As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Options

Fuck you, Antivirus System Pro (PROBLEM SOLVED)

MinionOfCthulhuMinionOfCthulhu Registered User regular
edited November 2009 in Help / Advice Forum
I need help getting rid of this evil fake virus scanner. I'm not even sure how I picked it up, but it pops up and annoys me and is fucking with Internet Explorer. I don't use IE, but Steam and League of Legends use it, so the Store/Community tabs in Steam greet me with:
fffffffffffuck.jpg
And League of Legends won't let me connect because it too thinks I'm not on the internet.

I've used this program found here called rkill to stop it from running but the next step (using Malawarebyte's Anti-Malware) doesn't work. I've looked on Google for other ways, but they involve fucking with my registry, which I haven't done much of. I did look for what they said in the registry though, and couldn't find the offending files. This shit has to be somewhere, right?

mgssig.jpg1152dt.gif
MinionOfCthulhu on

Posts

  • Options
    FrozenTempestFrozenTempest Registered User regular
    edited November 2009
    Go to computer, and click the uninstall or change program feature. If it not listed there, I'm not sure what you can do. You could try uninstalling internet explorer, but I don't think that possible.

    FrozenTempest on
  • Options
    Sir Red of the MantiSir Red of the Manti Registered User regular
    edited November 2009
    Rename the executable for malwarebytes from mbam.exe to something different then try launching it. Chances are that virus has the usual scanners blacklisted by filename.

    Sir Red of the Manti on
  • Options
    TychoCelchuuuTychoCelchuuu PIGEON Registered User regular
    edited November 2009
    Run Dr. Web's free anti-virus scanner, then try Malwarebytes. If those don't kill it you might need to run something from a boot disk, either from Linux (like FSecure, ClamAV, or BitDefender) or from a custom Windows boot disk (you can get them with things like MWB on there).

    TychoCelchuuu on
  • Options
    MinionOfCthulhuMinionOfCthulhu Registered User regular
    edited November 2009
    Rename the executable for malwarebytes from mbam.exe to something different then try launching it. Chances are that virus has the usual scanners blacklisted by filename.

    Tried this, no dice.

    MinionOfCthulhu on
    mgssig.jpg1152dt.gif
  • Options
    ED!ED! Registered User regular
    edited November 2009
    Yea, this one seems to be getting around. It seems to only occur (for me) on systems where I'm using Google Chrome, and I have no idea where it gets picked up. Running Ad-Aware seems to have taken care of it, but I think its borked my ability to connect to the internet, so looks like a reformat is in order (thankfully its a laptop only used for campus).

    For running Malware, drag a copy of the executable to your desktop so it creates a shortcut, and when your computer boots double click on that first - it wont be able to terminate already running programs. Something else I tried, was setting computer to restart, and then killing the restart process. The Anti-Virus Pro will have been killed and you should be able to start programs as normal. This is if the above stuff isn't working. Sucks that theres no work around and that some of these anti-virus measures seem ill-equipped to detect and stop it.

    ED! on
    "Get the hell out of me" - [ex]girlfriend
  • Options
    Richard_DastardlyRichard_Dastardly Registered User regular
    edited November 2009
    I've had something like this once. I started off by downloading the program that supposedly stopped the fake-antivirus from working, and then I downloaded every single free antivirus program I could find and ran them all (some of them two or three times). It worked, but I forget how I managed to actually download the programs since I was constantly being redirected to the antiantivirus site.

    I'm not the sort of guy who normally advocates vigilante justice, but I think summary execution in a man-sized microwave oven is an appropriate punishment for the people who make these programs.

    Richard_Dastardly on
  • Options
    bombardierbombardier Moderator mod
    edited November 2009
    I have had to get rid of this twice on a user's PC. I did it without any tools.

    Load up Task Manager. Kill any process that is not required for Windows to function. Basically everything not running under "system". There should be the process for the fake AV in there.

    Then load up msconfig (start > run > msconfig) and you should see the entry for the .exe in there somewhere. It will be under Application Data for the user. Obviously uncheck the process (and any other questionable/garbage stuff in there while you're at it) and then navigate to that app data folder and delete the exe. Delete all IE cache and cookes while you're at it.

    That should do it.

    The guy got it just from visiting some website that looked legit, too. Both using IE6 and then IE8.

    bombardier on
  • Options
    November FifthNovember Fifth Registered User regular
    edited November 2009
    I installed avast! after getting a few of these type viruses, and I haven't been bothered by them since.

    Of course avast itself will nag the hell out of you until you register it, so it's not a huge improvement.

    November Fifth on
  • Options
    ED!ED! Registered User regular
    edited November 2009
    bombardier wrote: »
    I have had to get rid of this twice on a user's PC. I did it without any tools.

    Load up Task Manager. Kill any process that is not required for Windows to function. Basically everything not running under "system". There should be the process for the fake AV in there.

    Then load up msconfig (start > run > msconfig) and you should see the entry for the .exe in there somewhere. It will be under Application Data for the user. Obviously uncheck the process (and any other questionable/garbage stuff in there while you're at it) and then navigate to that app data folder and delete the exe. Delete all IE cache and cookes while you're at it.

    That should do it.

    The guy got it just from visiting some website that looked legit, too. Both using IE6 and then IE8.

    The problem with this is that the malware will kill any attempt to run certain processes. It is hit or miss, but definitely it kills Task Manager.

    ED! on
    "Get the hell out of me" - [ex]girlfriend
  • Options
    bombardierbombardier Moderator mod
    edited November 2009
    ED! wrote: »
    bombardier wrote: »
    I have had to get rid of this twice on a user's PC. I did it without any tools.

    Load up Task Manager. Kill any process that is not required for Windows to function. Basically everything not running under "system". There should be the process for the fake AV in there.

    Then load up msconfig (start > run > msconfig) and you should see the entry for the .exe in there somewhere. It will be under Application Data for the user. Obviously uncheck the process (and any other questionable/garbage stuff in there while you're at it) and then navigate to that app data folder and delete the exe. Delete all IE cache and cookes while you're at it.

    That should do it.

    The guy got it just from visiting some website that looked legit, too. Both using IE6 and then IE8.

    The problem with this is that the malware will kill any attempt to run certain processes. It is hit or miss, but definitely it kills Task Manager.
    Maybe I did the msconfig thing first. I remember it trying to kill task manager but I got around it somehow.

    bombardier on
  • Options
    ChanusChanus Harbinger of the Spicy Rooster Apocalypse The Flames of a Thousand Collapsed StarsRegistered User regular
    edited November 2009
    ED! wrote: »
    bombardier wrote: »
    I have had to get rid of this twice on a user's PC. I did it without any tools.

    Load up Task Manager. Kill any process that is not required for Windows to function. Basically everything not running under "system". There should be the process for the fake AV in there.

    Then load up msconfig (start > run > msconfig) and you should see the entry for the .exe in there somewhere. It will be under Application Data for the user. Obviously uncheck the process (and any other questionable/garbage stuff in there while you're at it) and then navigate to that app data folder and delete the exe. Delete all IE cache and cookes while you're at it.

    That should do it.

    The guy got it just from visiting some website that looked legit, too. Both using IE6 and then IE8.

    The problem with this is that the malware will kill any attempt to run certain processes. It is hit or miss, but definitely it kills Task Manager.

    Try it from Safe Mode? I think that's how I got rid of it on a work computer once.

    Chanus on
    Allegedly a voice of reason.
  • Options
    rfaliasrfalias Registered User regular
    edited November 2009
    Do it in safe mode?
    Edit: Beated.

    Almost all this stuff needs to be done in safe mode to have any lasting effect.

    rfalias on
  • Options
    NikkiLavNikkiLav Registered User new member
    edited November 2009
    To get rid of this on a user's laptop, I use a IDE to USB converter and scanned it using my hard drive. (Sophos, @ work) It still had some other Trojans left - but installing Malware Bytes cleaned up the rest. :mrgreen:

    NikkiLav on
  • Options
    MinionOfCthulhuMinionOfCthulhu Registered User regular
    edited November 2009
    bombardier wrote: »
    I have had to get rid of this twice on a user's PC. I did it without any tools.

    Load up Task Manager. Kill any process that is not required for Windows to function. Basically everything not running under "system". There should be the process for the fake AV in there.

    Then load up msconfig (start > run > msconfig) and you should see the entry for the .exe in there somewhere. It will be under Application Data for the user. Obviously uncheck the process (and any other questionable/garbage stuff in there while you're at it) and then navigate to that app data folder and delete the exe. Delete all IE cache and cookes while you're at it.

    That should do it.

    The guy got it just from visiting some website that looked legit, too. Both using IE6 and then IE8.

    I killed the program using rkill (which stops shit from popping up until I restart but still borks Steam and LoL) but I can't find it in the System Configuration. Would it be safe to just uncheck everything except for Malware and restart?

    MinionOfCthulhu on
    mgssig.jpg1152dt.gif
  • Options
    SkeezicksSkeezicks Registered User regular
    edited November 2009
    I installed avast! after getting a few of these type viruses, and I haven't been bothered by them since.

    Of course avast itself will nag the hell out of you until you register it, so it's not a huge improvement.

    The registration is free for the home version and takes maybe five minutes to complete. I'd say it's a decent improvement. :)

    Skeezicks on
  • Options
    Descendant XDescendant X Skyrim is my god now. Outpost 31Registered User regular
    edited November 2009
    Skeezicks wrote: »
    I installed avast! after getting a few of these type viruses, and I haven't been bothered by them since.

    Of course avast itself will nag the hell out of you until you register it, so it's not a huge improvement.

    The registration is free for the home version and takes maybe five minutes to complete. I'd say it's a decent improvement. :)

    Or instead of Avast you could use Microsoft Security Essentials, because it is awesome and free (as in beer).

    Descendant X on
    Garry: I know you gentlemen have been through a lot, but when you find the time I'd rather not spend the rest of the winter TIED TO THIS FUCKING COUCH!
  • Options
    MinionOfCthulhuMinionOfCthulhu Registered User regular
    edited November 2009
    Alright, I think I got it. At least, I can't see it running anymore, and when I restart the computer, it isn't the first thing that pops up and acts like an asshole.

    Steam and League of Legends still don't recognize Internet Explorer though, which is weird. I even installed Internet Explorer 8.

    MinionOfCthulhu on
    mgssig.jpg1152dt.gif
  • Options
    MinionOfCthulhuMinionOfCthulhu Registered User regular
    edited November 2009
    All fixed (thanks to a friend). IE works and now I can go back to losing at League of Legends and staring at the Steam store and wishing I had money to buy Dragon Age and whatnot.

    MinionOfCthulhu on
    mgssig.jpg1152dt.gif
Sign In or Register to comment.