Antivirus360 (AV360) Virus Removal
Posted on 2009-02-13
OK, I've got a road user who has the AV360 virus (fake anti-virus program). I also had a local in office user who got the same virus. I spent day's fixing the in house unit, and finally was able to remove the virus. I'm having much more trouble with the road user. Here's the troubleshooting scenario:
Local User - We used our Symantec AntiVirus (10.1) to clean the local unit. We removed many trojan and backdoor virus's. Also, removed all AV360 and anti-virus360 files. Removed all reg keys (found list on a forum). When we rebooted, win XP locks up after about 45 second (sometimes you can get past log in). Booted to safe mode w/ networking, ran AV, got more, did a few more times - kept finding hte same virus's. I downloaded "malwarebytes" (linked from forum), but couldn't install due to being in safe mode. Booted to win XP CD, ran chkdsk, fixboot. I pulled the HDD, put into an enclosure and ran all sorts of AV, spyware software from another unit. I also ran a bunch of diagnostic test (utility partition for the local dell desktops). Not too sure what did it, but was able to boot to XP. I installed malwarebytes (lucky?), then XP locked up. Ended up needing to boot to safe mode - was able to run malwarebytes 3 times before the unit was clean. Boots to XP fine
Remote User Purchased Norton AV 360 (the legit version, boxed). Installed and ran in XP session. Rebooted - XP locks up. Instructed to download malwarebytes in safemode w/ networking. Told to run Norton again in safe mode, but it can't run in safe mode (Thanks Norton, ugh). Wants to do a "web" based cleaning , but can't connect (why? i don't know). The user's unit did not come with an XP CD (or a CD-ROM for that matter) but does have an image cd - we don't want to lose the HD's data. Can't get it to boot to XP (locks) and can't run AV (won't run in safe mode) and can't install another AV program (installer won't run in safe mode)
That's a long one, and if you made it through that, I commend you. Anyway, <b>any</b> suggestions would be highly appreciated.