Antivirus pro 2009 has disabled hijackthis
- Thread starter ded2day
- Start date
- Status
Great please be sure and attach its log back
Are you doing our 8 steps
If not then go here: The TechSpot 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Do each step carefully do not skimp and attach all logs.
Once completed logs posted and rebooted do the below.
Click inside gray box below and drag mouse to copy all the text, notice the slider bars, be sure to get the @ sign to the end of the word Exit.
Then Start-run
type
cmd
hit enter or click ok
Black command prompt will open
Rt click inside the screen and click paste window should close if not close it.
After this reboot and attache a new HJT log.
Mike
Are you doing our 8 steps
If not then go here: The TechSpot 8 steps: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Do each step carefully do not skimp and attach all logs.
Once completed logs posted and rebooted do the below.
Click inside gray box below and drag mouse to copy all the text, notice the slider bars, be sure to get the @ sign to the end of the word Exit.
Then Start-run
type
cmd
hit enter or click ok
Black command prompt will open
Rt click inside the screen and click paste window should close if not close it.
Code:
@echo off
:: Remove AntiVirus2009
attrib -h -s -r %UserProfile%\Desktop\Antivirus 2009.lnk
attrib -h -s -r %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
attrib -h -s -r %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll
attrib -h -s -r %UserProfile%\Start Menu\Antivirus 2009\*.*
del %UserProfile%\Desktop\Antivirus 2009.lnk /f /q
del %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk /f /q
del %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll /f /q
del %UserProfile%\Start Menu\Antivirus 2009\*.* /f /q
rd /s /q %UserProfile%\Start Menu\Antivirus 2009
attrib -h -s -r c:\Program Files\Antivirus 2009\*.*
rd /s/q c:\Program Files\Antivirus 2009
attrib -h -s -r c:\WINDOWS\system32\ieupdates.exe
attrib -h -s -r c:\WINDOWS\system32\scui.cpl
attrib -h -s -r c:\WINDOWS\system32\winsrc.dll
del c:\WINDOWS\system32\ieupdates.exe /f /q
del c:\WINDOWS\system32\scui.cpl /f /q
del c:\WINDOWS\system32\winsrc.dll /f /q
reg delete HKEY_CURRENT_USER\Software\75319611769193918898704537500611
reg delete HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "75319611769193918898704537500611"
reg delete HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "ieupdate"
exitAfter this reboot and attache a new HJT log.
Mike
Blind Dragon
Posts: 3,774 +4
MBAM will remove it - but as stated above you should attach a hijackthis log after it is done, this is why we put hijackthis instructions as the last step of the preliminary instructions
You will get to attach soon!You have more than AntiVirus 2009!
This one should go after my instructions "C:\WINDOWS\system32\brastk.exe"
HJT Scan only select and remove the following
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'Default user')
O20 - AppInit_DLLs: karna.dat
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Run MalwareBytes again attach log then continue below.
Then go back to the 8 Steps install SuperAntispyware update it and and configure it as below:
After installed double-click the icon on your desktop to run it.
It asks to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Then Scanning Control.
In Scanner Options make sure the following are checked:
1. Close browsers before scanning
2. Scan for tracking cookies
3. Terminate memory threats before quarantining.
4. Leave the others as they are.
Click Close button to exit control center.
On main screen, Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan.
It will take while as it scans your computer.
After the scan, a summary box will popup. Click OK.
Make sure all in the white box has a check next to it, click Next.
It will quarantine what it found, and pop up a log file. Attach log file back to Thread.
If asked to reboot, click Yes.
If you missed the log file or cannot post perhaps in Safe Mode then....
To retrieve the log do the following:
After reboot, double-click the SUPERAntispyware icon on desktop.
Click Preferences-Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. It will open..
In notepad, then save as sas.log.
Close SAS.
Attach saslog back to thread with a new HijackThis log.
Mike
This one should go after my instructions "C:\WINDOWS\system32\brastk.exe"
HJT Scan only select and remove the following
O3 - Toolbar: (no name) - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - (no file)
O4 - HKLM\..\Run: [brastk] brastk.exe
O4 - HKUS\S-1-5-18\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [brastk] C:\WINDOWS\system32\brastk.exe (User 'Default user')
O20 - AppInit_DLLs: karna.dat
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Run MalwareBytes again attach log then continue below.
Then go back to the 8 Steps install SuperAntispyware update it and and configure it as below:
After installed double-click the icon on your desktop to run it.
It asks to update the program definitions, click Yes.
Under Configuration and Preferences, click the Preferences button.
Then Scanning Control.
In Scanner Options make sure the following are checked:
1. Close browsers before scanning
2. Scan for tracking cookies
3. Terminate memory threats before quarantining.
4. Leave the others as they are.
Click Close button to exit control center.
On main screen, Scan for Harmful Software click Scan your computer.
On the left check C:\Fixed Drive.
On the right, under Complete Scan, choose Perform Complete Scan.
Click Next to start the scan.
It will take while as it scans your computer.
After the scan, a summary box will popup. Click OK.
Make sure all in the white box has a check next to it, click Next.
It will quarantine what it found, and pop up a log file. Attach log file back to Thread.
If asked to reboot, click Yes.
If you missed the log file or cannot post perhaps in Safe Mode then....
To retrieve the log do the following:
After reboot, double-click the SUPERAntispyware icon on desktop.
Click Preferences-Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. It will open..
In notepad, then save as sas.log.
Close SAS.
Attach saslog back to thread with a new HijackThis log.
Mike
Geeze thanks rf6647
I usually catch that especially in HJT, I am glad you noticed it. Then she is not following instructions and doing the 8 steps.
I gave her enhanced config for SAS hopefully that will get it
ded2day these 2 can mess up your system where it will not even boot!
It may seem like it is fixed until it lowers the boom again! And as I said it may not boot at all!
Get the MWBAM updated and start all over!
Mike
I usually catch that especially in HJT, I am glad you noticed it. Then she is not following instructions and doing the 8 steps.
I gave her enhanced config for SAS hopefully that will get it
ded2day these 2 can mess up your system where it will not even boot!
It may seem like it is fixed until it lowers the boom again! And as I said it may not boot at all!
Get the MWBAM updated and start all over!
Mike
I'm in a pickle again. My internet explorer is slow, google is redirecting me to advertisements, I can't download superatispyware, and my mbam is not working. I can however get hijackthis to work and avira is working. (I also used ccleaner a few times). attached is hijack log and avira log if that helps.
It's because you were never finished in the first place. You never came back!!
Stay this time until we say you are clean.
You need to to rename SuperAntiSpyware to say SAS.exe and mbam.exe to mwbam.exe.
So My Computer to \Program Files\SuperAntiSpyware find and rename as above and run from there by dbl clicking SAS.exe.
Then do the same for MalwareBytes.
After loading but before clicking Scan do the below config changes
SuperAntispyware config
UPDATE!
Then
Click the Preferences button.
Then Scanning Control.
In Scanner Options make sure the following are checked:
1. Close browsers before scanning
2. Scan for tracking cookies
3. Terminate memory threats before quarantining.
4. Leave the others as they are.
In MalwareBytes after update but before running
Click settings and confirm all are Checked.
I repeat Update these 2 programs.
Run them and attach their logs then a new HJT log HJT always last.
After attaching logs from above run both programs again to confirm they find nothing else and attach new logs for this run!
Mike
Stay this time until we say you are clean.
You need to to rename SuperAntiSpyware to say SAS.exe and mbam.exe to mwbam.exe.
So My Computer to \Program Files\SuperAntiSpyware find and rename as above and run from there by dbl clicking SAS.exe.
Then do the same for MalwareBytes.
After loading but before clicking Scan do the below config changes
SuperAntispyware config
UPDATE!
Then
Click the Preferences button.
Then Scanning Control.
In Scanner Options make sure the following are checked:
1. Close browsers before scanning
2. Scan for tracking cookies
3. Terminate memory threats before quarantining.
4. Leave the others as they are.
In MalwareBytes after update but before running
Click settings and confirm all are Checked.
I repeat Update these 2 programs.
Run them and attach their logs then a new HJT log HJT always last.
After attaching logs from above run both programs again to confirm they find nothing else and attach new logs for this run!
Mike
Everytime I go to download SAS, I get a blank web page (try your webpage again, or make sure you're connected, etc...). I tried renaming MBAM, and it does download, but then when installing at mbamext.dll, it says unable to register the DLL/OCX: RegSvr32 failed with exit code 05. I have also tried going to another computer and downloading MBAM and SAS, then copying to a cd, then trying to get them to work on my machine, but it doesn't work. SAS says it's missing files, and MBAM just doesn't work when I click on it. Any ideas?? (oh I'm still having the same google redirect, and browser slowness problems)
Sounds like you are renaming before it is ever installed?
Get the installer for SAS and MBAM on a CD, then run that installer from the CD and install normally on the problem computer.
Normally it would be ready to run but the Virus/Malware is preventing it from running so after it is installed is when you rename before running or updating.
Then browse to the program as mentioned in the previous posts.
Mike
Get the installer for SAS and MBAM on a CD, then run that installer from the CD and install normally on the problem computer.
Normally it would be ready to run but the Virus/Malware is preventing it from running so after it is installed is when you rename before running or updating.
Then browse to the program as mentioned in the previous posts.
Mike
Hi dis1
Welcome aboard.
1st Create a new thread for this.
2nd Copy and paste all here to the new Thread
3rd after new thread is in place come back here and edit and clear you message.
You likly do not know this but is called Hijacking a thread.
No problem just do as above.
But you just as well stop and do the below begin by downloading the attachment if you can, if you can not you must struggle thu until you can UPDATE mbam and get SAS an UPDATE it. Post all logs as you go. At some point it will break lose and work better.
Mike
https://www.techspot.com/vb/topic115811.html
EDIT: Just saw your last post Create your own Thread but after each run with mbam try the update!
Welcome aboard.
1st Create a new thread for this.
2nd Copy and paste all here to the new Thread
3rd after new thread is in place come back here and edit and clear you message.
You likly do not know this but is called Hijacking a thread.
No problem just do as above.
But you just as well stop and do the below begin by downloading the attachment if you can, if you can not you must struggle thu until you can UPDATE mbam and get SAS an UPDATE it. Post all logs as you go. At some point it will break lose and work better.
Mike
https://www.techspot.com/vb/topic115811.html
EDIT: Just saw your last post Create your own Thread but after each run with mbam try the update!
This is the answer to your problems if you can get the Attachment to download have you tried?
Only post #3.
https://www.techspot.com/vb/topic115811.html
Mike
Only post #3.
https://www.techspot.com/vb/topic115811.html
Mike
- Status
Similar threads
