Solved

avg 2011 trojan

Posted on 2011-03-10
27
499 Views
Last Modified: 2013-12-06
What is the best tool for removing this.  Both browsers iexplorer.exe and firefox do not work... One goes to a hijacked site.  It seemed like loading firefox was loading IE.  Maybe I was running firefox but the hijecked website has a fake IE border ...

Thanks,
gsgi
0
Comment
Question by:gsgi
  • 8
  • 5
  • 4
  • +2
27 Comments
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 35101227
To clean and to check if you system is clean do following:

Then try HitManpro to make sure anything which might be left behind is clean:
32bit
http://dl.surfright.nl/HitmanPro35.exe
http://download.cnet.com/Hitman-Pro-3/3000-2239_4-10895604.html

64bit
http://dl.surfright.nl/HitmanPro35_x64.exe

If issue is not resolved by these tools try TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Tutorial on TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684

or you could also try FixTDSS.exe from Symantec

http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe


Post logs here for further analysis.

Sudeep
0
 
LVL 38

Expert Comment

by:younghv
ID: 35101253
@gsgi,
I'm trying to find some actual references to this virus and can't find anything reliable. If I find anything, I will post back.

0
 
LVL 13

Author Comment

by:gsgi
ID: 35101279
oh yeah - i'm running windows 7 64 bit.  will combofix work?

thanks
gsgi
0
 
LVL 29

Expert Comment

by:Sudeep Sharma
ID: 35101287
No combofix would not work on windows 7 64bit
0
 
LVL 38

Expert Comment

by:younghv
ID: 35101298
@gsgi,
The advice posted earlier was wrong for several reasons - and has been deleted.
The Moderators will modify it and re-post it.

ComboFix is NOT recommended for 64 bit systems.

There was a recommendation for "TDSSKiller" that was valid and is a good first step.

I will post the proper instructions below, but please award the points to that first Expert if it works.
******************

For Hijacking/re-directs, you might want to start with TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
The user can then post the log to be analyzed.

Let us know the results and we can take the next steps.
0
 
LVL 26

Assisted Solution

by:pony10us
pony10us earned 249 total points
ID: 35101303
0
 
LVL 38

Expert Comment

by:younghv
ID: 35101477
@pony - great link - looks like you found the exact solution.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 35101781
I have had to deal with that one once before.  We seem to get just about every variant of the virus 2010, windows tools 2011, and all those type of viruses so I keep up with them pretty well.  

:)

0
 
LVL 1

Expert Comment

by:hank2011
ID: 35101910
the best program to get that off is superantispyware it will take that virus right out hope that helps i just clean a computer with that avg virus on it and works great.
0
 
LVL 38

Expert Comment

by:younghv
ID: 35101996
@hank2011,
I see that you are a brand new member, so welcome to EE.

I would really like to see a link to a valid site showing that SuperAntiSpyware would have any affect on this malware.

Many years ago I was a fan of that product but haven't used it once since I started using MalwareBytes.

Please provide a link so that I can learn something new.
0
 
LVL 1

Accepted Solution

by:
hank2011 earned 251 total points
ID: 35102041
The link is http://www.superantispyware.com/ its free and great program  it will get the bad things out and it works great too saves me a lot of time.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 38

Expert Comment

by:younghv
ID: 35102094
@hank2011,
I know all about the product and have swapped email with a variety of executives at the company.

What I want is an actual reference to a site that shows it was effective for this particular malware.

When we post "Expert" advice in these questions, it has to be targeted at the exact variant of malware (as much as possible).

None of us should simply post a recommendation because we like a product.
0
 
LVL 1

Expert Comment

by:hank2011
ID: 35103058
Hi Youngghv,

http://www.techvts.com/mcavg-2011-virus-removal this website suggest to use malwarebyte or superantispyware for autoremoval.
0
 
LVL 26

Expert Comment

by:pony10us
ID: 35109626
hank2011,

Welcome to EE. That last post is exactly what younghv was refering to.  I have no experience with superantispyware so I can't/won't comment on it's effectiveness but I use malwarebytes on a regular basis.

One of the first things I do when a system is brought to me is install malwarebytes and spybot and check for infections. I had one brought in the other day that malwarebytes found over 800 items and it was basically a new system to the user. They had got infected with anitvirus 2010 and thought they had cleaned it up using adaware but the system continued to redirect or block internet use and other issues.

One of the biggest issues I run into is that people think that running adaware means they don't need any other tool. In my experience you should have at least 4 tools on your system at all times.

1. A good virus program (personal preference dictates which one as none are foolproof)
2. Spybot (keep it updated and run the immunization regularly)
3. Malwarebytes (keep it updated and run at least once a week)
4. Adaware

Those tools combined will not keep you totaly safe but they do a very good job.
0
 
LVL 13

Author Comment

by:gsgi
ID: 35110468
I used SuperAntiSpyware and it cleaned the infection.  I then ran Malwarebytes and it did not find anything else.  The system seems to be running fine now.

Thanks,
gsgi
0
 
LVL 13

Author Comment

by:gsgi
ID: 35110524
How does this get a 8.7?  How does this goofy scoring system work?  I saw one post with a 9.7 which seems rare.  -gsgi
0
 
LVL 38

Expert Comment

by:younghv
ID: 35110546
Why did you award points to SSharma?
As far as I can tell, nothing he suggested worked - and the ComboFix suggestion was just plain wrong?
0
 
LVL 26

Expert Comment

by:pony10us
ID: 35110579
"I am pretty sure that Malwarebytes would have worked, so I ran superantispyware.  Since it is important to recognize new members that give good answers, and since superantispyware worked, I split the points between SSharma and hank2011.  Welcome hank2011 and thanks.

-gsgi "

I agree with you.  It is always good to recognize new memebers especially when they provide vaulable information.  :)
0
 
LVL 38

Expert Comment

by:younghv
ID: 35110660
<<How does this get a 8.7?  How does this goofy scoring system work?  I saw one post with a 9.7 which seems rare.  -gsgi>>

If anyone 'Votes' on the Accepted or Assisted comments, the score changes.

I just voted "Yes" on Hank's comment and raised the score to a 9.0
0
 
LVL 26

Expert Comment

by:pony10us
ID: 35110750
younghv

thank you - I never understood that either.

Pony
0
 
LVL 13

Author Comment

by:gsgi
ID: 35112164
I tend to reward points to the first correct answer.  And I am sure Malwarebytes would have worked.  A tried Superantispyware as a test at the suggestion of hank2011.  Generally on EE the advice of sages and wizards are followed without regard for the quality of the answer.

I would NOT have tried superantispyware without your pushing hank2011 to provide a link.  But since he did and he had useful knowledge that helped us, I awarded him points.  I generally like to split the points evenly between everyone that helps in a thread.  Also, I really appreciate the volunteer efforts of sage and wizard levels and I know they really like points.

-gsgi
0
 
LVL 38

Expert Comment

by:younghv
ID: 35112750
gsgi,
Back when I started on EE, I would regularly knock down about 125,000-150,000 points a month, got a lot of 'Certificates' etc, but it actually gets kind of boring.

These days my role is more trying to help develop good solid Experts and help with the whole "Articles" function.

I also really enjoy working with new members, helping them learn the ropes and to focus their advice on the specific problem we are attacking.

We tend to have way too many "Experts" posting generic advice that may or may not be helpful, but for sure isn't based on the actual symptoms being described.

My actual comments in this question made that clearly obvious to me, but I am too often oblivious to my own actions.

I will try to do a better job of explaining WHAT I am doing in the future.

Thanks.
0
 
LVL 1

Expert Comment

by:hank2011
ID: 35169896
I'm glad I could help thanks.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

PREFACE The purpose of this guide is to explain what the SEPC Status Utility is and how it works. I have written the utility using AutoIt and have included the source code for your review. You are welcome to modify the code to your liking, but I wi…
There are many reasons malware will stay around and continue to grow as a business.  The biggest reason is the expanding customer base.  More than 40% of people who are infected with ransomware, pay the ransom.  That makes ransomware a multi-million…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now