Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Antivirus 2010 trouble removing

Posted on 2010-01-02
11
Medium Priority
?
450 Views
Last Modified: 2013-11-11
I am having trouble reomving Antivirus 2010.  It seem that after I started testing UBCD4WIN, I could swear that it installed this malware on my machine. I did download it from their site.

In any event, I am having trouble removing it.  

Any and all help with this troublesome issue is appreciated.
0
Comment
Question by:nappy_d
  • 3
  • 3
  • 2
  • +2
11 Comments
 
LVL 13

Expert Comment

by:JeremySBrown
ID: 26162599
Hi nappy_d,

Run a temporary file remover...CCleaner is a good one and it's free.
http://www.ccleaner.com/

Download Combofix by sUBs.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Before running Combofix, temporary disable any firewall(s) shield(s) ect...to prevent any conflicts with Combofix. After Combofix is done scanning, it will create a log, for futher instructions, save and paste the results by Attach File, or by Code Snippet so other experts can take a look at it. Once after the log looks clean, you may enable your firewall(s) shield(s) ect. Combofix will disconnect your machine from the Internet. Your Internet connection will be automatically restored just before Combofix completes its scan. If Combofix runs into problems, your Internet connection can be manually restored by restarting your machine.

You'll might need to rename the file before saving to your desktop so it will not be blocked.

Please note: Don't run Combofix in Safe Mode.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 2000 total points
ID: 26162850
MalreBytes and or Combofix as already suggested should get rid of it, just show us the logs.
http://www.malwarebytes.org/mbam.php

Check out the link below if MalwareBytes or Combofix won't run, rename them prior to saving the file,
With MalwareBytes you may need to rename it twice.  Or use TDSS killer first if the tools won't run in case it's present.


Another options when tools won't run..... If you can't run .exes in an infected system:
http://www.experts-exchange.com/articles/Software/Internet_Email/Anti-Virus/CAN%27T-RUN-EXES-IN-AN-INFECTED-SYSTEM.html


TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
The user can then post the log to be analyzed.



0
 
LVL 27

Expert Comment

by:davorin
ID: 26162909
Try to do system restore from safe mode and than scan computer with malwarebytes.
It is good to install also spybot with teamer enabled - so you can manually choose wether aprove/deny changes in registry and system folders.
http://www.safer-networking.org/en/download/index.html
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 32

Author Comment

by:nappy_d
ID: 26163216
@davorin system restore is turned off.

@rpmgamergirl: I will give that a go later.

@jeremySbrowm not too familiar with cccleaner...
0
 
LVL 13

Expert Comment

by:JeremySBrown
ID: 26163283
nappy_d,

CCleaner is a temporary file remover. Sometimes temporary file remover(s) can remove infection(s) that way.
0
 
LVL 3

Expert Comment

by:DooDah
ID: 26163415

You have encountered MAL-WARE/SPY-WARE.

I assume you hae a ANTIVIRUS program already installed, but if you can sill install software go out an get SPYSWEEPER with ANTI-VIRUS at WAL-MART or what ever store is close to you.   Comes in a GREEN and YELLOW Box, MiniBox, or CD-SLEEVE.   It will clean your system and intercept the sites like the one you encountered with a WARNING for the SITE before you proceed.

If you have anti-virus already, the INSTALL CD will also run a SCAN and CLEAN, if you don't I recommend running SYMANTEC-NORTON and Webroot SpySweeper in tandum.   I encountered TROJANS and WORM  that NORTON FLAGGED and WEBROOT QUARANTINED, it was an awesome collaboration.

With Symantec Antivirus, Webroot SpySweeper, and Acronis True Image Workstation on weekly backup, I have never been taken down in the last 10 years.     COMPUTE with CONFIDENCE
0
 
LVL 32

Author Comment

by:nappy_d
ID: 26164358
rpggamergirl , yes that almost did the trick but not atapi.sys is popping up.  Any thoughts?
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 26164656
You're saying atapi.sys is popping up? Recent infections patched atapi.sys file or other system files.

Can you attach any logs(specially ComboFix log) for us to look at please?
0
 
LVL 27

Expert Comment

by:davorin
ID: 26165151
Antivirus 2010 has multiple components and one component is cleaned, the other becomes aware of that and recreate the missing copoment. (A simple description of self-healing process.)
Teamer component of spybot can block that process, but you will also have to manualy accept all changes of antivirus/antimalware software. Be carefull that you won't allow also malwae "self-healing" changes.
Once you have updated antivirus/antimalware software it it good to disconnect from network and scan computer also in safe mode. After cleaning reconnect computer to network (internet), restart it and scan it again - just to be sure that there is no downloder components on it.
0
 
LVL 32

Author Comment

by:nappy_d
ID: 26165656
That was the answer took me a few tries to get mbam to clean the system.

Btw, I also fixed my atapi.sys infection. I booted to my recovery console and replaced the infected file with a known good copy.
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 26169427
Glad to know it's resolved, and well done with atapi.sys replacement.
Tools like Avenger can also help to replace atapi.sys...  you did well.

Thanks for using Experts-Exchange!
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
It is a real story and is one of my scariest tech experiences. Most users think that IT experts like us know how to fix all computer problems. However, if there is a time constraint and you MUST not fail the task or you will lose your job, a simple …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question