Link to home
Create AccountLog in
Avatar of jslc
jslc

asked on

Cannot delete antivirus 2010 virus icons

My laptop (XP) was infected by anitivirus 2010 virus. I managed to use hijackit to clean the threat. Now everything is working fine except I can still see the porgam icons when I go start-programs and the links still point to Application data. I look into those folders but I can't find any trace of the programs or icons.
How can I get rid of the icons?
Avatar of Skull2006
Skull2006

Removing Startup Items located in the registry

Should you decide to prevent specific items from starting up you can uncheck them in the System Configuration Utility. Though this method is fine it is ultimately best to remove them from the source. To access the common registry locations of these items take a look in the following areas:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

If you have disabled items in the System Configuration Utility and would like to remove them from the registry also they can be found in one of the following locations: (msconfig)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SharedTools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
There may well be some remaining infection.   If you haven't already tried these two reliable Malware scanners, download & update MBAM, from here:
http://www.malwarebytes.org/mbam.php

Run in normal mode.
Ensure you leave both of these checked:
Update Malwarebytes' Anti-Malware.
Launch Malwarebytes' Anti-Malware.
Click Finish, and MBAM will automatically start.

Tutorial, if required:
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t169669.html

If the virus icons are still present try Hitman Pro, a second opinion scanner:
Hitman Pro http://www.surfright.nl/en/hitmanpro
ASKER CERTIFIED SOLUTION
Avatar of johnb6767
johnb6767
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Right-click on those program icons (which you want to remove) and from the drop-down menu choose "Delete".
Sounds like you are still infected.

Here is a good tutorial on removing this variant malware:

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-2010

Good luck!!!
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
try this link http://www.softpedia.com/get/System/Boot-Manager-Disk/MoveOnBoot.shtml   


basically with  that program you will be able to right-click on the shortcut and delete the shortcut on the next restart . the  shortcut won't be there the next time you reboot but you might want to use a registry cleaner to clean reference to the shortcut.  
this is a better link to download the file I posted   http://download.cnet.com/EMCO-MoveOnBoot/3000-2094_4-10397293.html   
Manual Antivirus 2010 Removal Instructions:

Stop Antivirus 2010 Processes:

AV2010.exe
AV2010[1].exe
AV2010Install.exe
Antivirus2010.exe
Antivirus 2010.lnk
Uninstall Antivirus.lnk

Find and Delete these Antivirus 2010 Files:

c:\Program Files\AV2010
c:\Program Files\AV2010\AV2010.exe
c:\Program Files\AV2010\svchost.exe
c:\WINDOWS\system32\IEDefender.dll
c:\WINDOWS\system32\wingamma.exe
c:\Documents and Settings\All Users\Desktop\AV2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010\AV2010.lnk
c:\Documents and Settings\All Users\Start Menu\Programs\AV2010\Uninstall.lnk%program_files%\Antivirus 2010\AV2010.exe
%startmenu%\Antivirus 2010\Antivirus 2010.lnk
%startmenu%\Antivirus 2010\uninstall Antivirus 2010.lnk
%desktopdirectory%\Antivirus 2010.lnk
%program_files%\Antivirus 2010\AV2010.exe
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2010.lnk
%UserProfile%\Desktop\Antivirus 2010.lnk
%UserProfile%\Start Menu\Antivirus 2010\Antivirus 2010.lnk
%UserProfile%\Start Menu\Antivirus 2010\Uninstall Antivirus 2010.lnk
%ProgramFiles%\Antivirus 2010\AV2010.exe
%System%\scui.cpl

Remove Antivirus 2010 Registry Values:

HKEY_CLASSES_ROOT\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “Windows Gamma Display”
HKEY_CURRENT_USER\Software\AV2010
HKEY_CLASSES_ROOT\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}
HKEY_CLASSES_ROOT\AppID\IEDefender.DLL
HKEY_CLASSES_ROOT\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO.1
HKEY_CLASSES_ROOT\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}

Or Download Free version of Malware byte and Scan the System, You can download from here
http://fileforum.betanews.com/detail/Malwarebytes-AntiMalware/1186760019/1
That was wthe same places I told you to look in.....
Thanks Vee....  :-)