Guest Xenia

Help! Vista Antivirus pro removal

32 posts in this topic

My computer got infected with this nasty trojan.

Here is more: http://www.xp-vista.com/spyware-removal/windows-antivirus-pro

I've tried to use some instructions posted on the net, but could not find the files given where the program spread itself around.

Of course while its infected the computer totally unusable. I can not run Malwarebytes (its starting then its switches itself off), can not start any web browser, either. Avira antivirus did scanned, but did not gave me anything about it, so is Spyware doctor.

I am sure I will beat it eventually, I just hope that somebody had this problem before and might give me advise how to get rid of it, as I need this computer in working order urgently (I am posting this from other computer).

Share this post


Link to post
Share on other sites

I was infected with this sh*t last month when I visited a porn site (also a previous version of this virus struck way back in 2006). The program attached itself to the explorer process and various other window programs like IE, Firefox and blocks every possible way to get fixed. The websites that you are looking for contains information regarding a different version of the same virus.

See the following: http://www.myantispyware.com/2010/02/22/how-to-remove-xp-antispyware-2010-xp-antivirus-pro-2010/

But I can summarize what needs to be done:

1. Most important, not to do anything in Windows Normal mode. The virus has literally taken over the explorer. Always start in Safe Mode. To get to safe mode - when the laptop power button is switched on, hit F8 repeatedly until you get a boot menu. Select Safe Mode from the menu.

2. Delete the file av.exe & AxgUx7B7jJHE from the Appdata directory. If you are using Vista, this should be the C:Users<Xenia>AppDataLocal folder. If you are in Normal mode, you wouldn't have permissions to delete the file.

3. Download this registry file from the below link. I got it from the bleepingcomputer's website.

FixReg

4. Remove all the registry entries given in the myantispyware page. Or alternatively search for av.exe in the registry and delete all the keys that contains this string. You should just be deleting the value and not the key.<Warning>Messing around with Windows Registry is like a suicide attempt.</Warning>

5. Run the FixExe.reg file that was downloaded in the previous step. This step is important because one of the registry keys deleted in the previous step was association for exe files. Meaning you can't run any executable in Windows, not even Windows :D This step will restore the assocation to its factory setting.

6. Restart the PC again in Safe Mode. Run full scan on Malwarebyte and restart again in Normal Mode.

7. If the virus is still there, then let me know, I will try to use my black magic rituals to kill the virus.

Share this post


Link to post
Share on other sites

See the following: http://www.myantispyware.com/2010/02/22/how-to-remove-xp-antispyware-2010-xp-antivirus-pro-2010/

But I can summarize what needs to be done:

1. Most important, not to do anything in Windows Normal mode. The virus has literally taken over the explorer. Always start in Safe Mode. To get to safe mode - when the laptop power button is switched on, hit F8 repeatedly until you get a boot menu. Select Safe Mode from the menu.

yes, of course I am doing it in the safe mode

2. Delete the file av.exe & AxgUx7B7jJHE from the Appdata directory. If you are using Vista, this should be the C:Users<Xenia>AppDataLocal folder. If you are in Normal mode, you wouldn't have permissions to delete the file.

I can not find above files. :). Cannot find AppData directory or ProgramData on C.

3. Download this registry file from the below link. I got it from the bleepingcomputer's website.

FixReg

Can not download anything on infected computer, and it does not load files from DVD drive either. Its starts then its switches off. (in a normal mode)

4. Remove all the registry entries given in the myantispyware page. Or alternatively search for av.exe in the registry and delete all the keys that contains this string. You should just be deleting the value and not the key.<Warning>Messing around with Windows Registry is like a suicide attempt.</Warning>

5. Run the FixExe.reg file that was downloaded in the previous step. This step is important because one of the registry keys deleted in the previous step was association for exe files. Meaning you can't run any executable in Windows, not even Windows :D This step will restore the assocation to its factory setting.

Could not do that, as was explained above.
7. If the virus is still there, then let me know, I will try to use my black magic rituals to kill the virus.

I need your black magic rituals please. (should put a smiley icon, but I m seriosly upset right now).

Thank you so much for your attempt to help me, especcially at this time of the night x.

I can install this computer to factory settings, but no way I am going to spent days to save all my files. (I did before and not wish this to anybody)

Share this post


Link to post
Share on other sites

Basically this computer does not allow you to download anything from the net, or run programs from DVD disk, since it was infected. Its need to be fixed manually, if only I could find which files and registry entries to remove, and I can not find any which are given on various websites instructions, This files and registry values are obviously were changed or renamed, so people can not remove them.

Share this post


Link to post
Share on other sites
2. Delete the file av.exe & AxgUx7B7jJHE from the Appdata directory.

I've done that, as well as some related value from registry, but does not help so far, after I restarted comp in normal mode (not that I though it would)

Share this post


Link to post
Share on other sites

I've done it! :)

Got a solution from: http://www.spywarevoid.com/antivirus-2010-removal-guide-remove-antivirus2010.html (reply from JR in responses: its for Win XP but worked on my Win Vista)

I just thought to post it, in case somebody else will have this nasty Trojan in a future. There are lots of other ways to remove it, but its not going to work for everybody. (as it did not for me, and I was fighting it for a last 4 hours). This done the trick, however I 've done other things also which is to long to describe here right now.

Can go to bed nappy now! :D

Share this post


Link to post
Share on other sites
My computer got infected with this nasty trojan.

Here is more: http://www.xp-vista.com/spyware-removal/windows-antivirus-pro

I've tried to use some instructions posted on the net, but could not find the files given where the program spread itself around.

Of course while its infected the computer totally unusable. I can not run Malwarebytes (its starting then its switches itself off), can not start any web browser, either. Avira antivirus did scanned, but did not gave me anything about it, so is Spyware doctor.

I am sure I will beat it eventually, I just hope that somebody had this problem before and might give me advise how to get rid of it, as I need this computer in working order urgently (I am posting this from other computer).

Oh Xenia you poor chick! Ive just had this one. It got right through Avast AV

You need to build that fix.reg file and click on it. The damn thing then closes down but its a tricky sod. It leaves hidden files files and mine reappeared.

Mine came back so I rebuilt teh fix.file that removes it from the registry.

Dont input anything you dont want a Russian geek to know lol No financial stuff as it sometmes leaves a keylogger.

Heres how you build the fix.reg file but obviously needs to go into the infected comp.

This definately works. I ran avast and found nothing but it came back. I did the same fix.reg a bit more carefully and its stayed away!

Just as a matter of interest what sites have you been visiting seems strange we both got the same virus :D

Click Start, Run. Type command and press Enter. Type notepad and press Enter.

Notepad opens. Copy all the text below into Notepad.

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USERSoftwareClasses.exe]

[-HKEY_CURRENT_USERSoftwareClassessecfile]

[-HKEY_CLASSES_ROOTsecfile]

[-HKEY_CLASSES_ROOT.exeshellopencommand]

[HKEY_CLASSES_ROOTexefileshellopencommand]

@=""%1" %*"

[HKEY_CLASSES_ROOT.exe]

@="exefile"

"Content Type"="application/x-msdownload"

Save this as fix.reg to your Desktop (remember to select Save as file type: All files in Notepad.)

Double Click fix.reg and click YES for confirm.

Reboot your computer.

Share this post


Link to post
Share on other sites

I can not find above files. :D. Cannot find AppData directory or ProgramData on C.

This is where it hides but they are hidden files. Use control panel/ file options to "show hidden files"

AppData on my comp was hard to find. I used the search box bottom right.

Mine is C| user | main (my account on comp) AppData some nasty files in "Local" and in "Roaming"

good luck

p.s. AppData may be hidden but its there

Share this post


Link to post
Share on other sites
I've done it! :(

Got a solution from: http://www.spywarevoid.com/antivirus-2010-removal-guide-remove-antivirus2010.html (reply from JR in responses: its for Win XP but worked on my Win Vista)

I just thought to post it, in case somebody else will have this nasty Trojan in a future. There are lots of other ways to remove it, but its not going to work for everybody. (as it did not for me, and I was fighting it for a last 4 hours). This done the trick, however I 've done other things also which is to long to describe here right now.

Can go to bed nappy now! :D

Thats what I get for not reading the whole thread lol.:)

Well done.

Share this post


Link to post
Share on other sites
I've done it! :)

Got a solution from: http://www.spywarevoid.com/antivirus-2010-removal-guide-remove-antivirus2010.html (reply from JR in responses: its for Win XP but worked on my Win Vista)

I just thought to post it, in case somebody else will have this nasty Trojan in a future. There are lots of other ways to remove it, but its not going to work for everybody. (as it did not for me, and I was fighting it for a last 4 hours). This done the trick, however I 've done other things also which is to long to describe here right now.

Can go to bed nappy now! :D

Huh, JR was mentioning the same thing in his response. AV.exe in the Appdata directory and registry entries with AV.exe as part of its value are the culrpits. The FixExe.reg file can also be created by your own instead of downloading from the Internet.

BTW JR was my student, he learnt his black magic tricks from me.

Share this post


Link to post
Share on other sites

Helen, I am so sorry. You put all this effort to help me. Thank you so much. I wish you was online at that night.

I've no idea where from this virus sprang through again. I did had it before, but the first time I end up to-reinstall whole computer to factory settings, so its highly impossible some of it was left on the system, not as I remember I visited any dodgy websites or downloaded anything.

Helen: here is my advise and I strongly suggest you to do it. As you know its have tendency to come back suddenly, after days/months even if your computer back to normal.

You need to download (if you don't have it already) Microsoft Security Essentials and run a full scan, which will take hours.

After I cleaned this trojan, (or so I thought) I run Avira AV and Malwarebytes and it could not trace anything. However when I've run above MSE full scan (I left it to run through the night), when I comeback in the morning it traced that this virus still on my system! Then it was a matter of the click to remove it. I am still not sure if it completely did it, but I trust Miscrosoft! :(

ITSMEJACK: Thank you so much also for attending my needs in the early hours in the morning.:rolleyes: I am sorry I did not followed your suggestions fully, as when I've read that I need to download file from the net, I knew I could not do it (as the browser did not opened any pages, apart of the page to pay for theirs fake software).

Anyway: Helen and Jack: I hope your efforts not wasted, as it might be useful for other people who will get this bastard of the Trojan, which is not easy to get rid off if you not a comp expert.

Share this post


Link to post
Share on other sites
Helen, I am so sorry.

Please don't be Xenia. Its my fault for not reading down the thread and jumping in feet first.

Thanks for the link. Ill try that later when I can walk away fron the bomputer while it slows down to scan. ( I'm too impatient!)

Share this post


Link to post
Share on other sites

You need to download (if you don't have it already) Microsoft Security Essentials and run a full scan,

Great link Xenia thank you. I recently rebooted like you did just to make sure it had gone ( and my comp was gummed up with useless rubbish I'd collected over the last 18 months,)

Guess what? I already had a new virus which my new Norton had missed. vbInject.dd

This free microsoft antivirus/malware clean found it and got rid of it with one click..

So if it wasnt for your link Id be happily putting bank details and CC details in all over the net.

Thanks again. Maybe we should have a useful free software catagory.

Share this post


Link to post
Share on other sites
Worrying!!

I'm no computer expert and maybe this is a bit like "after the horse has bolted" but perhaps some of you will find it useful:

http://www.davidsws.pwp.blueyonder.co.uk/links.html

Sorry, DeepThought, but I can not exactly understand your post.

The way I understand it (you can correct me if I am wrong), you mean that people should have theirs computers protected, because you posted a link to the various software to do so.

I am pretty sure that most people have various Antivirus/Security/ software installed already and constantly updated (as I and Helen did), and most people have an abilities to Google to find such software and try and test what is the best for theirs system. Unfortunately, the script writers of any nasty shit always will be ahead of it.

Great link Xenia thank you. I recently rebooted like you did just to make sure it had gone ( and my comp was gummed up with useless rubbish I'd collected over the last 18 months,)

Guess what? I already had a new virus which my new Norton had missed. vbInject.dd

This free microsoft antivirus/malware clean found it and got rid of it with one click..

So if it wasnt for your link Id be happily putting bank details and CC details in all over the net.

Thanks again. Maybe we should have a useful free software catagory.

Glad to help, Helen. That at least I could do, after you spent so much time to resolve my problem and thank you so much again for it!

Regarding "useful software" category- sounds good. But I've already said in my reply to DeepThought, people can easily find them out themselves and see what suits the best for theirs systems.

Share this post


Link to post
Share on other sites
Sorry, DeepThought, but I can not exactly understand your post.

The way I understand it (you can correct me if I am wrong), you mean that people should have theirs computers protected, because you posted a link to the various software to do so.

I am pretty sure that most people have various Antivirus/Security/ software installed already and constantly updated (as I and Helen did), and most people have an abilities to Google to find such software and try and test what is the best for theirs system. Unfortunately, the script writers of any nasty shit always will be ahead of it.

Xenia,

I was just trying to help. When I came to this thread it seemed like you had got your problem sorted.

I'm sure everyone is aware of the necessity of protecting their PCs but the link I posted to was for various freeware with a brief description of each. I'm not in favour of security suites but different security for anti-virus, malware, spyware, etc., in the belief that what one of them might miss another may detect.

Helen, apparently, uses Norton which, having had it my computer a while ago, I have absolutely no faith in. It stopped what it shouldn't, didn't stop what it should and caused me no end of problems.

The link is there for folk to have a look and choose to/not to download anything appropriate - or not.

Hope this makes it clear.

Share this post


Link to post
Share on other sites

Whilst a solution's been found, I think it's worth posting a link to VistaPE.

This creates a GUI recovery environment that can be booted from CD/DVD or flash drive:

http://www.vistape.net/

You need either a Vista DVD or a copy of the Windows Automated Installation Kit (the latter can be freely downloaded from Microsoft).

I've just started playing with it, and so far looks good. Allegedly very good at removing spyware etc, it's chock full of useful utilities to get you out of the mire (e.g. recovering logon passwords and creating new admin accounts etc)

B

Share this post


Link to post
Share on other sites
Xenia,

I was just trying to help. When I came to this thread it seemed like you had got your problem sorted.

I'm sure everyone is aware of the necessity of protecting their PCs but the link I posted to was for various freeware with a brief description of each. I'm not in favour of security suites but different security for anti-virus, malware, spyware, etc., in the belief that what one of them might miss another may detect.

Helen, apparently, uses Norton which, having had it my computer a while ago, I have absolutely no faith in. It stopped what it shouldn't, didn't stop what it should and caused me no end of problems.

The link is there for folk to have a look and choose to/not to download anything appropriate - or not.

Hope this makes it clear.

Thank you, Deepthought.

I am sure Helen have other separate security software installed apart of Norton, and I am sure most of the people have. Of course you only can install minimum which are "agree" with your system, not interfere with each other and not hogging CPU much.

I thought, that I was well protected, having Avira AV, Spyware Doctor and Spyware terminator (they both can run together), and Comodo firewall. All of them are run constantly on the background.

I had previously various AV/security/antispyware installed (I tested quite a lot of them, believe me, lol), but those above suited me fine...until last week that is! :(

Thank you Bacchus and dpraved, I had a quick look on the links provided, but will look properly tomorrow.

Share this post


Link to post
Share on other sites

Helen, apparently, uses Norton which, having had it my computer a while ago, I have absolutely no faith in. It stopped what it shouldn't, didn't stop what it should and caused me no end of problems.

I hate it too. I wouldnt use it for free, and I wouldnt recommend it to my worse enemy. It gums my computer up, it actually ages me with stress :( Its Nortons fault my online persona has sharks eyes and bears teeth.

.The norton came after a refit of windows that I had to do to rid myself of the virus2010. I thought i was protected by Avast. when i reinstalled I ran the updated Norton trial I got . It didnt find anything. I uninstalled and used the microsoft AV and it found a virus that was hiding in another partition.

So I use the microsoft AV.

My friends 15 yr old son ran his laptop for 14 months without AV protection. He uses Facebook MSN and all the usual teenage stuff. Probably looking at a lot of mucky stuff too - you know teenage boys !

Anyway he said hes never had a problem, but I passed Xenias link on to them and they installed the Microsoft AV.

With a complete scan of nearly 450,000 files It found 1 minor malware.

Its not fair!

Share this post


Link to post
Share on other sites
I hate it too. I wouldnt use it for free, and I wouldnt recommend it to my worse enemy. It gums my computer up, it actually ages me with stress :D Its Nortons fault my online persona has sharks eyes and bears teeth.

I'm guessing this is page re-directs. I had an awful time with them till I found out what was going on.

.The norton came after a refit of windows that I had to do to rid myself of the virus2010. I thought i was protected by Avast. when i reinstalled I ran the updated Norton trial I got . It didnt find anything. I uninstalled and used the microsoft AV and it found a virus that was hiding in another partition.

So I use the microsoft AV.

My friends 15 yr old son ran his laptop for 14 months without AV protection. He uses Facebook MSN and all the usual teenage stuff. Probably looking at a lot of mucky stuff too - you know teenage boys !

Anyway he said hes never had a problem, but I passed Xenias link on to them and they installed the Microsoft AV.

With a complete scan of nearly 450,000 files It found 1 minor malware.

Its not fair!

With all due respect, Helen, I find that hard to believe. There must have been protection of some description. Either that or M$ AV isn't that good.

As a matter of interest (or boredom, possibly) I have ZoneAlarm firewall, AVG Free, Ad-Aware, Spybot S&D, and SpywareBlaster as well as a web filter.

My security usually indicates that my PC is clean or there may be the odd one or two Tracking Cookies. Nothing serious though.

Thinking about it my security is not too dissimilar to Xenia's.

Share this post


Link to post
Share on other sites
I'm guessing this is page re-directs. I had an awful time with them till I found out what was going on.

With all due respect, Helen, I find that hard to believe. There must have been protection of some description. Either that or M$ AV isn't that good.

As a matter of interest (or boredom, possibly) I have ZoneAlarm firewall, AVG Free, Ad-Aware, Spybot S&D, and SpywareBlaster as well as a web filter.

My security usually indicates that my PC is clean or there may be the odd one or two Tracking Cookies. Nothing serious though.

Thinking about it my security is not too dissimilar to Xenia's.

Tis a truism. This is no 0rdinary antivirus this is MS antivirus !

Well again it found nothing. I wasnt there but those are the facts that were reported to me.

MS found things Norton and avast missed. I trust it because it is built by the people who built the operating system, although that brings up the question of whether to trust microsoft which I dont- but I cant imagine them telling me theyre a Nigerian General who needs my bank account details, or setting up a phising site to get me to buy viagra !

Hobsons choice really. You don't know your antivirus is working until it doesnt!

Share this post


Link to post
Share on other sites

There is another very very similar virus that acts in a very similar way. So similar its probably the same Russian geek that wrote the original subject virus.

It leaves "Antivirus Soft." a fake anti virus prog. It came right through Microsoft Essentials without detection.

It hijacks browsers, sets proxy servers so you cant use browsers. Then infects all programs and asks you to buy anti virus to cure....asks for credit card details!

I got it today when visiting thepiratebay Via mozilla. I never downloaded anything, just visited the index page.

Sort of easy to remove but a pain. Beware.

Share this post


Link to post
Share on other sites
There is another very very similar virus that acts in a very similar way. So similar its probably the same Russian geek that wrote the original subject virus.

It leaves "Antivirus Soft." a fake anti virus prog. It came right through Microsoft Essentials without detection.

It hijacks browsers, sets proxy servers so you cant use browsers. Then infects all programs and asks you to buy anti virus to cure....asks for credit card details!

I got it today when visiting thepiratebay Via mozilla. I never downloaded anything, just visited the index page.

Sort of easy to remove but a pain. Beware.

The same virus landed on my laptop yesterday. A real pain to track down and remove, however I was fortunate in having backed up all the files on my laptop the day before. So I reloaded the factory settings, in the process reformatted the hard drive thus loosing all application software from the laptop, which I am now in the process of reloading and I'm currently using my work laptop to access Pnet.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now