TechSpot

Beware of WinAntiVirus Pro 2007

By MarkFromMS
Oct 31, 2007
  1. Had WinAntiVirus and other malware/virus; need help with repairs, please.

    I had some viruses and spyware problems. But after reading some of the posts here I was able to remove them using AVG. I tried the SmitfraudFix but all it would say is "access denied..." over and over. The popup about "window security... your computer is making copies of data... please click below to scan for spyware... " is finally gone! And scans by AVG Anti-spyware, AVG Anti-virus, and AVG's Anti-rootkit are all coming back clear. Prior to getting this cleaned up, my desktop background changed to gray. When I tried to change it back, I found that "Control Panel" was gone. I went in through "Printers and Faxes" and tried to access control panel there and I get a message that says "Restrictions This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator." I get the same message when I click on "Set Program Access and Defaults."

    I don't know much about computers and some of the stuff I have read on here sounds Greek to me. So I would really appreciate any help you can give, just remember that you are talking to a "Computer Dummy."

    Also, someone metioned a yellow shield with an exclamation mark on their task bar as being related to WinAntiVirus. I had WinAntiVirus but was able to uninstall it (I think) but i have that icon and if I click on it nothing happens. Earlier today it said that updates are ready for your computer, click here to install them; which I did. It looked like a regular Windows update.
     
  2. MarkFromMS

    MarkFromMS TS Rookie Topic Starter

    Just an alert to other dummies like me-

    I had a pop-up appear that said "Windows Security..." and talked about my computer making unauthorized copies of data, etc. Click below to scan for spyware...

    At first it looked legit. But I clicked "no" and it kept comming back. Finally I hit "yes" because I was afraid that it was right and I had to stop this spyware. It took me to a screen for WinAntiVirus Pro 2007. Again it looked very legit and in fear of what might be happening to my data, I purchased and downloaded it for $50. Everything about it looked legit and since it was for sale, I figured it had to be right. It scanned and found some stuff and removed several threats and seemed to be doing the job. The pop-up was gone. My system started working correctly again and everything seemed ok. But it seemed to really slow my system down so I called them and told them I wanted a refund. They quickly agreed and I used the uninstall feature and everything seemed to be ok. Then the pop-ups returned. This time it took me to another website that really started doing some crazy things to my computer. That one was obviously rogue. I still had the WinAntiVirus Pro 2007 install file, so I reinstalled it and again it found a bunch of stuff and cleared it but the pop-ups didn't go away and my system didn't start working properly like it did the last time. That's when I found this site. Here I found out that WinAntiVirus is a rogue spyware program. Someone had a very simple post that said if a company has to use fake pop-up warnings to lure you to their site, then thay can't be very trustworthy. Makes sense, but in fear and panic people just don't think right.

    Don't be suckered like me. I finally got things cleared up through advice I found here using free AVG software, but I am still trying to get my system back to normal.
     
  3. zipperman

    zipperman TS Rookie Posts: 1,179   +7

    You must be new to a PC

    This is a common happening.You should never say Yes and actually
    use your credit card.Install IEx7 for better protection from these feeds.
    Now as for uninstalling if you got a refund as you say.
    First find the folder it was or is installed in.If it has an uninstall file,
    use it.Otherwise add/remove.
    Then delete the folder and any files in it that may remain.
    This should completly remove it.Get both free Ad-Aware downloads.
    and do an update then a Scan.
    Heres a good PC check,but ignore the ads.
    It will suggest fixes you need.
    http://www.pcpitstop.com/
     
  4. kitty500cat

    kitty500cat TS Evangelist Posts: 2,154   +6

    Hello and welcome to TechSpot.

    You need to read this thread before deciding whether to clean or reformat your system.

    If you decide to clean your system, please do the following.

    Read Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, Combofix, and AVG Antispyware logs as attachments into this thread, only after doing the above.
    Also post the results of the Panda Antirootkit scan.

    Regards :)

    This thread is for the use of MarkFromMS only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.[/QUOTE]
     
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Threads merged.

    Just follow the instructions as given by kitty500cat and hopefully, we can get your system back to normal.

    Regards Howard :wave: :wave:

    This thread is for the use of MarkFromMS only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  6. MarkFromMS

    MarkFromMS TS Rookie Topic Starter

    Trying to get downloads done; meanwhile, have another question.

    I am trying to get the files downloaded from the "15 steps" using dial-up so it will be a while before I can post results.

    The on-line scanner did not work, probably because of my slow connection. Anyway, per your instructions, I have skipped it.

    I have noticed a sheild icon on my taskpane that I don't remember being there before. When I noticed it, I just thought it was a normal windows update icon. However when I click on it nothing happens (right-click or left-click). If i just move my mouse over it a downloading % message comes up. Someone on here mention something similar as being associated with WinAntiVirus Pro 2007. I have uninstalled that program and don't see any folders for it remaining. As AVG scans haven't showed anything from it. I am attaching a screen shot of it. Please let me know if I should be concerned about it.

    Thanks. View attachment SHIELD.bmp
     
  7. Cinders

    Cinders TechSpot Chancellor Posts: 872   +12

    That looks to be the windows security center download notification shield, and it is normal. The WinAntivirusPro shield is blue and a bit larger and constantly ballooning out to inform you that you are infected.

    Just send your computer to me I have broadband and can easily do the various things Howard is advising you to do. You'll have to prepay for shipping both ways, and I'll get to look at your porn. :)
     
  8. MarkFromMS

    MarkFromMS TS Rookie Topic Starter

    I have gotten to step 10 "Tool 1". However, everytime I try to run SmitfraudFix.exe the menu comes up and I choose option 2 per instructions. I then get a series of "access denied... access denied..." along with a couple other lines interspersed such as "killing process..." Then after a while, it goes back to the black "safe mode" screen with no icons or task bar and just sits there. I used control-alt-delete to open task manager and found no programs running. I closed task manager and waited a little longer, but nothing else happened. Finally I just restarted and tried again 2 more times with the same results. What now?
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Skip Smitfraudfix for now and continue with the rest of the instructions.

    Regards Howard :)

    This thread is for the use of MarkFromMS only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. MarkFromMS

    MarkFromMS TS Rookie Topic Starter

    Results

    Thanks, Howard.

    Everything seems to be back to normal. Of course running the cleaner or one of the programs reset all of my settings like preferences and date formats and such. But in doing so it restored my desktop as well as missing components like Control Panel.

    The Panda Antiroot came back clean. The AVG Spyware and Virus scans were both clear. Virtumundo came back nothing found.

    Do you still need those reports or do you think my system cleaned. (I am just concerned about posting those reports and accidentally revealing personal identification info.)
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    It would be wise to post the Combofix and HJT logs, just so we can make absolutely sure your system is clean.

    Regards Howard :)

    This thread is for the use of MarkFromMS only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. MarkFromMS

    MarkFromMS TS Rookie Topic Starter

    Reports

    Here they are. Let me know if you find anything. Thanks.
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Can you tell me exactly what this is?

    *****

    Delete the following folders.

    C:\VundoFix Backups
    C:\Qoobox

    Other than the one suspicious entry above, your log files are clean.

    Regards Howard :)

    This thread is for the use of MarkFromMS only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. MarkFromMS

    MarkFromMS TS Rookie Topic Starter

    That program is o.k. It is work related. If you don't mind, please edit it from your previous thread. Thanks for all your help and advice!
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    No worries, edited.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of MarkFromMS only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...