How to remove antivirus soft (green Shield)

conchgeek
conchgeek used Ask the Experts™
on
This virus looks like antivirus 2008 or 2009, but comes up "Antivirus Soft"  Green shield in tool bar,
green CGI with regular false positive type scans, settings , etc.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2007

Commented:
What scanners have you used to scan the system?

Try MBAM and ComboFix and show us the log.
Download Malwarebytes' Anti-Malware to your desktop, check for the tool's Updates before running a scan.
http://www.malwarebytes.org/mbam.php



Please download ComboFix by sUBs:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log and attach it in your next reply by pasting it in the "Code Snippet" or "Attach File" window.
Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


If needed, here's the Combofix tutorial which includes the installation of the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Commented:
http://onecare.live.com/site/en-us/default.htm        also works good, run a full scan
The GUI might be different, but I tink you are infected with this one:
http://deletemalware.blogspot.com/2010/01/how-to-remove-antivirus-soft-fake.html
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Commented:
I'm fighting the same thing at one of my client computers.  Oddly Malwarebytes wasn't able to detect it (I say it's odd because usually that's my favorite).  The MS one that jrvzoom mentioned looks like it caught it.

This is an XP Pro domain member machine so I'm also rebuilding the user's profile as it looks like the bug is hanging out in the cache/temp files of the old profile.

Ben
jrvzoom's suggestion worked for me as well!!  Thank you.

Commented:
Your welcome, make sure you do a second scan to find any leftovers just in case. I've had a computer that seemed free of viruses, come back and I had to wipe the hardrive.
Malwarebytes newest updates worked for me!!
Author of the Year 2011
Top Expert 2006

Commented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:
Delete with no refund

If you feel this question should be closed differently, post an objection and a moderator will read all objections and then close it as they feel fit.  If no one objects, this question will be closed automatically the way described above.

younghv
Experts-Exchange Cleanup Volunteer
I'm not sure what "deleted with no refund" means but the solution jrvzoom provided fixed my issue.  If the question is deleted no one will be able to find the resolution to this issue.  Thank you.  

Commented:
thanks rosen55401

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial