mc2explore
asked on
How do I remove IApro.exe (Internet Antispyware).
I have come across this virus before and was able to remove it, but this time is seem far better protected. Its file are more hidden and it resets the computer when detected . I used Hikack-it and thee are some of the entries that show up in the log file, but they don't show up on the fix-it screen, so I am unable to remove them. One of its major defense is to reset the computer upon being detected that prevent superantispyware from running . When I do a search and type in IApro.exe., it will reset the computer. This is a real challenge for me- HELP!!!
c::\program files\Internet Antivirus Pro\IAPro.exe
O1 - Hosts: 82.98.231.89 browser-security.microsoft .com
- Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
1 - Hosts: 82.98.231.89 microsoft.infosecuritycent er.com
1 - Hosts: 82.98.231.89 microsoft.softwaresecurity help.com
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security -center.co m
O4 - HKLM\..\Run: [CPMcb662f34] Rundll32.exe "c:\windows\system32\bepij ote.dll",a
O4 - HKLM\..\Run: [fubinenisa] Rundll32.exe "C:\WINDOWS\system32\delop ozo.dll",s
4 - HKCU\..\Run: [Internet Antivirus Pro] "c:\program files\Internet Antivirus Pro\IAPro.exe" /s
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwe f.exe
c::\program files\Internet Antivirus Pro\IAPro.exe
O1 - Hosts: 82.98.231.89 browser-security.microsoft
- Hosts: 82.98.231.89 best-click-scanner.info
O1 - Hosts: 82.98.231.89 antivirus-xp-pro-2009.com
1 - Hosts: 82.98.231.89 microsoft.infosecuritycent
1 - Hosts: 82.98.231.89 microsoft.softwaresecurity
O1 - Hosts: 82.98.231.89 onlinenotifyq.net
O1 - Hosts: 82.98.231.89 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.231.89 microsoft.browser-security
O4 - HKLM\..\Run: [CPMcb662f34] Rundll32.exe "c:\windows\system32\bepij
O4 - HKLM\..\Run: [fubinenisa] Rundll32.exe "C:\WINDOWS\system32\delop
4 - HKCU\..\Run: [Internet Antivirus Pro] "c:\program files\Internet Antivirus Pro\IAPro.exe" /s
O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwe
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Before posting my question I tried:
Removing the drive and scanning it from a another computer as the slave. This had worked in the past, but didn't work this time for this spywar I also tried to find the folder and IApro.exe the executable part of the propram , and the search came up with nothing even though Hi-jack it log file revealed it. As I said this malware seem to have been rewritten and far better protected this time.
This is latest I have attempted based on posting.
I downloaded malwarebyte and tried to update it. It was prevented from updating. So I ran it with the existing definition in normal mode. The malware reset the computer in the middle of scanning. So Then i tried the axact same thing in safe mode. Unfortunately it partually updated but before completing the computer lockup totally. no mouse, no keyboard. The only thing I could was shut down the computer. upon reboot I got the following message:
"The following file is missing or currupted.- \windows\system\config\sys tem" and that was as far as the boot up would go'. I can no longer boot to windows.
May have to reformat drive and end it there, but I was hoping to l'ick' this thing with the help of the experts and learn something from it in the process. I tried to repair boot sector but to no avail.
Thanks.
Removing the drive and scanning it from a another computer as the slave. This had worked in the past, but didn't work this time for this spywar I also tried to find the folder and IApro.exe the executable part of the propram , and the search came up with nothing even though Hi-jack it log file revealed it. As I said this malware seem to have been rewritten and far better protected this time.
This is latest I have attempted based on posting.
I downloaded malwarebyte and tried to update it. It was prevented from updating. So I ran it with the existing definition in normal mode. The malware reset the computer in the middle of scanning. So Then i tried the axact same thing in safe mode. Unfortunately it partually updated but before completing the computer lockup totally. no mouse, no keyboard. The only thing I could was shut down the computer. upon reboot I got the following message:
"The following file is missing or currupted.- \windows\system\config\sys
May have to reformat drive and end it there, but I was hoping to l'ick' this thing with the help of the experts and learn something from it in the process. I tried to repair boot sector but to no avail.
Thanks.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for your help.. I am going to close this posting and distribute points if that is ok.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Ok, good luck with your next move. You know where we are should you require further advice.
ASKER