[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 788
  • Last Modified:

Removing Best AntiVirus 2011 from Windows 7 machine

One of my family members accidentally downloaded the spyware/rougeware Best AntiVirus 2011.  I'm trying to make sure that I've gotten rid of it.

The things that I've done
1. Removed the BestAntiVirus2011.exe files from the Downloads directory (downloaded by someone in my family).
2. Running a full scan of my McAfee anti-virus product
3. Downloaded the free version of SUPERAntiSpyware and I'm running a complete scan at the moment.

I've viewed the registry with regedit and didn't see anything related to BestAntiVirus2011.

Is there anything else I should be doing?

Nothing noted by either of the two programs running, yet.


Thanks.
0
freshcontent
Asked:
freshcontent
2 Solutions
 
wuyinzhiCommented:
rogueware/fake antivirus is easy to see whether it's still active or not, since their purpose is to scare people with fake warning, you should see the warning always appears,  complete with window scanning your computer, find some malware and encourage you to buy their product. if you don't see it, then i assume your computer is safe from rogueware.
0
 
Dave BaldwinFixer of ProblemsCommented:
I usually download and run MalwareBytes MBAM.exe free version and run a scan with that also. http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
0
 
XLITSCommented:
I would run hitmanpro first to see if it picks it up.  Hitmanpro only takes a few minutes to run and it is very effective.  You can find it here:  http://www.surfright.nl/en

I would then run Malwarebytes, as suggested above.
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
younghvCommented:
I would hold off on trying "HitmanPro" for now. Some other forums are reporting some kind of glitch that is rendering systems unbootable after using it.
(http://www.geekstogo.com/forum/topic/298820-hitman-pro-now-computer-wont-boot/)

Searching your registry for "BestAntiVirus2011" is unlikely to yield any usable information. Many malware variants use random name generators for the files/processes/registry entries they create.

To effectively fight this, you have to use a rogue process stopper before starting your scans.

I prefer "RogueKiller" as not only being effective, but having some additional menu options for repairing typical modifications that get made (DNS, Proxy, etc.)

Please review the information in these two Articles and walk through the recommendations step-by-step.

http://www.experts-exchange.com/A_4922.html (Rogue-Killer-What-a-great-name)
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)
0
 
freshcontentAuthor Commented:
I went through scans with SuperAntiSpyWare, and with my McAfee anti-virus, and I haven't had any further issues.
0
 
younghvCommented:
@freshcontent,
I can't understand what your response has to do with the suggestions posted for you.

Your McAfee allowed the infection to take hold, so I'm not sure why you would trust it to FIND the problem...much less repair it.

SuperAntiSpyware was not suggested, I have not seen that seriously recommended on any significant anti-malware forum in recent memory, and I personally quit using it years ago (when Malwarebytes came out).

Please follow the advice posted here and report back with the results (post the logs generated by RogueKiller and Malwarebytes).
0
 
nmacfallCommented:
Fresh,

    I use a little utility called RKILL to stop malicious services prior to using Malwarebytes.  Rarely does it not work, but it does take some proper timing when the fake AV load has been on the machine and released some worms after a period of a few days.  here's what I would do:

1) Download RKILL from bleepingcomputer.com, I have needed all of the version when removing AntiVirus2010, so, will not hurt to get them all now from here:
http://www.bleepingcomputer.com/download/anti-virus/rkill

2) Make sure the definitions for Malwarebytes are updated, and try to start it without first running RKILL, if it will not start, or starts, and stops, you'll need to keep running rkill over and over until you are able to get MBAMt o run, and continuously do a "quick scan", show results, remove...do this until you have no results to show after a successful quick scan.

3) Run rkil a few more times in a row, screen may blink, etc, etc...start malwarebytes again, and check for updates, again...sometimes updates hang....after this, do a full system scan, repeat until no results to show.

Remember, the folks here on the forum are typically experienced in the questions for which they are responding, and they meanonly to help, not harm...The first three responders gave you valueable information - they should get the kudos, and I'm sure if you were only using MCAffee, it stuck the parts it could find in Quarantine, and you'll get it all abck when the worms find a way out, or new one's come in and release the quarantine...
0
 
younghvCommented:
As noted in my EE Articles, using one of the free tools to stop the "rogue processes" before doing the Malwarebytes scan is a 'must do' task.

These three are all effective - even though I prefer "Rogue Killer" for the additional tasks it will perform.

RogueKiller:
http://www.geekstogo.com/forum/files/file/413-roguekiller/ 

Rkill:
http://www.bleepingcomputer.com/download/anti-virus/rkill

TheKiller:
Download TheKiller to your Desktop
http://www.osvemu.com/thekiller/explorer.exe

Note that TheKiller is renamed as explorer.exe
Run it by double click
Press OK button after program finish

Do not restart your system after this step, but immediately run the next scan: MalwareBytes, TDSSKiller, ComboFix
0
 
nmacfallCommented:
Didn't read your Articles Young...but, yes, I agree!
0
 
JonveeCommented:
freshcontent,
I am not after the points in this particular question, but for what its worth i agree with virtually everything recommended by the Experts above, particularly the later comments by nmacfall.
The very fact that McAfee (and probably Symantec, had you been running it!) failed to completely resolve the problem, indicates that the more recent, advanced Malware, can slip through the net, and that using RKill, or RogueKiller, then Malwarebytes as described above, can really resolve a problem.   Anyway, good luck.
...and please post back with results.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now