TechSpot

Antivirus 2009

By gerritvk
Jan 11, 2009
  1. Sounds like I have the same problem as many of the other posters,

    This is client’s computer that I am working on; she also installed anivirus 2009, good thing she didn't pay for it as it suggested to her.

    Other people have attempted to remove it with failing that's why she called me, at arriving to her house and Googleing one thing and clicking on the Google result I noticed it was not opening the page that I click it was opening another window that had ads on it. so I figured maybe ie got infected.

    So I typed in firefox.com and downloaded that, but same thing, when I went to one of the results page it gave me a page could not be found and it would do it on almost every site I went onto.

    So I pinged Google and got the right ip back, then I pinged bleepingcomputer.com and I noticed it was the ip was 127.0.0.1.

    I brought the computer back to my house for diagnostics, and so I could look up how to remove it.

    Was wondering if anyone could assist me with other errors and removing anything else.
    Currently ran malwarebyres, I clicked remove selected.
    Attached hijackthis log
    Attached malwarebyres log


    Thanks for all the great help
     
  2. adweston

    adweston Banned Posts: 242

    You'll need to find a way to download Combofix. Combofix eats that AV2009 garbage for breakfast. :)
     
  3. gerritvk

    gerritvk TS Rookie Topic Starter

    ok good I did that allready

    Just triple checking the machine

    thanks
     
  4. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    -> No action taken on MBAM scan, for found issues
    Please re-run Malwarebytes
    Confirm updated (third tab)
    Then do the above quoted message, but this time "Remove all found issues"

    By the way, you will need to then restart, and run (and attach) a new HJT log

    Always best to check the logs in these issues ;)

    Edit:

    Have a look at:

    UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions

    Also can I ask why are you in Safe Mode on HJT ? Does the computer boot to normal mode at all ?

    Info on Combofix
    Lots of info on its use here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix
    Direct download here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Save it to a location that you can easily find later (in Safe Mode) ie directly to C drive

    Restart your computer to Safe Mode (by repeatedly pressing F8 on your keyboard before Windows starts)
    Log into your Administrator account
    Locate the previously downloaded Combofix
    Double click on it to run, answering any prompts along the way
    Note: during Combofix scan (lasting up to 10mins) your Desktop and clock may reset (all normal)

    Once Combofix has finished, save the log file to be attached to a new reply
    Restart back to Normal mode, and attach the Combofix log
     
  5. gerritvk

    gerritvk TS Rookie Topic Starter

    Sorry those are the logs before

    Here is the logs after running all the removal software. looks as clean as you can get it.
     
  6. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    Malwarebytes' Anti-Malware updated
    But you performed a quick (4minute) scan

    Please restart it, update it (just in case of new updates)
    And do a full scan
     
  7. gerritvk

    gerritvk TS Rookie Topic Starter

    sorry that was the wrong log, I did do a full scan and it found nothing.
     
  8. gbalkam

    gbalkam TS Rookie Posts: 22

    This is a varition of the Smitfraud virus. It is a fake antivirus application that requires you to purchase the software to remove it. Download the latest smitfraud repair tool. You can also try sourceforge.net and download clamwin antivirus, running this will remove the parts of the infection that keep your computer from connecting to antivirus sites. I've tried this and found it worked because... the smitfraud does not know clamwin IS an antivirus program. As near as I can figure. It is also probably a variation of the Vundo (Vundu?) virus which is sometimes bundled along with smitfraud.
    This virus disables existing antivirus software and anti-spy/malware software and it one SOB to get rid of. Knowing that it is a smitfraud variation is half the battle.
     
  9. kimsland

    kimsland Ex-TechSpotter Posts: 14,524

    [​IMG] Run Smitfraudfix
    • Download Smitfraudfix by S!ri from HERE
    • Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    • Double-click SmitfraudFix.exe
    • Select 2 and hit Enter to delete infected files.
    • You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    • The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    • A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...