Irwin W.
asked on
Antivirus 2010 trouble removing
I am having trouble reomving Antivirus 2010. It seem that after I started testing UBCD4WIN, I could swear that it installed this malware on my machine. I did download it from their site.
In any event, I am having trouble removing it.
Any and all help with this troublesome issue is appreciated.
In any event, I am having trouble removing it.
Any and all help with this troublesome issue is appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try to do system restore from safe mode and than scan computer with malwarebytes.
It is good to install also spybot with teamer enabled - so you can manually choose wether aprove/deny changes in registry and system folders.
http://www.safer-networking.org/en/download/index.html
It is good to install also spybot with teamer enabled - so you can manually choose wether aprove/deny changes in registry and system folders.
http://www.safer-networking.org/en/download/index.html
ASKER
@davorin system restore is turned off.
@rpmgamergirl: I will give that a go later.
@jeremySbrowm not too familiar with cccleaner...
@rpmgamergirl: I will give that a go later.
@jeremySbrowm not too familiar with cccleaner...
nappy_d,
CCleaner is a temporary file remover. Sometimes temporary file remover(s) can remove infection(s) that way.
CCleaner is a temporary file remover. Sometimes temporary file remover(s) can remove infection(s) that way.
You have encountered MAL-WARE/SPY-WARE.
I assume you hae a ANTIVIRUS program already installed, but if you can sill install software go out an get SPYSWEEPER with ANTI-VIRUS at WAL-MART or what ever store is close to you. Comes in a GREEN and YELLOW Box, MiniBox, or CD-SLEEVE. It will clean your system and intercept the sites like the one you encountered with a WARNING for the SITE before you proceed.
If you have anti-virus already, the INSTALL CD will also run a SCAN and CLEAN, if you don't I recommend running SYMANTEC-NORTON and Webroot SpySweeper in tandum. I encountered TROJANS and WORM that NORTON FLAGGED and WEBROOT QUARANTINED, it was an awesome collaboration.
With Symantec Antivirus, Webroot SpySweeper, and Acronis True Image Workstation on weekly backup, I have never been taken down in the last 10 years. COMPUTE with CONFIDENCE
ASKER
rpggamergirl , yes that almost did the trick but not atapi.sys is popping up. Any thoughts?
You're saying atapi.sys is popping up? Recent infections patched atapi.sys file or other system files.
Can you attach any logs(specially ComboFix log) for us to look at please?
Can you attach any logs(specially ComboFix log) for us to look at please?
Antivirus 2010 has multiple components and one component is cleaned, the other becomes aware of that and recreate the missing copoment. (A simple description of self-healing process.)
Teamer component of spybot can block that process, but you will also have to manualy accept all changes of antivirus/antimalware software. Be carefull that you won't allow also malwae "self-healing" changes.
Once you have updated antivirus/antimalware software it it good to disconnect from network and scan computer also in safe mode. After cleaning reconnect computer to network (internet), restart it and scan it again - just to be sure that there is no downloder components on it.
Teamer component of spybot can block that process, but you will also have to manualy accept all changes of antivirus/antimalware software. Be carefull that you won't allow also malwae "self-healing" changes.
Once you have updated antivirus/antimalware software it it good to disconnect from network and scan computer also in safe mode. After cleaning reconnect computer to network (internet), restart it and scan it again - just to be sure that there is no downloder components on it.
ASKER
That was the answer took me a few tries to get mbam to clean the system.
Btw, I also fixed my atapi.sys infection. I booted to my recovery console and replaced the infected file with a known good copy.
Btw, I also fixed my atapi.sys infection. I booted to my recovery console and replaced the infected file with a known good copy.
Glad to know it's resolved, and well done with atapi.sys replacement.
Tools like Avenger can also help to replace atapi.sys... you did well.
Thanks for using Experts-Exchange!
Tools like Avenger can also help to replace atapi.sys... you did well.
Thanks for using Experts-Exchange!
Run a temporary file remover...CCleaner is a good one and it's free.
http://www.ccleaner.com/
Download Combofix by sUBs.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Before running Combofix, temporary disable any firewall(s) shield(s) ect...to prevent any conflicts with Combofix. After Combofix is done scanning, it will create a log, for futher instructions, save and paste the results by Attach File, or by Code Snippet so other experts can take a look at it. Once after the log looks clean, you may enable your firewall(s) shield(s) ect. Combofix will disconnect your machine from the Internet. Your Internet connection will be automatically restored just before Combofix completes its scan. If Combofix runs into problems, your Internet connection can be manually restored by restarting your machine.
You'll might need to rename the file before saving to your desktop so it will not be blocked.
Please note: Don't run Combofix in Safe Mode.