%

http://remove-malware.net/how-to-remove-an...e-anti-spyware/I picked up this virus. See link above.Is there any free anti-virus program out there that will remove it?If not, what is the best way to remove this problem?AlexEdit: Moved topic from XP to the more appropriate forum. ~ Animal

A:Antivirus System Pro

Here you go: http://www.bleepingcomputer.com/virus-remo...irus-system-pro

1 more replies
Answer Match 38.22%

Help, I have a virus and I believe its main source is Anti virus System Pro. How do I remove this? I downloaded Avast and it found a bunch of items and cleaned them up but still the same problem. Please help?

Thanks

Ron

A:taken over by Antivirus system pro

Welcome to BCLet's run a few rootkit scansWe Need to check for Rootkits with RootRepealDownload RootRepeal from the following location and save it to your desktop.Direct Download (Recommended)Primary MirrorSecondary MirrorSecondary MirrorSecondary MirrorZip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)
Primary MirrorSecondary MirrorSecondary MirrorRar Mirrors - Only if you know what a RAR is and can extract it.
Primary MirrorSecondary MirrorSecondary MirrorExtract RootRepeal.exe from the archive (If you did not use the "Direct Download" mirror).Open on your desktop.Click the tab.Click the button.Check all seven boxes: Push OkCheck the box for your main system drive (Usually C:), and press Ok.Allow RootRepeal to run a scan of your system. This may take some time.Once the scan completes, push the button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.----------------------------------Please note: If Rootrepeal fails to run, try this step: Click Settings - Options. Set the Disk Access slider to High========================================Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on your keyboard to close... Read more

3 more replies
Answer Match 38.22%

I woke up this morning to find that i had this virus on my computer. I had it about 6 months ago as well but i thought my macafee had got rid of it. I ran Macafee to see if it would catch it but no luck. right now i'm useing something called XoftspySE to hopefully scan and remove it. But I always worrie that after the scan is over it's just going to ask me to buy the full version.

Am i doing the right thing and is there any better way of getting rid of it.

Also i'm not extreamly familiar with computer software.

thanks in advance.

A:Antivirus system pro, how do i get rid of it?

Please download Malwarebytes Anti-Malware and save it to your desktop.alternate download link 1alternate download link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.Make sure you are connected to the Internet.Double-click on mbam-setup.exe to install the application.When the installation begins, follow the prompts and do not make any changes to default settings.When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-MalwareLaunch Malwarebytes' Anti-MalwareThen click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.On the Scanner tab:Make sure the "Perform Quick Scan" option is selected.Then click on the Scan button.If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.When the scan is finished, a message box will say "The... Read more

8 more replies
Answer Match 38.22%

Looks like I recently became infected with Antivirus System PRO.Over the last couple days I have been getting periodic popups that this morning became continuous popups. After some trying, I was able to open the task manager. I found that ending process xniesysguard.exe stopped the pop-up issue.I attempted to download MBAM, but when I load the program, I get the following error when the computer tries to access MBAM.exe:Create process failed, code 2The system cannot find the file specified.I have McAfee installed and tried using this to flush out any viruses/malware that I had. At first, I couldn't access McAfee through my desktop (the cursor would disappear when it went overtop of the icon). I was able to activate McAfee from the bottom status bar. The scan that I ran found several viruses called Vundo.gen.ab. When I attempted to clean these, McAfee appeared disabled and wouldn't give an option of removal. Repeated scans eventually quarantined all of the suspect files, but still would not enable removal.I have downloaded the RootRepeal and DDS programs and run them. The Attach and Ark files are attached and the DDS text is pasted below.Any help I can get to clear this up would be greatly appreciated!KJDDS (Ver_09-10-13.01) - NTFSx86 Run by Krueger Jackson at 13:04:30.48 on Sat 10/17/2009Internet Explorer: 8.0.6001.18702Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2303.1697 [GMT -5:00]AV: McAfee VirusScan *On-access scanning enabled* (Updated) {... Read more

A:Antivirus System PRO

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. Please include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Please download OTL from following mirror:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.txt <-- Will be minimizedIn the upper right hand corner ... Read more

2 more replies
Answer Match 38.22%

So this damn malware virus thing has taken over my wife's computer . . . I was hoping someone here might be able to help me before I have to kill the computer . . . We have read the instructions with all of the recommended programs, but the lil'bastard has blocked all internet traffic. We've also tried searching out manual removal instructions (like these: http://www.ehow.com/how_5146071_manually-r...system-pro.html ) . . . but the files and reg edits listed cannot be found . . . So, anyone have any idea how I can get rid of this thing and once again begin using our computer? We would lub'ya forever if you could! Remember, we can't download Hijack This or any of the Removal tools, because access is blocked.Please help me burn this Malware out of my puter. Thank you!

A:Antivirus System Pro

Hi and welcome to BC.

Do you have another clean computer that you could download programs on then burn them to cd and install on the infected computer?

Kind regards,
~t

5 more replies
Answer Match 38.22%

I am infected. I keep getting pop ups antivirus. none of my desktop shorcuts work. unable to open IE. I am able to open Mozilla to post this. unable to dowload DSS to post log. I am being held captive, please send help.

A:antivirus system pro

Is this the computer you are talking about?http://www.bleepingcomputer.com/forums/ind...p;#entry1520246

5 more replies
Answer Match 38.22%

My computer has been infected by AntiVirus System Pro 2009. I tried to remove it by downloading Ad-Aware after multiple tries since when I tried to open my programs, it would always show error, but after clicking several times, my programs opened. Anyway, Ad-Aware removed the virus and Norton anti-virus as well. However, there are still malwares left in my computer. From Temp, I can't delete DF9CBB.tmp & Perflib_Perfdata_a08 ( which I suspect as Malwares ). As I searched the net about these files, I ran into bleepingcomputer.com and combofix. I downloaded combofix and scanned my computer. It deleted some files which are infected (I was so happy that I donated to the writer thru paypal =D ) but when I checked my Temp folder, the suspected Malwares are still there. Can someone please help me remove the suspected Malwares? Can I post my combofix log?

Thanks in advance..=)

More replies
Answer Match 38.22%

Last Sunday, I got hit by the Antivirus System Pro malware. Seemingly, I was successful in removing it but now have a problem that acts like a virtual memory issue. Between 15-20 minutes after turning on my computer (HP Pavilion 5220US), the display freaks out, blanking out some lines while others appear normal. I cannot start any new programs (various messages from invalid system image to cannot initialize program, to invalid dll. Eventually, the computer locks up and the only way to get out of it is to power off using the power button. I have tried eveything that I know of to identify and resolve the problem, but have been unsuccessful. I also recently replaced my harddrive because of errors on the drive. I imaged it to a new drive and am now running the new drive in my system. Might the problem be corrupt files because of the harddrive errors and not malware? Any and all help would be appreciated.

DDS.txt:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Charles Russell at 20:46:13.43 on Sat 12/05/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.281 [GMT -5:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system3... Read more

A:Antivirus System Pro

Hello, Charles Russell.My name is aommaster and I will be helping you with your log.I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.ThanksPlease note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.We need to run RSITDownload random's system information tool (RSIT) by random/random and save it to your desktop.Double click on RSIT.exe.Click Continue at the disclaimer screen.Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)In your next reply, please include the following:Log.txtinfo.txt

4 more replies
Answer Match 38.22%

Hello All,

If misery loves company, it looks like I'm in the right place. Antivirus System Pro installed yesterday. I knocked it back enough to run Malwarebytes (plus several other anit-malware programs) and most of the malicious effects (denying access to programs, pop ups, fake warnings) are gone. However, it keeps high-jacking my web browser and redirecting to different web sites.

I've read the "Preparation Guide for use Before Posting About Your Potential Malware Problem". I also ran the DDS Tool.

I'm by no means a cumputer expert (I do know enough to make myself dangerous though!). I would greatly appreciate any help/solutions offered with this problem.

Running Windows XP Home Edition.

Thank you,

More replies
Answer Match 38.22%

My daughter's laptop is infected with Antivirus system Pro. She is unable to get to any site on the internet, except for the porn sites that keep popping up. Her own antivirus program Sophos Antivirus, won't open, nor will Malwarebytes or SpyBot, which were already installed. I tried saving the links to rkill on a flash drive from my computer, but every time I try to open it, I get a warning that the file is infected and it shuts down. I'm at a loss as to how to get anything onto this computer to fix it. It appears that I am not the only one with this problem. Can anyone help?

A:Antivirus System Pro

Have you tried getting the Rkill from one of the othe rlinks available? Are you able to log in to safemode and try running MBAM from there? Here are some other links for the Rkill.....LINK 2LINK 3LINK 4Save it to your desktop and then double click to launch it (With Vista you need to right click and select run as administrator). You should see a little black window open and then close. If you see that box then it worked. If you don't see the black box then delete the file and use another download link and repeat the steps.Once it runs you should be able to run Malwarebytes.

1 more replies
Answer Match 38.22%

Good Day !

I've followed the instructions but I am unable to get the requested GMER or DDS scrpts. The PC will not let them run.

The virus is not allowing most .exe files to run. The error I get is: Windows cannot access the device, path, or file. You may not have the appropriate permissions to access the item.

Here is what I have going on.

Antivirus Pro Software is installed. (not full version)
Getting popups for ****** and Porn.
I see iehelper.dll is installed.
Virus software and any scanning software will not work. Including Malwarebytes, Ad-aware. I have tried running the Microsoft Malicious Software tool. It won't run. Any .exe will run for a few seconds and then just disappears.

If I connect to the internet and use a search engine, I am redirected to other sites and told that my PC is infected and it runs a fake scan.

I have tried running malwarebytes etc in safe mode but the same thing happens, the process is killed as soon as it start.

The PC is running Windows XP Home Edition with SP3.

Any help would be appreciated !

Tom

A:Antivirus System Pro plus others

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif


Once the tool has run, do NOT reboot the machine, and then try once again to run DDS and GMER.

3 more replies
Answer Match 38.22%

Hi,

Today I noticed that a warning kept popping up. It said I had to Trojans on my computer and was unprotected. I use Kaspersky and did not recognize this warning. BTW, thank you for the suggestion when I bought my new computer. It works great. However, this one must have slipped by.

I googled it and found that it was malware/trojans/etc.

While I was following the directions to post the text files on here the following happened:
1) Before running the programs I paused Kaspersky. While GMER was running a pop up window alerted me to the fact that "vmiprvse.exe is infected activate antivirus now?" I left it up and allowed the GMER to run.
2) The system rebooted after a blue screen of death came up. (now it was unusually warm today -- this could be the cause) But I wanted to let you know.
2b) After it restarted the annoying pop up stopped and the program "antivirus system pro" was no longer in the system tray.
3) GMER had to be downloaded again and then I was able to save the file to include in this reply.


My current computer is running Vista Home Premium edition. Let me know if you need any further details about the computer.

---DDS REPORT---

DDS (Ver_09-06-26.01) - NTFSx86
Run by Neo at 16:24:04.90 on Fri 07/17/2009
Internet Explorer: 8.0.6001.18783 BrowserJavaVersion: 1.6.0_14
Microsoft? Windows Vista? Home Premium 6.0.6001.1.1252.1.1033.18.3326.1711 [GMT -7:00]

AV: Kaspersky Anti-Virus *On-access scanning ... Read more

A:antivirus system pro

BUMP, please

1 more replies
Answer Match 38.22%

Hello
Thanks in advance for your help. My computer has been infected with the Antivirus System Pro bug. I keep getting Windows Security Aler pop-ups, my Internet Explorer has been hijacked, etc. I also keep getting messages that say "Appliction cannot be executed. The file ____.exe is infected. Do you want to activate your antivirus software now" I get that message if I try to run just about any program (except for Firefox).
I tried downloaded dds.scr to my desktop, and I also dowloaded combofix to my desktop. However, when I try to runt he programs I keep getting the "application cannot be executed. The file ____.exe is infected" message.
Thank you so much for your help.

A:Please help me get rid of Antivirus System Pro

Hello and welcome to TSF.

Please do not run Combofix on your own. It has to be run under the supervision of a trained analyst.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Use a USB stick to transfer tools to the machine if necessary. You might also want to use this tool, which may help free things up long enough to get some logs.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them ... Read more

1 more replies
Answer Match 38.22%

my sons computer is infected, and cannot connect to internet(wireless), and cannot basically run anything including malwarebytes. my computer in another room is connected(wired). CAN i download rkill, copy to disc(need info on how to do this). then install rkill on my sons computer. then run mb. on my sons computer. he has xp installed.Edit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ Animal

A:antivirus system pro

Take a look here: Remove Antivirus System Pro (Uninstall Guide)

10 more replies
Answer Match 38.22%

help with antivirus system por

A:antivirus system pro

Hi,Sorry for delayed response. Forums have been really busy. If you still need help with this do following, please.Download DDS and save it to your desktop from here or here or here.Disable any script blocker, and then double click dds.scr to run the tool. When done, DDS will open two (2) logs: DDS.txt Attach.txtSave both reports to your desktop. Post them back to your topic.Download GMER here by clicking download exe -button and then saving it your desktop:Double-click .exe that you downloadedClick rootkit-tab and then scan.Don't check
Show All
box while scanning in progress!When scanning is ready, click Copy.This copies log to clipboardPost log in your reply.

2 more replies
Answer Match 38.22%

I can't seem to find a remcocal tool or instructions for getting rid of Antivirus System Pro. Many of the removal tools seem to be close. If their is one to remove this Antivirus, can you direct me to which one I should use. I did find a removal tool called sdsetup_aff.exe. Is this one any good.JimEdit: Moved topic from AntiVirus, Firewall and Privacy Products and Protection Methods to the more appropriate forum. ~ Animal

A:Antivirus System Pro

Take a look here: Remove Antivirus System Pro (Uninstall Guide)

6 more replies
Answer Match 38.22%

Well, for a while, my computer was acting strange. First, Internet Explorer started randomly popping p with ads and porn sites. Also, random commercials ads, and some things that sounded like actual web shows starting spouting over my speakers, and I couldn't find where they were playing from! Even when I closed all programs! As I was getting very flustered, I got some kind of Antirus message saying that I had hundreds of Trojans! I just blew it off as fake and trying to make it REALLY happen. I tried to figure it out as some gross, annoying virus.

Later, though, I came home to my computer going completely wild. I had a pop-up advertising Antivirus System PRO, saying that I had many, many, problems. So, as I was growing tired of this bothersome behaviour, I looked up the Antivirus's credibility. Needless to say, I found out about its true nature quickly.

Now, I have tried a multitude of different Antiviruses and such Software. However, whenever I open or attempt to use almost anything involving an exe file, I get a pop-up saying it's infected, even when I'm just trrying to use AVG to scan my computer.

Anyone have any clues of how to get rid of it?
 

More replies
Answer Match 38.22%

This is the HiJackThis log for my friend's computer. The trojan opens at startup and prevents any apps from running, even task manager. It also prevents the computer from starting in safe mode. A million "Antivirus System Pro" windows open after startup. I have been able to get to the task manager before the ASP trojan boots and it's the process "lcrysysguard.exe" that seems to be the brunt of this virus (I ended the process, so it may not show up in the log). I can end that process temporarily, but it's always back on startup. I've tried running MalWareBytes, which got rid of a few things, but I can't figure out how to get to the root of this. The text file uploader wasn't working so I'm pasting the log, if that's okay.
Thanks so much for your help!

Liz
 hijackthis1.txt   7.38KB
  2 downloads

A:Antivirus System Pro

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 38.22%

I have a virus which will create false warnings to buy a product " Antivirus System PRO" and will hijack me to different web sites. I have tried to tofolow the instructions on "Hijack This Logs and Virus/ Trojan/Spyware/Malware Removal Preparation Guide For Use Before Using Hijack This and other Malware Removal Tools". This virus will not allow me to complete any steps as it infects everything that is downloaded.

I was browsing the ClassMates dot com website and people search during which time I apparently became infected. This is company computer that is basically an employment life or death situation for me. Please help.

Gregg Stephenson

A:Antivirus System PRO

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

2 more replies
Answer Match 38.22%

Thanks in advance for any help or insight you might provide to help solve my problem.

My computer was compromised by Antivirus System Pro last Wednesday. I clicked a link on sun-sentinel.com's website and that was all she wrote.

Initially, the laptop was completely useless. I couldn't run any programs. Whatever I tried to do, gave me an error (sorry but I can't remember exactly what it said) saying the file was infected and do I want to update antivirus. I tried to run hijackthis with the same results but I found that if I put Hijackthis in the startup and reboot the computer, I was able to remove the offending executables and registry entries long enough to update malwarebytes and scan. Problem solved at the time.

Last night, AV system pro popped back up out of the blue. Went through the same steps for removal but now IE8 opens multiple instances of itself whenever I do anything in the browser (i.e. type a search, type a url, click a link, etc.). Also, the computer takes longer than usual to boot and is running really slow.

I've scanned again with Symantec Endpoint Protection, Hijackthis, and Malwarebytes and nothing is found. I do have Windows XP install disk if needed

Below is the dds.txt results and the attach.zip is attached, however when I try to run gmer, I get a windows error saying the program will be shut down with options to send or don't send to microsoft. If I try to run gmer again, I get a blue screen and have to hold power button down to turn com... Read more

A:Antivirus System Pro

BUMP, please

1 more replies
Answer Match 38.22%

hello,

I recently got the 'Antivirus system pro' virus and am having trouble getting rid of it.
as with most of the other reports of the infection every exe file is 'infected' so gets shut down.
I have managed to press ctrl-alt-del before it starts up and then end the process so can run programs.
This seems to be a new strain of the virus as the standard files for it dont exist and malwarebytes doesnt pick it up.
I also seem to have no internet connection by any program when i shut the 'antivirus' down so i cannot update the software.

i am running:
xp professional x64

help, please.

A:antivirus system pro

Take a look here: Remove Antivirus System Pro (Uninstall Guide)

8 more replies
Answer Match 38.22%

I downloaded your "Remove Antivirus System Pro" guide (which I found when I Googled "Antivirus System Pro"), but I'm still infected. My Google Chrome browser redirects to random websites when I search Google and click on one of the search results. Antivirus System Pro launches after my computer reboots, and there is no way to stop it unless I can disable "empssysguard.exe" in my Task Manager processes before it has a chance to boot up if I'm to be able to use my computer at all. I'm running Windows XP Media Center Edition SP2. What else can I tell you? Please help.

A:Antivirus System Pro

Is it constantly in a reboot loop or can you access Task Manager?Ctrl + Alt + DeleteCtrl + Shift then EscIs there any way you can run this?Please download Win32kDiag.exe by AD and save it to your desktop.alternate download 1alternate download 2This tool will create a diagnostic report Double-click on Win32kDiag.exe to run and let it finish. When it states Finished! Press any key to exit..., press any key on your keyboard to close the program. A file called Win32kDiag.txt should be created on your Desktop.Open that file in Notepad and copy/paste the entire contents (from Starting up... to Finished! Press any key to exit...) in your next reply.--------------------------------------Go to > Run..., then copy and paste this command into the open box: cmdClick OK.At the command prompt C:\>, copy and paste the following command and press Enter:DIR /a/s %windir%\scecli.dll %windir%\netlogon.dll %windir%\eventlog.dll >Log.txt & START notepad Log.txtA file called log.txt should be created on your Desktop.Open that file and copy/paste the contents in your next reply.

1 more replies
Answer Match 38.22%

Hello all...This is my first post to this site. I was sent here by an expert who wanted to see if I could solve my problem straightaway. However, that was optimistic I guess.

I too have this apparent "spyware" (Antivirus System Pro) popping up and proposing to scan my PC. I stopped it from doing that, but apparently it has taken residence anyway.

My particular issue is that it is preventing me from executing other virus removal software (e.g., AVG). I also downloaded "combofix" following instructions, but the infection prevented an execution to start with the message that the "combofix.exe was infected".

Additionally with this virus, I cannot access software delete options via my control panel.

Tdentity of the virus suggests: BankerFox A, Nugel.E, or BHO.JEW.

I'm on a Dell 4700 using MS Windows XP.

...Tom6245

A:Antivirus System Pro

I'm seeing the very same thing on a system I am trying to clear for a friend. None of the tools I have can touch this. In addition to the above mention problems, I'm also unable to connect to the internet via IE. If I boot from Bart PE I have no issue. I've tried removing IE and re-installing and that didn't help at all. I can ping other addresses. Any suggestions or help for this guy would benifit us both.

Bill

2 more replies
Answer Match 38.22%

Hello everyone!

Microsoft Windows XP

Problem: ANTIVIRUS SYSTEM PRO

I need help with getting rid of this virus. I cannot access any windows, the task manager, restore point, can't open any safe modes without getting these 2 boxes below. A tech suggested downloading malwarebytes. I have tried to put CD's and a flashdrive in, but get nothing but these 2 boxes. My question is, how do you get anything to work if you can't open anything on your computer? If I buy this software, will it automatically work in the CD drive? Thank you for any suggestions?

Sunshinydays

1st box: C:\WINDOWS\system32\winlogon86.exe

2nd box: 16 bit MS-DOS Subsystem
C:\WINDOWS\system32\winlogon86.exe
C:\Program Files\Alwil Software\Avast4\aswMonVd.dll. An installable Virtual Device Driver failed Dll initialization.
Choose 'Close' to terminate this application.

Sunshinydays

A:Antivirus System Pro

It sounds like the infection has you pretty well locked down so this is what I woudl do. If you have a known working computer, remove the infected hard drive and slave it on to the other computer. RUn your scans on the infected drive, remove what they find and then re-install the drive back in its original computer.

4 more replies
Answer Match 38.22%

Have recurring Antivirus System Pro. Have completed basic fixes including rkill and Malwarebytes, but still have the problem.HijackThis log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:05:02 PM, on 11/28/2009Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exeC:\WINDOWS\System32\wltrysvc.exeC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exeC:\WINDOWS\system32\basfipm.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\Dell\OpenManage\Client\Iap.exeC:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\WLTRAY.exeC:\Program Files\Common Files\Symantec Shared\... Read more

A:Antivirus System Pro

try avira's antivir at http://www.avira.com it's a great antivirus program and goto http://www.superantispyware.com and download their free spyware program. it's great too. run them both from safemode with networking and even download and install them from safemode with networking too then after running them in safe mode run them again from a normal boot that should clear things up.

2 more replies
Answer Match 38.22%

Happy Thanksgiving to me Hello, I woke up this morning and was unable to connect to the internet. I am receiving a bunch of pop-ups claiming my laptop is under attack from Antivirus System Pro.First pop up: SPYWARE ALERT, My PC is infected by spywareActivate Antivirus System Pro or Stay UnprotectedSecond pOP UP: Antivirus System Pro AlertMy computer is being attacked by an internet virusI am receiving numerous Windows Security alerts also...ufnavi.exe is infected and tmbmsrv.exe is infectedWhen I try to log onto the internet it brings me to: sysguard2010.microsoft.com/blockIt then says I should purchase Antivirus System ProI ran Dr. Web in safe mode and no viruses were found, and I ran my Trend Antivirus and no viruses were found. Itried running malwarebytes but its saying that file is infected and it wont let me open itI have been reading through the forums and It seems a lot of people have this virus- the difference on my laptop is I am unable to connect to the internet.Any help is appreciatedThis topic can be ignored and closed...After dealing with numerous viruses- THE TIME HAS COME AND I HAVE DECIDED TO REFORMAT MY LAPTOP. Hopefully all goes smoothly.I just finished reformatting my 6 year old Toshiba, it was my first time ever reformatting (it was a lot easier than I anticipated). It is a long process, but well worth it. Bleepingcomputer helped me destroy so many viruses on her in the past. She is running so much faster now. I recomend to anyone having severe virus issue... Read more

More replies
Answer Match 38.22%

My computer is infected with this "anti virus" software. I tried doing the self removal (http://www.bleepingcomputer.com/virus-removal/remove-antivirus-system-pro) I can download the file but whenever I try to run it I get a "warning" saying that it's infected and asking me if I want to get protection.

My computer is essentially useless now as I can't open any files or programs (not quite sure how I was able to restart firefox, but it seems to be the only thing working).

I'm currently running windows XP (I think SP3).

A:Antivirus System Pro

Hello, run this first then MBAM again.Please download Rkill by Grinler and save it to your desktop.Link 2Link 3Link 4Double-click on the Rkill desktop icon to run the tool.If using Vista, right-click on it and Run As Administrator.A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.If not, delete the file, then download and use the one provided in Link 2.If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.If the tool does not run from any of the links provided, please let me know.You will need to run the application again if rebooting the computer occurs along the way.Rerun MBAM (MalwareBytes) like this:Open MBAM in normal mode and click Update tab, select Check for Updates,when doneclick Scanner tab,select Quick scan and scan (normal mode).After scan click Remove Selected, Post new scan log and Reboot into normal mode.

15 more replies
Answer Match 38.22%

hello not sure if this is the place to ask for help or not..if not can u point me the way?

yesterday my puter started to have pop ups saying i had a bunch of things wrong..well ok i know this is a malware and not good. ive been doing research on how to get rid of this but now i am at a stand still i was able to stop the pop ups by stopping them on the task manager ( found under sffmsysguard.exe ) then i was able stop them thru the start up by unclicking them (2 were found) thru the start up (cant remember where ive been doing alot of reading and alot of lil stuff)
so anyways right now it will not start when i reboot..
but now i need to find these files to get rid of them to clean the puter and i have looked everywhere and cant find anything!
i am not sure what more to do...
please help!

[codebox]DDS (Ver_09-12-01.01) - NTFSx86
Run by Compaq_Administrator at 17:47:28.65 on Thu 12/03/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.253 [GMT -5:00]
============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDO... Read more

A:antivirus system pro

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Foll... Read more

2 more replies
Answer Match 38.22%

This virus started popping up and i couldn't go on internet explorer because it wouldn't let me go to any websites without paying for the program. But i had firefox and was able to browse the internet for help on how to remove it. But when i looked over the steps on how to remove it, i couldn't find the program where they said it would be.

C:\Documents and Settings\Owner\Local Settings\Application Data\btymlg\ijeisysguard.exe is part of the virus i think. I deleted it, but it still shows up in this.

A:Antivirus System Pro

Hello! My name is Sam and I will be helping you. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.We need to create an OTL ReportPlease download OTL from hereSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
CREATERESTOREPOINT

Click the "Quick Scan" button.The scan should take just a few minutes.Please copy and paste both logs back here in your next reply.=============The next log will show us any hidden files that are pres... Read more

4 more replies
Answer Match 38.22%

First timer here.......

I have the "uninstall" guide and am able to get rkill.com and the black window flashes and disappears (although a security warning pops up in the middle). I then download the MBAM and click finish, but MBAM never starts back up so I'm not sure what to do next. I had MBAM before so there is a desktop icon, but everytime I click that I get the security warning. Any help would be appreciated. It's driving me nutz!

A:Antivirus System PRO help

I believe I was able to fix my problem....just had to star MBAM before the Antivirus System Pro started up. Was able to "Update" MBAM and run the tool......seems to be working much better now. I don't see the "shield" which is good news. Without this site and being able to read your explanations for others really helped. I would have been toast without it!

Thanks.

2 more replies
Answer Match 38.22%

Please help. Nothing is working. I've used my SuperAnti Spyware program scan. Dowloaded Malwarebytes Anti Malware program....and my computer is still infected.


Every time I try to run it again, the malware won't let me open the program to run a scan.

Please help!

A:How do i get rid of antivirus system pro!?!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Use a USB stick to transfer tools to the machine if necessary. You might also want to use this tool, which may help free things up long enough to get some logs.


Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click and choose Run as Admin
You only need to get one of them to run, not all of them.


Rkill.exe
Rkill.com
Rkill.scr
Rkill.pif


Once the tool has run, do N... Read more

1 more replies
Answer Match 38.22%

{{{ how do i get it off my computer }}} the malwarebytes' anti-malware didnt work

XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus are rogue antivirus programs that, when run, display false results as a tactic to scare you into purchasing the software. Older versions of XP Antivirus would create 9 entries in your Windows Registry that impersonate infections on your machine. In reality, though, these registry entries were harmless and had absolutely no effect on your computer. Instead, these entries were set so that XP AntiVirus can find them when scanning your computer and report them as infections. The newer of versions of the program , such as XP Antivirus 2008 and XP Antivirus 2009, instead just display false results when scanning your computer that state infections were found. In order to remove these fake infections, though, you would first need to purchase the software as the trial does not allow you to remove them.

While running, XP Antivirus will also display fake alerts stating that you are infected or under attack from some type of threat. These alerts are fake and can be ignored. If you do click on the alert, though, it will prompt you to purchase the software. Examples of text contained in these alerts can be found below.

Privacy Violation alert!
XP antivirus detected Privacy Violation. Some program is secretly sending your private data to untrusted internet host. Click here to block this activity by removing threats (Recommended).

o... Read more

A:XP Antivirus 2008, XP Antivirus 2009, and XPAntiVirus are rogue antivirus programs that, when run, display false results as a t...

There are indeed a lot of those rogues out there, with the one and only scope of scaring you into buying their product.Unfortunately they get harder and harder to remove.For a list of removal guides for the latest rogues, see hereI am moving this topic to a more appropriate forum

1 more replies
Answer Match 37.8%

I ended up with this virus on my pc. I ran microsoft security essentials and malware bytes and got rid of the virus, sort of. Now when I open internet explorer I get internet exploer cannot display the webpage. I have also ran Ad-Aware, IEfix and IE8-rereg. I have to search for alot of files for IEfix and it still can not complete. I have also deleted and reinstalled internet explorer. The computer loads slowly and opens pages slowly also. I have run hijack this and here is the report. Thanks for any help.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:34:45 PM, on 12/1/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exec:\Program Files\Microsoft Security Essentials\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Intel\Wireless\Bin\EvtEng.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Intel\Wireless\Bin\S24EvMon.exeC:\Program Files\Intel\Wireless\Bin\WLKeeper.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.ex... Read more

A:SWP 09 Demo

bump

3 more replies
Answer Match 37.8%

I ended up with this virus on my pc. I ran microsoft security essentials and malware bytes and got rid of the virus, sort of. Now when I open internet explorer I get internet exploer cannot display the webpage. I have also ran Ad-Aware, IEfix and IE8-rereg. I have to search for alot of files for IEfix and it still can not complete. I have also deleted and reinstalled internet explorer. The computer loads slowly and opens pages slowly also. I have run hijack this and here is the report. Thanks for any help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:34:45 PM, on 12/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 SP3 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.ex... Read more

A:swp 09 demo

bump
 

1 more replies
Answer Match 37.8%

This is considered an unwanted file but it says it cannot be removed! If it is considered a threat,Why can't I remove it. Help--I am confused. I am using windows XP and McAfee security center which states that all of the file cannot be removed.
 

A:Vbs/demo-gfi

6 more replies
Answer Match 37.8%

Hi, I have xp, and Mcafee, all updated, I use adware and spybot tooThis VBS/Demo-GFI is showing up in my Mcafee, I don't think it's a bad thing; but I don't know how to get rid of it. Mcafee says (in the program) it can't get rid of it) and their on line help was useless!would anybody know how to get rid of this? thanks so much!! Moderator Edit: Moved topic to more appropriate forum. ~ Animal

A:Vbs/demo-gfi

Run The Windows OneCare Free Scan (on-line scan)To run the Windows One Care Free ScanGo to Windows Live Onecare Free Scan site using Internet Explorer. It will say "Get a free PC safety scan"http://safety.live.com/site/en-us/default.htmMake sure you click "Full Service Scan" in the middle of the page and not the "Try It Now Free" offer on the right side.Allow the download of an Active X component.Choose "Complete Scan" in the window that opensClick "Next"Do not click on anything else that offers you a free trial or to sign up if you live in the US.Allow it to scan - it may take quite a while, possibly two hours or so depending on the size of your hard drive is and how fragmented your registry and drive may be.After completing the Windows OneCare Free Scan run both Adaware and Spybot Search and Destroy from safe mode, updating each program?s malware definitions before you reboot into safe mode to scan and allowing both to fix what they find.If you do not already have these freeware aps installed on your computer, you can get them at the following sites:*AdAware SE: http://www.majorgeeks.com/download506.html*Spybot S&D: http://www.safer-networking.org/en/index.htmlFollowing that that I suggest you post a ?HijackThis? log in the ?Hijack This? Logs and Analysis Forum for expert assistance with your malware infection.Read the pinned post in our ?HijackThis Logs and Analysis? forum, here http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malwa... Read more

2 more replies
Answer Match 37.8%

I was trying to watch a streaming video this morning, and against my better judgement clicked on the "install ActiveX control" when it wouldn't load. Needless to say, some vicious little program installed itself on my computer. It's calling itself "Antivirus System Pro," and is constantly popping up alert windows and "infiltration reports" and fake Windows security messages.

It's running in the taskbar, but when I go to the Task Manager to kill it, I can't find it running. Nor does it show up in the Programs file. There are a number of mentions on the web about this, most of which redirect to me running a scan with (and then purchasing) Spyware Doctor. (Which I'm not familiar with.)

Below is my DDS report, and attached is my Ark.txt and attach.txt files. The gmer scan took over six hours to run, wondering if that's normal...

I look forward to fixing this little pest soon, and eagerly await your replies...


DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 12:46:20.23 on Mon 06/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.530 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system3... Read more

A:Problem with Antivirus System Pro

Hi,

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

How to disable/re-enable AVG8

Please open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar.

* Click on Tools.
* Select Advanced Settings.
* In the left hand pane, scroll down to "Resident Shield".
* In the main pane, deselect the option to "Enable Resident Shield."
* To re-enable AVG 8, when Combofix is done, please select "Enable Resident Shield" again.

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Cons... Read more

7 more replies
Answer Match 37.8%

About 2 weeks ago, was infected with Antivirus System Pro (sysguard.exe). Downloaded Malwarebytes which seemed to catch and remove the virus. Scanned using McAfee; Kaspersky; and Oset. None of those programs have indicated that there is any remaining traces of the virus; but, whenever I do a search in Yahoo or Google, the search result links end up re-directing me to websites that have nothing to do with my search term. Have cleared out browser cache, which appeared to solve the issue for a short time, but the browser re-directs still occur.

Need to make sure that there are no residual traces of the virus.

More replies
Answer Match 37.8%

Antivirus System Pro is popping up on my laptop. The laptop is a Dell Latitiude D630 and I am running windows xp, Service Pack 2.

DDS.txt:
DDS (Ver_09-05-14.01) - NTFSx86
Run by Gmiller at 9:29:45.37 on Mon 06/08/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1284 [GMT -7:00]

AV: Total Protection Service *On-access scanning enabled* (Updated) {8C354827-2F54-4E28-90DC-AD391E77808C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Progr... Read more

A:Spyware: Antivirus System Pro

Hello and welcome to TSF.

Please note that the fix may require more than one round to properly eradicate. Stay with me until you're given the "all clear", even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions in the order they are presented, and please do no self-fixing or running of scanners unless requested by me or another helper at this forum.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to disable McAfee:

Please open McAfee Security Centre
Under Common Tasks click on Home
Click Computer Files
Click Configure
Make sure the following are disabled by ticking the "Off" button.
Virus protection
Spyware protection
System Guards Protection
Script Scanning Protection (you may have to scroll down to see it)
Next, select never for "When to re-enable real time scanning"
and click OK.

Further info on disabling and re-enabling McAfee: http://help.aol.com/help/microsites/...ernalID=222820


Please include the C:\ComboFix.txt in your next reply for further review.

You may subs... Read more

3 more replies
Answer Match 37.8%

Help please! I've got these antivirus sytem pro alerts that come up all the time and some times it seems to open up internet explorer and porn sights or offers to buy antivirus.

Please help me step by step in getting rid of this.

Thanks
 

A:Antivirus System Pro nightmare

I used system restore to go back a day and it took care of it
 

1 more replies
Answer Match 37.8%

Bogus Antivirus System Pro virus Please note: I attempted to run HijackThis and it will not run in either normal or safe mode.I have the Antivirus System Pro trojans. A bogus program runs from the system tray, alerts pop up warning me of fake virus attacks and Windows Security alerts pop up.Also, I can't get HijackThis to run. _____________________________________DDS (Ver_09-05-14.01) - NTFSx86 Run by s2 Owner at 14:28:21.64 on Tue 06/02/2009Internet Explorer: 6.0.2900.2180Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1.#QNAN.1134 [GMT -5:00]AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}============== Running Processes ===============C:WINDOWSsystem32svchost -k DcomLaunchC:WINDOWSsystem32svchost -k rpcssC:WINDOWSSystem32svchost.exe -k netsvcsC:WINDOWSsystem32svchost.exe -k NetworkServiceC:WINDOWSsystem32svchost.exe -k LocalServiceC:WINDOWSExplorer.EXEC:Program FilesLavasoftAd-AwareAAWService.exeC:WINDOWSsystem32ctfmon.exeC:WINDOWSsystem32spoolsv.exeC:WINDOWSSystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSSystem32svchost.exeC:WINDOWSSystem32svchost.exeC:PROGRA~1AVGAVG8avgwdsvc.exesvchost.exe "C:WINDOWSsystem32adsmsexts.exe"C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXEC:WINDOWSsystem32nvsvc32.exeC:WINDOWSsystem32RioMSC.exeC:Program FilesAlcohol SoftAlcohol 120StarWindStarWindService.exeC:WINDOWSsystem32rundll32.exeC:WINDOWSsystem32svchost.exe -k im... Read more

A:Antivirus System Pro - trojan

Hello and welcome to the BleepingComputer.com! I will be helping you today and post back with some instructions soon. In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.regards _temp_

7 more replies
Answer Match 37.8%

Hello , it is not uncommon to see that we have to install an AV software after being ensured that the system is not infected (even some software will launch a quick scan before installation).
My question is why ? What if we install AV programs in an infected computer ?

A:Antivirus & system state

Anti-virus software is a tool for prevention of malware infection. Since no anti-virus is 100% foolproof, even a computer with an an existing anti-virus can become infected. The same is true if there is no anti-virus installed. Once installed it may or may not detect an infection if one is present but it is better than leaving your computer unprotected. There is no requirement for the system to be absolutely clean before installing an anti-virus as you can install one on an infected computer. However, there are some malware infections which may interfere or prevent successful installation. Depending on the malware infection, there are specialized malware detection/removal tools which can be used prior to installation. Many anti-virus vendors also offer free LiveCD/Rescue CD utilities that are used to boot from in order to repair unbootable or damaged systems, rescue data, and scan the system for malware infections. In some cases this may be necessary first in order to stabilize the system and allow for successful installation. If installation is successful, than a full scan should be completed immediately. If you cannot install the anti-virus, you can always perform a series of online scans first.List of free online Anti virus scannersList of online Anti virus scannersTop Free Online Virus Scan ServicesEset Online Anti-virus Scanner is one of the more effective ones. Keep in mind that an anti-virus program is not enough because it alone does not provide comprehensive protecti... Read more

4 more replies
Answer Match 37.8%

I've been infected with Antivirus System Pro. I've looked through previous forum posts and haven't gotten very far.

I've tried to run DDS, RootRepeal, rkill, exehelper, and HiJackThis all to no avail. Malwarebytes shows a runtime error. I cannot open my task manager. Antivirus system Pro says all aforementioned executions are infected and cannot be run.

Currently I am running Windows XP in normal mode. I've noticed as long as I let Antivirus System Pro run my computer will not automatically shut down. When I was in safe mode and not running Antivirus System Pro, Windows will spontaneously shut down.

Any help will be greatly appreciated.

Happy Thanksgiving!

A:Help! Cannot remove Antivirus System Pro.

As no logs have been posted, I am shifting this topic from the specialized HiJack This forum to the Am I Infected forum.==>PLEASE DO NOT NOW POST LOGS<== unless a log is specifically requested.

11 more replies
Answer Match 37.8%

Hi There. Wondering if you could help me please. I have windows xp 98 and for the past 2 days I have a message popping up every 5 secs.It informs me of the following:System Antivirus 2008 window informs that I have been infected with 286 virusesattack detectedI have tried to follow the link from another site...http://www.bleepingcomputer.com/malware-re...antivirus-2008-and it seems to have done is added more programmes on to it...Kind regardsTin

A:System Antivirus 2008

Hello and welcome ... I have split your post to a topic of it's own. Thos is always the best proceedur. A ytopic of yur own. In this case there are 2 different operating systems and that will cause trouble for someone down the line.The Malwarebytes application is not supposed to be run on Win95.So this program is good for 95. What antivirus do you use?Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation.An icon will be created on your desktop. Double-click that icon to launch the program.If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)In the Main Menu, click the Preferences... button.Click the Scanning Control tab.Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning.Scan for tracking cookies.Terminate memory threats before quarantining.Click the "Close" button to leave the control center screen.Back on the main screen, under "Scan for Harmful Software" click Scan your computer.On the left, make sure you check C:\Fixed Drive.On the right, under "Complete Scan", choose Perform Complete Scan.Click "Next" to start the scan. Please be patient while it scans your compu... Read more

2 more replies
Answer Match 37.8%

Help please,
I've got this thing popping up constantly and loading porn sites. It's blocking everything I try to do
Hijack log attached.
Thanks in advance,
Myles

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:04:18 PM, on 9/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\support.com\bin\tgcmd.exe
C:\Program Files\eMachines Bay Reader\shwiconem.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Iomega HotBurn\Autolaunch.exe
C:\Program Files\Adobe\Photoshop Album Starter E... Read more

More replies