Link to home
Start Free TrialLog in
Avatar of Irwin W.
Irwin W.Flag for Canada

asked on

Antivirus 2010 trouble removing

I am having trouble reomving Antivirus 2010.  It seem that after I started testing UBCD4WIN, I could swear that it installed this malware on my machine. I did download it from their site.

In any event, I am having trouble removing it.  

Any and all help with this troublesome issue is appreciated.
Avatar of JeremySBrown
JeremySBrown
Flag of United States of America image

Hi nappy_d,

Run a temporary file remover...CCleaner is a good one and it's free.
http://www.ccleaner.com/

Download Combofix by sUBs.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Before running Combofix, temporary disable any firewall(s) shield(s) ect...to prevent any conflicts with Combofix. After Combofix is done scanning, it will create a log, for futher instructions, save and paste the results by Attach File, or by Code Snippet so other experts can take a look at it. Once after the log looks clean, you may enable your firewall(s) shield(s) ect. Combofix will disconnect your machine from the Internet. Your Internet connection will be automatically restored just before Combofix completes its scan. If Combofix runs into problems, your Internet connection can be manually restored by restarting your machine.

You'll might need to rename the file before saving to your desktop so it will not be blocked.

Please note: Don't run Combofix in Safe Mode.
ASKER CERTIFIED SOLUTION
Avatar of rpggamergirl
rpggamergirl
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Try to do system restore from safe mode and than scan computer with malwarebytes.
It is good to install also spybot with teamer enabled - so you can manually choose wether aprove/deny changes in registry and system folders.
http://www.safer-networking.org/en/download/index.html
Avatar of Irwin W.

ASKER

@davorin system restore is turned off.

@rpmgamergirl: I will give that a go later.

@jeremySbrowm not too familiar with cccleaner...
nappy_d,

CCleaner is a temporary file remover. Sometimes temporary file remover(s) can remove infection(s) that way.
Avatar of DooDah
DooDah


You have encountered MAL-WARE/SPY-WARE.

I assume you hae a ANTIVIRUS program already installed, but if you can sill install software go out an get SPYSWEEPER with ANTI-VIRUS at WAL-MART or what ever store is close to you.   Comes in a GREEN and YELLOW Box, MiniBox, or CD-SLEEVE.   It will clean your system and intercept the sites like the one you encountered with a WARNING for the SITE before you proceed.

If you have anti-virus already, the INSTALL CD will also run a SCAN and CLEAN, if you don't I recommend running SYMANTEC-NORTON and Webroot SpySweeper in tandum.   I encountered TROJANS and WORM  that NORTON FLAGGED and WEBROOT QUARANTINED, it was an awesome collaboration.

With Symantec Antivirus, Webroot SpySweeper, and Acronis True Image Workstation on weekly backup, I have never been taken down in the last 10 years.     COMPUTE with CONFIDENCE
rpggamergirl , yes that almost did the trick but not atapi.sys is popping up.  Any thoughts?
You're saying atapi.sys is popping up? Recent infections patched atapi.sys file or other system files.

Can you attach any logs(specially ComboFix log) for us to look at please?
Antivirus 2010 has multiple components and one component is cleaned, the other becomes aware of that and recreate the missing copoment. (A simple description of self-healing process.)
Teamer component of spybot can block that process, but you will also have to manualy accept all changes of antivirus/antimalware software. Be carefull that you won't allow also malwae "self-healing" changes.
Once you have updated antivirus/antimalware software it it good to disconnect from network and scan computer also in safe mode. After cleaning reconnect computer to network (internet), restart it and scan it again - just to be sure that there is no downloder components on it.
That was the answer took me a few tries to get mbam to clean the system.

Btw, I also fixed my atapi.sys infection. I booted to my recovery console and replaced the infected file with a known good copy.
Glad to know it's resolved, and well done with atapi.sys replacement.
Tools like Avenger can also help to replace atapi.sys...  you did well.

Thanks for using Experts-Exchange!