General Antivirus

My friend brought me his laptop which looks to be infected by a Trojan or some other spyware.  When it starts up a popup called General Antivirus comes up asking him to register the product or keep working with infected system.  I've seen these phony scams before that come in and take over your system.  It's happened to me in the past but I did a system restore to a previous date which fixed the problem.  My friend waited to late and now no restore point is available or good which will remove this problem.  Does anyone know how can I get rid of this.  Is there a Regsitry key setting that prevents this program's activity?  When I run the Symantec Antivirus it does have a blue screen of death comes up that looks fake telling me that a Trojan_Delwin has come up and system must shut down.
dali6Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JeremySBrownCommented:
Run a temporary file remover...CCleaner is a good one and it's free.
http://www.ccleaner.com/

Download Combofix by sUBs.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Before running Combofix, temporary disable any firewall(s) shield(s) ect...to prevent any conflicts with Combofix. After Combofix is done scanning, it will create a log, for further instructions, save and paste the results by Attach File, or by Code Snippet so other experts can take a look at it. Once after the log looks clean, you may enable your firewall(s) shield(s) ect. Combofix will disconnect your machine from the Internet. Your Internet connection will be automatically restored just before Combofix completes its scan. If Combofix runs into problems, your Internet connection can be manually restored by restarting your machine.

You'll might need to rename the file before saving to your desktop so it will not be blocked.

Please note: Don't run Combofix in Safe Mode.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
alienvoiceCommented:
I've used this link may times, as have other users on this forum to remove malware/virus material from your computer.

http://forums.majorgeeks.com/showthread.php?t=35407
optomaCommented:
Can you download Hitmanpro on that machine
If so , hold down on Left CTRL key and open Hitmanpro and run a scan
http://www.surfright.nl/en/hitmanpro

Also try Malwarebytes
http://www.malwarebytes.org/mbam-download.php
Cloud as a Security Delivery Platform for MSSPs

Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!

paulwayCommented:
If you are prevented from running ComboFix, MalwareBytes, or Microsoft Security Essentials, then you want to hook up his hard drive to yours.

This is pretty easy and what some of the more intrusive malware require.
1) Purchase (or borrow) a SATA (or ATA) to USB cable to connect the hard drive to your comptuer
2) Make sure your virus definitions are up to date and don't run any programs off his drive
3) Scan his drive with Microsoft Security Essentials and MalwareBytes
4) Put his hard drive in and he should be good to go.

Disclaimer: The malware could have infected critical OS files that when repaired cause the computer to not come back up.  If that's the case, then a reload is really your only option.
Thomas Zucker-ScharffSolution GuideCommented:
If nothing else works try booting from a bootable CD like UBCD (http://e-e.com/A_2343.htm) and run the cleaning/antimalware apps from there.
Thomas Zucker-ScharffSolution GuideCommented:
I forgot to say if you don't want to build your own boot cd you can download an iso to burn to CD from this list:

http://www.techmixer.com/free-bootable-antivirus-rescue-cds-download-list/
c_a_n_o_nCommented:
If your system is/was infected with a pest, malware, trojan, or virus your system will behave unexpectedly.  The best method to attempt resolution is to completely rule out the operating system by bypassing it.  To do so, you will need a rescue CD.  There are several that are out there, you might be able to create one, there are instructions and sites that can assist with that.  But the easiest way is to use a product that is FREE, and I have used successfully for several of my clients and on many workstations.

BitDefender (FREE Downloadable Rescue CD).  Available Here.
http://download.bitdefender.com/rescue_cd/

Instructions on the product.
http://www.bitdefender.com/KB417-en--Using-the-BitDefender-Rescue-CD.html

Hope this helps.

PS.  This may sound like a "canned" response, it just might be.  However, it is the easiest and most effective method to resolve a situation like this.
dali6Author Commented:
Thanks everyone.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Anti-Virus Apps

From novice to tech pro — start learning today.