Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

Antivirus System Pro: how do I remove this BS?

durandal4532durandal4532 Registered User regular
So my girlfriend's computer is infected with Antivirus System Pro.


It won't allow her to open the task manager, or any other programs.

Every online source I've found has stated that you need to use the task manager to disable the currently running processes first. So what's up, is she fucked?

Edit: Ah, okay. Once the thing is actually here physically tomorrow, I'll try rebooting in safe mode. For now she's using a friend's computer.

durandal4532 on

Posts

  • KiplingKipling Registered User regular
    edited November 2009
    Not even in safe mode? That generally will disable most startup programs. The other option is a bootable CD based on XP. Like http://www.ubcd4win.com/ . There are others, based off Windows XP install discs.

    There also the bootable CDs made by Antivirus program makers, but I'm not familiar with those. Maybe someone else here has more experience with those and can tell you if they also clean malware off a system.

    3DS Friends: 1693-1781-7023
  • TetraNitroCubaneTetraNitroCubane Registered User regular
    edited November 2009
    If you can get into safe mode, you might try Process Explorer. It'll let you see all the dependent processes and dlls being used by that PoS scareware so you can kill (or at least identify) them all.

    I would highly recommend a safe-mode scan with a fully updated MalwareBytes AnitMalware as soon as you're able. MBAM picks up and rips out a lot of these horrid things very well.

    qwlru.png
  • durandal4532durandal4532 Registered User regular
    edited November 2009
    Thanks for the advice. She was worried about restarting in safe-mode in case she needed to download anything or keep talking on AIM, since it seemed to prevent programs from opening.

    But once it's safely near another computer, we can actually get down to it.

    Edit: I actually may try to set her up with a separate data partition or maybe even an external backup drive, so she can reformat more easily as a way of eliminating these things.

  • Dark ShroudDark Shroud Registered User regular
    edited November 2009
    I would recommend Revo Uninstaller. Install it and then boot into safe mode and run it.

    After you have the PC clean make sure to install Microsoft Security Essentials.

  • DaedalusDaedalus Registered User regular
    edited November 2009
    I would recommend backing up any important files and reformatting, or you'll never really trust the thing again.

    vvvvvv-dithw.png
  • CronusCronus Registered User regular
    edited November 2009
    Daedalus wrote: »
    I would recommend backing up any important files and reformatting, or you'll never really trust the thing again.


    This. While it's not an attractive option, a reinstall is faster than ever with Win 7. And if you've got a spare harddrive or just a slave drive with enough space you can backup media files and such to that before the format. This really is the best option so that you know the system is safe.

    camo_sig.png
    "Read twice, post once. It's almost like 'measure twice, cut once' only with reading." - MetaverseNomad
  • SniperGuySniperGuy Also known as Dohaeris Registered User, ClubPA regular
    edited November 2009
    Oh god, you do pretty much need to format. Staff computers at work keep getting that, and due to me working in tech support, I keep getting them. It locks the FUCK out of that computer.

    3DS: 2509-1593-4994
    Steam Profile
    PSN ID: Dohaeris210
    Wildstar Server: Stormtalon Character Name: SniperGuy
    Levelling my Esper via Treadmill Desk Twitch Stream : status.php?streamuser=SniperGuy210
  • KiTAKiTA Registered User regular
    edited November 2009
    Revo and Malwarebytes should take it out.

    time to crash, the dawn is up, the sun gleems out glorious ps4 sunbeams and i can trade those sunbeams and do whatever i want with them.
  • WingedWeaselWingedWeasel Registered User regular
    edited November 2009
    I am not sure if this is a derivative of the total security virus but the symptoms sound similar. To deal with the total security virus you need to go into c:\windows\system32 and rename the task manager file (taskmgr.exe) to iexplore.exe. The virus will then allow you to run task manager since it thinks that it is something else that it needs to run it's shenanigans. The process you need to kill will likely be named something like 30394876239 or something similarly ridiculous composed of all numbers. Once you do you will be able to run other stuff again, and as suggested generally malwarebytes will kill the offender.

    Again I don't know without seeing it if it is in the same family of worms or not.


    XBL GT: Winged Weasel
    3DS FC: 4639-8998-4012
  • KiTAKiTA Registered User regular
    edited November 2009
    Neat trick, renaming task manager. I'll have to remember that.

    time to crash, the dawn is up, the sun gleems out glorious ps4 sunbeams and i can trade those sunbeams and do whatever i want with them.
  • citizen059citizen059 on a mote of dust suspended in a sunbeamRegistered User regular
    edited November 2009
  • GrimReaperGrimReaper Registered User regular
    edited November 2009
    KiTA wrote: »
    Neat trick, renaming task manager. I'll have to remember that.

    That doesn't always work, with group policies viruses/spyware etc can disable task manager, registry editor etc from working regardless of name changes. The more advanced ones will end processes which query running processes like attempting to list running processes or listing the registry. Some will detect certain names of the program running in memory, so say you rename taskmgr.exe to iexplore.exe a virus will look at the name of the program from its window name and if it matches say "Task Manager", "Process Explorer" etc then it will end that program.

    This is exactly why I use a custom bartpe cd, I have various programs on there that I use when removing viruses etc from pc's. (regeditpe, hijackthis etc)

    PSN | Steam
    ---
    I've got a spare copy of Portal, if anyone wants it message me.
  • electricitylikesmeelectricitylikesme Registered User regular
    edited November 2009
    Best strategy is usually a full reformat. Unless someone has a complicated setup (in which case they usually have both taken precautions against these types of things and know what they're doing) it's just not worth the hassle.

    The Company: The CYOA game that anybody can join at any time - running now!
  • Ragnar DragonfyreRagnar Dragonfyre Registered User regular
    edited November 2009
    Daedalus wrote: »
    I would recommend backing up any important files and reformatting, or you'll never really trust the thing again.

    My girlfriends computer got infected with this. It's fucking impossible to remove. I hear that Malwarebytes works if it was installed before you got infected. It will physically prevent you from installing the program after the fact.

    Reformatting is really your only option.

    steam_sig.png
  • shadydentistshadydentist Registered User regular
    edited November 2009
    Reformatting is the only safe option once a machine is this badly compromised.

    Steam & GT
    Spoiler:
  • KiTAKiTA Registered User regular
    edited November 2009
    Daedalus wrote: »
    I would recommend backing up any important files and reformatting, or you'll never really trust the thing again.

    My girlfriends computer got infected with this. It's fucking impossible to remove. I hear that Malwarebytes works if it was installed before you got infected. It will physically prevent you from installing the program after the fact.

    Reformatting is really your only option.

    Nah, easy fix. Rename malwarebytes' installer and install to C:\abbadszag1

    Or install it to a thumbdrive on another machine and bring it on over. Rename the main EXE after you do it.

    time to crash, the dawn is up, the sun gleems out glorious ps4 sunbeams and i can trade those sunbeams and do whatever i want with them.
  • fightinfilipinofightinfilipino legally competent Registered User regular
    edited November 2009
    i don't think the reformat is to kill the offending virus so much as to make sure that the virus/malware didn't open up other vulnerabilities on the machine that will just allow the whole infection to happen again.

    i've worked on three really bad cases in my school's IT dept in the last month where it just saved more time to backup and rebuild the machines rather than run endless malwarebytes/spybot scans. one of the machines would even bluescreen going into safe mode but would work fine in regular Windows.

    ffNewSig.png
    twitter | steam | 3ds: 4227 1731 4009
  • YannYann Registered User regular
    edited November 2009
    I just got this shit. Just restarted the computer and started the task manager before it started up. Killed the process and deleted the binary. Seems to have done the trick.

  • TetraNitroCubaneTetraNitroCubane Registered User regular
    edited November 2009
    i don't think the reformat is to kill the offending virus so much as to make sure that the virus/malware didn't open up other vulnerabilities on the machine that will just allow the whole infection to happen again.

    i've worked on three really bad cases in my school's IT dept in the last month where it just saved more time to backup and rebuild the machines rather than run endless malwarebytes/spybot scans. one of the machines would even bluescreen going into safe mode but would work fine in regular Windows.

    This. Very this. Here's a good read on the topic. The article may be old, but it's still very relevant. See here.

    Basically, there's no way to be sure you removed everything once something's on there.

    qwlru.png
  • StormwatcherStormwatcher Uee Citizen Record #2051 Über Star CitizenRegistered User regular
    edited November 2009
    Yann wrote: »
    I just got this shit. Just restarted the computer and started the task manager before it started up. Killed the process and deleted the binary. Seems to have done the trick.

    You're really fooling yourself and setting your machine up to get fucked again.

    Steam: Stormwatcher | XBL: Stormwatcher 21 | PSN: Stormwatcher33 | Gamecenter: Stormwatcher33 | 3DS: 0130-2805-2850
    steam_sig.png
  • CJTheranCJTheran Registered User regular
    edited November 2009
    I just arrived at my grand aunt's house to discover this waiting for me. Full reinstall wheee

  • Dark ShroudDark Shroud Registered User regular
    edited November 2009
    CJTheran wrote: »
    I just arrived at my grand aunt's house to discover this waiting for me. Full reinstall wheee

    Well at least you have an excuse to update to Win7 if she doesn't already have it.

  • CJTheranCJTheran Registered User regular
    edited November 2009
    CJTheran wrote: »
    I just arrived at my grand aunt's house to discover this waiting for me. Full reinstall wheee

    Well at least you have an excuse to update to Win7 if she doesn't already have it.

    Her 5 year old laptop doesn't have sufficient memory to run it.

  • KiTAKiTA Registered User regular
    edited November 2009
    CJTheran wrote: »
    CJTheran wrote: »
    I just arrived at my grand aunt's house to discover this waiting for me. Full reinstall wheee

    Well at least you have an excuse to update to Win7 if she doesn't already have it.

    Her 5 year old laptop doesn't have sufficient memory to run it.

    Debatable. I've heard Win7 will run on anything XP can run on. Not sure if I believe that, however.

    time to crash, the dawn is up, the sun gleems out glorious ps4 sunbeams and i can trade those sunbeams and do whatever i want with them.
  • TofystedethTofystedeth veni, veneri, vamoosi Registered User regular
    edited November 2009
    KiTA wrote: »
    Daedalus wrote: »
    I would recommend backing up any important files and reformatting, or you'll never really trust the thing again.

    My girlfriends computer got infected with this. It's fucking impossible to remove. I hear that Malwarebytes works if it was installed before you got infected. It will physically prevent you from installing the program after the fact.

    Reformatting is really your only option.

    Nah, easy fix. Rename malwarebytes' installer and install to C:\abbadszag1

    Or install it to a thumbdrive on another machine and bring it on over. Rename the main EXE after you do it.

    Won't work with some of the versions of this I've come across. It'll let you run the installer if you've renamed it, but it will delete the executable for MBAM as soon as the installer puts it there. Even if you install it in a non default directory. I eventually beat it by keeping that directory open in another window, and as soon as the executable appeared I renamed it before the virus found it.

    steam_sig.png
Sign In or Register to comment.