• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 519
  • Last Modified:

avg 2011 trojan

What is the best tool for removing this.  Both browsers iexplorer.exe and firefox do not work... One goes to a hijacked site.  It seemed like loading firefox was loading IE.  Maybe I was running firefox but the hijecked website has a fake IE border ...

Thanks,
gsgi
0
gsgi
Asked:
gsgi
  • 8
  • 5
  • 4
  • +2
2 Solutions
 
Sudeep SharmaTechnical DesignerCommented:
To clean and to check if you system is clean do following:

Then try HitManpro to make sure anything which might be left behind is clean:
32bit
http://dl.surfright.nl/HitmanPro35.exe
http://download.cnet.com/Hitman-Pro-3/3000-2239_4-10895604.html

64bit
http://dl.surfright.nl/HitmanPro35_x64.exe

If issue is not resolved by these tools try TDSSKiller:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip
http://support.kaspersky.com/downloads/utils/tdsskiller.exe

Tutorial on TDSSKiller:
http://support.kaspersky.com/viruses/solutions?qid=208280684

or you could also try FixTDSS.exe from Symantec

http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixTDSS.exe


Post logs here for further analysis.

Sudeep
0
 
younghvCommented:
@gsgi,
I'm trying to find some actual references to this virus and can't find anything reliable. If I find anything, I will post back.

0
 
gsgiAuthor Commented:
oh yeah - i'm running windows 7 64 bit.  will combofix work?

thanks
gsgi
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Sudeep SharmaTechnical DesignerCommented:
No combofix would not work on windows 7 64bit
0
 
younghvCommented:
@gsgi,
The advice posted earlier was wrong for several reasons - and has been deleted.
The Moderators will modify it and re-post it.

ComboFix is NOT recommended for 64 bit systems.

There was a recommendation for "TDSSKiller" that was valid and is a good first step.

I will post the proper instructions below, but please award the points to that first Expert if it works.
******************

For Hijacking/re-directs, you might want to start with TDSSKILLER found here:
http://support.kaspersky.com/downloads/utils/tdsskiller.zip

* Download the file TDSSKiller.zip and extract it into a folder on the infected (or potentially infected) PC.
* Execute the file TDSSKiller.exe.
* Wait for the scan and disinfection process to be over. You do not have to reboot the PC after the disinfection is over.

If the tool finds a hidden service it will prompt you to type "delete",  you can also just hit "Enter" without typing in and the scan will continue...
The user can then post the log to be analyzed.

Let us know the results and we can take the next steps.
0
 
pony10usCommented:
0
 
younghvCommented:
@pony - great link - looks like you found the exact solution.
0
 
pony10usCommented:
I have had to deal with that one once before.  We seem to get just about every variant of the virus 2010, windows tools 2011, and all those type of viruses so I keep up with them pretty well.  

:)

0
 
hank2011Commented:
the best program to get that off is superantispyware it will take that virus right out hope that helps i just clean a computer with that avg virus on it and works great.
0
 
younghvCommented:
@hank2011,
I see that you are a brand new member, so welcome to EE.

I would really like to see a link to a valid site showing that SuperAntiSpyware would have any affect on this malware.

Many years ago I was a fan of that product but haven't used it once since I started using MalwareBytes.

Please provide a link so that I can learn something new.
0
 
hank2011Commented:
The link is http://www.superantispyware.com/ its free and great program  it will get the bad things out and it works great too saves me a lot of time.
0
 
younghvCommented:
@hank2011,
I know all about the product and have swapped email with a variety of executives at the company.

What I want is an actual reference to a site that shows it was effective for this particular malware.

When we post "Expert" advice in these questions, it has to be targeted at the exact variant of malware (as much as possible).

None of us should simply post a recommendation because we like a product.
0
 
hank2011Commented:
Hi Youngghv,

http://www.techvts.com/mcavg-2011-virus-removal this website suggest to use malwarebyte or superantispyware for autoremoval.
0
 
pony10usCommented:
hank2011,

Welcome to EE. That last post is exactly what younghv was refering to.  I have no experience with superantispyware so I can't/won't comment on it's effectiveness but I use malwarebytes on a regular basis.

One of the first things I do when a system is brought to me is install malwarebytes and spybot and check for infections. I had one brought in the other day that malwarebytes found over 800 items and it was basically a new system to the user. They had got infected with anitvirus 2010 and thought they had cleaned it up using adaware but the system continued to redirect or block internet use and other issues.

One of the biggest issues I run into is that people think that running adaware means they don't need any other tool. In my experience you should have at least 4 tools on your system at all times.

1. A good virus program (personal preference dictates which one as none are foolproof)
2. Spybot (keep it updated and run the immunization regularly)
3. Malwarebytes (keep it updated and run at least once a week)
4. Adaware

Those tools combined will not keep you totaly safe but they do a very good job.
0
 
gsgiAuthor Commented:
I used SuperAntiSpyware and it cleaned the infection.  I then ran Malwarebytes and it did not find anything else.  The system seems to be running fine now.

Thanks,
gsgi
0
 
gsgiAuthor Commented:
How does this get a 8.7?  How does this goofy scoring system work?  I saw one post with a 9.7 which seems rare.  -gsgi
0
 
younghvCommented:
Why did you award points to SSharma?
As far as I can tell, nothing he suggested worked - and the ComboFix suggestion was just plain wrong?
0
 
pony10usCommented:
"I am pretty sure that Malwarebytes would have worked, so I ran superantispyware.  Since it is important to recognize new members that give good answers, and since superantispyware worked, I split the points between SSharma and hank2011.  Welcome hank2011 and thanks.

-gsgi "

I agree with you.  It is always good to recognize new memebers especially when they provide vaulable information.  :)
0
 
younghvCommented:
<<How does this get a 8.7?  How does this goofy scoring system work?  I saw one post with a 9.7 which seems rare.  -gsgi>>

If anyone 'Votes' on the Accepted or Assisted comments, the score changes.

I just voted "Yes" on Hank's comment and raised the score to a 9.0
0
 
pony10usCommented:
younghv

thank you - I never understood that either.

Pony
0
 
gsgiAuthor Commented:
I tend to reward points to the first correct answer.  And I am sure Malwarebytes would have worked.  A tried Superantispyware as a test at the suggestion of hank2011.  Generally on EE the advice of sages and wizards are followed without regard for the quality of the answer.

I would NOT have tried superantispyware without your pushing hank2011 to provide a link.  But since he did and he had useful knowledge that helped us, I awarded him points.  I generally like to split the points evenly between everyone that helps in a thread.  Also, I really appreciate the volunteer efforts of sage and wizard levels and I know they really like points.

-gsgi
0
 
younghvCommented:
gsgi,
Back when I started on EE, I would regularly knock down about 125,000-150,000 points a month, got a lot of 'Certificates' etc, but it actually gets kind of boring.

These days my role is more trying to help develop good solid Experts and help with the whole "Articles" function.

I also really enjoy working with new members, helping them learn the ropes and to focus their advice on the specific problem we are attacking.

We tend to have way too many "Experts" posting generic advice that may or may not be helpful, but for sure isn't based on the actual symptoms being described.

My actual comments in this question made that clearly obvious to me, but I am too often oblivious to my own actions.

I will try to do a better job of explaining WHAT I am doing in the future.

Thanks.
0
 
hank2011Commented:
I'm glad I could help thanks.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

  • 8
  • 5
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now