"AntiVirus Soft" malware on my PC

turbolapp

turbolapp

New member
Aug 10, 2007
8,500
187
0
This thing is kicking my virtual ass today. It's taken over my proxy settings blocking any of my files or browsers from loading. I'm currently in safemode trying to work through getting this crap out. I'm following the instructions from

Remove Antivirus Soft (Uninstall Guide)

I just wanted to see first, if this site is pretty legit? (it wants me to download something called "rkill") and if anyone else has come in contact with this nasty little bugger.
 


You tried running SpyBot yet?

Edit: Actually doesn't look like it will work for this so I guess follow the guide...

For future get daily backups running and then restore to a day when your computer was fine if something like this happens - sometimes these things are ridiculously hard to get rid of no matter what you do other than format.

I remember I had something similar a while ago and even though I removed it I never felt completely safe so just went ahead and reformatted (this was before I had daily backups). It sucks but with a backup you're back up and running without the headache of cleaning this crap up.
 
turbolapp said:
This thing is kicking my virtual ass today. It's taken over my proxy settings blocking any of my files or browsers from loading. I'm currently in safemode trying to work through getting this crap out. I'm following the instructions from

Remove Antivirus Soft (Uninstall Guide)

I just wanted to see first, if this site is pretty legit? (it wants me to download something called "rkill") and if anyone else has come in contact with this nasty little bugger.
Click to expand...

You should be good to go with that site - I think that Malwarebytes should pretty much take care of it (recommended it to a number of friends whose kids clicked the install popups). Shouldn't hurt to go through the rest of the guide.
 
get unhackme, but make sure you know what files/dlls you're removing or you end up with a blue screen of death and will need to do a fresh install
 
I've helped three people at my office deal with that crap, all three were, how to put this, less than savvy about links/ads/phishing awareness.

On the off chance somebody from WF is pushing something similiar to this, I hope you get hit by a fucking semi-truck.

But it isn't too difficult to remove. The easiest method is if there is a second profile on the computer since the parasite only appears in the profile of the infected user. Since this is hitting corporate machines here, I just boot the user, log in as me and navigate to the file locations like in the instructions you linked to. But Instead of navigating to through the random folder names like listed below I just delete all random folder names, any real program has a real name. I then let the user log back in and fix their IE proxy settings (and resist the urge to hit them for using IE6)

%UserProfile%\Local Settings\Application Data\<random>\
%UserProfile%\Local Settings\Application Data\<random>\<random>sysguard.exe
%UserProfile%\Local Settings\Application Data\<random>\<random>sftav.exe
 
Fucking IE7....that's my biggest complaint about using ubot. It only works in IE. I was doing a bot in photobucket when this happened so I guess I should be saying fucking photobucket in fucking IE, with all their fucking popup ads all over the fucking place.

but thanks for the input guys, I'll work on it some more tonight and see how it goes.
 
yep. malwarebytes, but if that does not remove it - download/run ComboFix from bleepingcomputer in safemode.
 
i had the same exact thing on my PC a few days ago. that page is legit, i got mine right off. just make sure u do everything it says in safe mode w/networking.
 
I tried to get rid of it for a friend of mine. If you are serious about security, do a clean install.

I worked on it for about 3h following all the directions and "solving" the problem. 3 days later it was back. As it says in the article it's like Herpes, nearly impossible to get completely rid of.
 
Dban you drive and reinstall Windows. Use NoScript for IE7. I doubt you got a Partnerka scareware from Photobucket. More likely a drive-by download or Java/Active X exploit on your travels round the net.
 
macpro.jpg
 
If it happened on the Photobucket site- its possible the person that exposed you to it did a "legit" CPM banner buy with creative that allowed them to rotate in malware or browser exploits when noone was looking. I've seen that happen on Facebook even, with malware like AntiVirus Soft. Then again, you could have also downloaded something else that caused the problem.
 
Had the same thing (fake anti-virus malware) happen to me on photobucket 2 weeks ago. Happened after I had photobucket open in my background after 30 minutes or so. Second time this happened on photobucket, the first time I thought it was a bot I had running on some other sketchy websites.

Here's what fixed it:

1. Run malware bytes
2. If your IE is getting sent to a proxy, run hijackthis and change the proxy setting that the malware changes.
 
You must log in or register to reply here.
Top Bottom