TechSpot

Antivirus pro 2009 has disabled hijackthis

By ded2day
Nov 10, 2008
  1. i'm having a problem with antivirus pro 2009. it has disabled hijackthis and is wreaking general havoc on my machine. i have tried to manually go into regedit but i'm having troubles finding avp9 or anything similar. can you help me please.
     
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi ded2day

    I see you are currently on line. Thought I would catch you before you log off.

    Stand by and I will have instructiond for you in a few moments.

    Mile
     
  3. ded2day

    ded2day TS Member Topic Starter Posts: 31

    thanx. i'm currently running malwarebytes anti-malware...
     
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    Great please be sure and attach its log back

    Are you doing our 8 steps

    If not then go here: The TechSpot 8 steps: http://www.techspot.com/vb/topic58138.html

    Do each step carefully do not skimp and attach all logs.

    Once completed logs posted and rebooted do the below.

    Click inside gray box below and drag mouse to copy all the text, notice the slider bars, be sure to get the @ sign to the end of the word Exit.

    Then Start-run
    type
    cmd
    hit enter or click ok

    Black command prompt will open

    Rt click inside the screen and click paste window should close if not close it.

    Code:
    @echo off
    :: Remove AntiVirus2009
    attrib -h -s -r %UserProfile%\Desktop\Antivirus 2009.lnk
    attrib -h -s -r %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
    attrib -h -s -r %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll
    attrib -h -s -r %UserProfile%\Start Menu\Antivirus 2009\*.*
    
    del %UserProfile%\Desktop\Antivirus 2009.lnk /f /q
    del %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk /f /q
    del %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll /f /q
    del %UserProfile%\Start Menu\Antivirus 2009\*.* /f /q
    
    rd /s /q %UserProfile%\Start Menu\Antivirus 2009
    
    attrib -h -s -r c:\Program Files\Antivirus 2009\*.*
    rd /s/q c:\Program Files\Antivirus 2009
    
    attrib -h -s -r c:\WINDOWS\system32\ieupdates.exe
    attrib -h -s -r c:\WINDOWS\system32\scui.cpl
    attrib -h -s -r c:\WINDOWS\system32\winsrc.dll
    
    del c:\WINDOWS\system32\ieupdates.exe /f /q
    del c:\WINDOWS\system32\scui.cpl /f /q
    del c:\WINDOWS\system32\winsrc.dll /f /q
    
    reg delete HKEY_CURRENT_USER\Software\75319611769193918898704537500611
    reg delete HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
    reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
    reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "75319611769193918898704537500611"
    reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ieupdate"
    exit
    
    
    After this reboot and attache a new HJT log.

    Mike
     
  5. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    MBAM will remove it - but as stated above you should attach a hijackthis log after it is done, this is why we put hijackthis instructions as the last step of the preliminary instructions
     
  6. ded2day

    ded2day TS Member Topic Starter Posts: 31

    Hey. Thanx. I'm currently running hijackthis. It's finally working.
     
  7. ded2day

    ded2day TS Member Topic Starter Posts: 31

    and I need to post a couple of times before i can put attachments in.
     
  8. ded2day

    ded2day TS Member Topic Starter Posts: 31

    I believe avp9 is no more. from hijackthis i deleted some bastk files....
     
  9. mflynn

    mflynn TS Rookie Posts: 2,655

    :D You will get to attach soon!

    Good luck!

    Mike
     
  10. ded2day

    ded2day TS Member Topic Starter Posts: 31

    hey. i'm going to download superantispyware soon....
     

    Attached Files:

  11. mflynn

    mflynn TS Rookie Posts: 2,655

    You have more than AntiVirus 2009!

    This one should go after my instructions "C:\WINDOWS\system32\brastk.exe"

    HJT Scan only select and remove the following

    O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
    O4 - HKLM\..\Run: [brastk] brastk.exe
    O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'Default user')
    O20 - AppInit_DLLs: karna.dat
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Run MalwareBytes again attach log then continue below.

    Then go back to the 8 Steps install SuperAntispyware update it and and configure it as below:

    After installed double-click the icon on your desktop to run it.
    It asks to update the program definitions, click Yes.
    Under Configuration and Preferences, click the Preferences button.
    Then Scanning Control.
    In Scanner Options make sure the following are checked:
    1. Close browsers before scanning
    2. Scan for tracking cookies
    3. Terminate memory threats before quarantining.
    4. Leave the others as they are.

    Click Close button to exit control center.
    On main screen, Scan for Harmful Software click Scan your computer.
    On the left check C:\Fixed Drive.
    On the right, under Complete Scan, choose Perform Complete Scan.
    Click Next to start the scan.

    It will take while as it scans your computer.

    After the scan, a summary box will popup. Click OK.
    Make sure all in the white box has a check next to it, click Next.
    It will quarantine what it found, and pop up a log file. Attach log file back to Thread.

    If asked to reboot, click Yes.

    If you missed the log file or cannot post perhaps in Safe Mode then....

    To retrieve the log do the following:

    After reboot, double-click the SUPERAntispyware icon on desktop.
    Click Preferences-Statistics/Logs tab.
    Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. It will open..
    In notepad, then save as sas.log.
    Close SAS.
    Attach saslog back to thread with a new HijackThis log.

    Mike
     
  12. mflynn

    mflynn TS Rookie Posts: 2,655

    To this point not needed but are you running XP or Vista?

    Should put in system specs!

    And did you run the cmd process I posted?

    Mike
     
  13. rf6647

    rf6647 TS Maniac Posts: 829

    MBAM is out-of-date.

    Version 1.30, DB ver. 1379 is available.

    It should clean up brastk & karna. TDSS detection appears stronger.
     
  14. mflynn

    mflynn TS Rookie Posts: 2,655

    Geeze thanks rf6647

    I usually catch that especially in HJT, I am glad you noticed it. Then she is not following instructions and doing the 8 steps.

    I gave her enhanced config for SAS hopefully that will get it

    ded2day these 2 can mess up your system where it will not even boot!

    It may seem like it is fixed until it lowers the boom again! And as I said it may not boot at all!

    Get the MWBAM updated and start all over!

    Mike
     
  15. ded2day

    ded2day TS Member Topic Starter Posts: 31

    I'm in a pickle again. My internet explorer is slow, google is redirecting me to advertisements, I can't download superatispyware, and my mbam is not working. I can however get hijackthis to work and avira is working. (I also used ccleaner a few times). attached is hijack log and avira log if that helps.
     
  16. mflynn

    mflynn TS Rookie Posts: 2,655

    It's because you were never finished in the first place. You never came back!!

    Stay this time until we say you are clean.

    You need to to rename SuperAntiSpyware to say SAS.exe and mbam.exe to mwbam.exe.

    So My Computer to \Program Files\SuperAntiSpyware find and rename as above and run from there by dbl clicking SAS.exe.

    Then do the same for MalwareBytes.

    After loading but before clicking Scan do the below config changes

    SuperAntispyware config

    UPDATE!

    Then

    Click the Preferences button.

    Then Scanning Control.

    In Scanner Options make sure the following are checked:
    1. Close browsers before scanning
    2. Scan for tracking cookies
    3. Terminate memory threats before quarantining.
    4. Leave the others as they are.

    In MalwareBytes after update but before running
    Click settings and confirm all are Checked.

    I repeat Update these 2 programs.

    Run them and attach their logs then a new HJT log HJT always last.

    After attaching logs from above run both programs again to confirm they find nothing else and attach new logs for this run!

    Mike
     
  17. ded2day

    ded2day TS Member Topic Starter Posts: 31

    Everytime I go to download SAS, I get a blank web page (try your webpage again, or make sure you're connected, etc...). I tried renaming MBAM, and it does download, but then when installing at mbamext.dll, it says unable to register the DLL/OCX: RegSvr32 failed with exit code 05. I have also tried going to another computer and downloading MBAM and SAS, then copying to a cd, then trying to get them to work on my machine, but it doesn't work. SAS says it's missing files, and MBAM just doesn't work when I click on it. Any ideas?? (oh I'm still having the same google redirect, and browser slowness problems)
     
  18. mflynn

    mflynn TS Rookie Posts: 2,655

    Sounds like you are renaming before it is ever installed?

    Get the installer for SAS and MBAM on a CD, then run that installer from the CD and install normally on the problem computer.

    Normally it would be ready to run but the Virus/Malware is preventing it from running so after it is installed is when you rename before running or updating.

    Then browse to the program as mentioned in the previous posts.

    Mike
     
  19. ded2day

    ded2day TS Member Topic Starter Posts: 31

    Okey dokey. I have SAS now. I configured it the way you said and ran it twice. I will run it another time tonight when i get home. the mbam is just not installing properly. it keeps on giving me the dll/ocx regsvr32 error. i will try to install again tonight. thanx.
     
  20. mflynn

    mflynn TS Rookie Posts: 2,655

    I have yet to see the logs!!!

    I want the logs!! I want the logs!! I want the logs!! I must know what you had!

    Even if mbam came up clean on last run, Open but don't run, click logs start at top attach all logs.

    Mike
     
  21. ded2day

    ded2day TS Member Topic Starter Posts: 31

    here is SAS logs. Mbam is still not working. I tried copying the installer to my computer with no success. I tried running the installer right from the disc with no success. I've also tried downloading again directly with no success.
     
  22. mflynn

    mflynn TS Rookie Posts: 2,655

    OK don't stop now.

    Run MBAM again the last one you ran was ancient so update it and run again.

    Mike
     
  23. mflynn

    mflynn TS Rookie Posts: 2,655

    Hi dis1

    Welcome aboard.

    1st Create a new thread for this.
    2nd Copy and paste all here to the new Thread
    3rd after new thread is in place come back here and edit and clear you message.

    You likly do not know this but is called Hijacking a thread.

    No problem just do as above.

    But you just as well stop and do the below begin by downloading the attachment if you can, if you can not you must struggle thu until you can UPDATE mbam and get SAS an UPDATE it. Post all logs as you go. At some point it will break lose and work better.

    Mike


    http://www.techspot.com/vb/topic115811.html

    EDIT: Just saw your last post Create your own Thread but after each run with mbam try the update!
     
  24. ded2day

    ded2day TS Member Topic Starter Posts: 31

    hey. SAS won't update. It says I have a firewall blocking it. I have turned windows firewall off, but I'm not sure if I might have another firewall?? MBAM is still not installing.
     
  25. mflynn

    mflynn TS Rookie Posts: 2,655

Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...