Blocking winav.exe (WinAntiVirus Pro 2006)

[jives11]

Hi, well for the second time in 9 months my sons PC get infected with the winav.exe trojan/malware thing, where a bogus antivirus program pops up that your PC is infected and the security center is removed from control panel, a bogus red security aleart is in the intray and WinAntiVirus Pro appears to have been installed.

It's just plain annoying, and I rolled the PC back to a couple of days ago and all was fine, then ran a full AVG Free check, Spybot & windefender check. I also run the resident Spybot process, blocked hosts entries etc etc. ran windefender too.

I think my son got this from following a link from a web page - OK not always a good idea, but heh, we've all done it.

Anyway , is there a suggested way to block these kinds of drive-by infections ? I've kind of got into the habit of using free software for AV, and would prefer to keep it that way if possible. I think his IE is locked down, would firefox be more resistant ?

 

[Bobbye]

I would first make sure all the malware is gone. Please follow the steps here:
https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

Attach the three logs in your next reply.

They will also give us an idea of what security is on the system. Just remember this:
1. Security begins with the user. No matter what or how many programs are on the system, if the user doesn't practice safe surfing and safe email handling, malware will get on the system.

2. Don't do a System Restore when malware is suspected. You don't know when the malware got on the system and you can actually infect or reinfect a system using restore points with malware in the files.

3. AVG is not the best AV on the block. Avira, also free, would give him better protection:
Avira: https://www.techspot.com/downloads/41-antivir-personal-edition.html

4. The use of a firewall add to the protection.

5. Two or more spyware/adware programs should be on the system.

6. I use Firefox and consider it safer than Internet Explorer.

 

[Bobbye]

I will review the three logs if and when you post them, after running the three programs. Chances are good that if this got in, other malware did also. Best to try and find and remove it all.