Antivirus 2009

[larryiam]

OK this is not happened to me so i can't give you the full problem it happened on my friends computer. OK here we go; my friend installed that antivirus 2009 on her computer not knowing what it was then it wanted her to pay for it so she thought she uninstalled it but now when she gets on internet explorer it works but in a little u get redirected to a error page. So now my question is what is a good way to git rid of that spyware? Would malwarebytes work getting rid of it?......i know i am asking for something that probably can't be answered.....but if i don't get rid of it her dad is going to sell the computer so.....any good applications to get rid of that? i will try malwarebytes but will it be good enough alone to rid the computer of it? To any that read this and give me help i can't thank you enough!! I really can't. GOD BLESS!
So suggestion would be grateful!

 

[xxdanielxx]

Hey l will be helping you on fixing the problem

* Click here to download HJTsetup.exe

• Save HJTsetup.exe to your desktop.
• Doubleclick on the HJTsetup.exe icon on your desktop.
• By default it will install to C:\Program Files\Hijack This.
• Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
• Put a check by Create a desktop icon then click Next again.
• Continue to follow the rest of the prompts from there.
• At the final dialogue box click Finish and it will launch Hijack This.
• Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
• Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
• Come back here to this thread and Paste the log in your next reply.
• DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

 

[larryiam]

Well i have a slight problem. I can't get to her computer. I was just wanting to know wat would be a few good applications to remove that spyware? Daniel I really appreciate you time to help me! Thank you!

 

[xxdanielxx]

Well its hard with out seeing what is in there

 

[larryiam]

Oh ok. Well thanks for your time anyway!! I'll just get malwarebytes, superantispyware, Spybot. I guess that should do. I do know the problem is Antivirus 2009.

 

[xxdanielxx]

well if you know that then go to this link

http://www.bleepingcomputer.com/malware-removal/uninstall-antivirus-2009

 

[larryiam]

OOHHH Thank you very much for the link!! Even though you really didn't do anything you have helped so much!! Thanks!! :grinthumb

 

[xxdanielxx]

Ya no problem if by any chance you can get a log from hijackthis I can check if there are other malware installed

 

[larryiam]

Why sure!

I am going over to her house next Friday. I am going to rum mbam full scan. Then because you were so nice to me ill save a log. Do u want me to save a log before or after i run mbam and a few other things?

 

[Blind Dragon]

definitely after

 

[larryiam]

Ok guys i will do! :grinthumb

 

[Blind Dragon]

it makes it easier if all the basic infections are off before we need to suggest removing something manually, or with a script ect.

 

[larryiam]

Well like i stated earlier its not my computer, its my friends and i only get to go over there for a little while. I'll try my best to get on over there and post a log. But i don't kno if i can stay to solve it. I am hoping mbam will take care of it! She said her dad installed that antivirus 2009. I am hoping thats all thats on there! When i get done running mbam and superantispyware i'm installing that advira anti-virus, comodo firewall, and winpatrol, along with firefox 3.0.1. (They are using internet explorer and its redirects a error message up now.) Hopefully it will slow anything down in the future! Thanks for your time!

 

[Blind Dragon]

After the scans I would also add spyware blaster

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

 

[larryiam]

Ok i will download that for me and my friend! Thanks so much! After i update to SP3 ill check out the tutorial!

 

[larryiam]

One last question. Would it be better to run the scans in normal mode or safe mode?

 

[xxdanielxx]

I think its better in safe mode for MBAM

 

[larryiam]

Thanks! I was wondering that. :grinthumb

 

[larryiam]

Got MBAM log

hey guys i got the mbam log.........was it successful? thats my friend computer NOT mine....

 

[xxdanielxx]

well it found a-lot make sure to delete it from the quarantine. Also It looks like they have a Rootkit.DNSChanger I would run the following apps make sure to post back with the logs. Also by any chance did you get a hijackthis log. Looks like we need to see that.

Download & Install SDFix

• Download SDFix & save it to your Desktop.
• Double click SDFix.exe & it will extract the file to %systemdrive%
  (Drive that contains the Windows Directory, Typically C:\SDFix)

Boot into Safe Mode

• Restart your computer & start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, & then press Enter.

Run SDFix

• Open the extracted SDFix folder & double click RunThis.bat to start the script.
• Type Y to begin the cleanup process.
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
• Once the desktop icons load the SDFix report will open on the screen & also save into the SDFix folder as Report.txt
• Attach Report.txt back here

--------------------------------ComboFix

• Download ComboFix to your desktop.
• Double click combofix.exe & follow the prompts.
• A window will open with a warning.
• When the scan completes it will open a text window. Please attach that log back here together with a fresh HJT log.

Caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Combofix is a very powerful tool so please do NOT do anything without instruction

Combofix will automatically save the log file to C:\combofix.txt

---------------------------------------------

Please run an on-line virus scan at http://www.kaspersky.com/virusscannerKaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

+++++

If you are unable to run the activeX Antivirus Scanners, lets try this Java based solution from Trend Micro.

 

[larryiam]

well will it hurt anything if it is left on there for a few days?.....i can get over there till friday......then i can run ur programs u requested......thanks though

 

[xxdanielxx]

Well it found some of the file and it looks like there is a rootkit and a dns changer trojan. I cant really say but any computer that is infected with malware is not safe to use or thats what I think maybe blind dragon can say.

Rogue.Installer
Rogue.XPAntivirus

 

[larryiam]

well i kinda figured that. But i can't get over there till Friday to remove all of that. I was just wondering if it was usable for the time being?.......

 

[xxdanielxx]

well if they use it do not enter password and most likely by using it the way it is they would get re infected or get infected with something else

 

[larryiam]

well ok.....no passwords....gotcha....i hope no more infections!