Windows XP system infected with spyware/trojan??
hi experts,
My system got infected with spyware/malware and it installed this AV Guard Online software and it doesn't let me do anything. I just get a box from AV Guard Online that windows is in danger and even in safe mode I get it and I can't even get to task manager because it says its also infected and impossible to run. HELP!! I don't want to format or re-image this pc it has a lot of custom apps/configurations.
My system got infected with spyware/malware and it installed this AV Guard Online software and it doesn't let me do anything. I just get a box from AV Guard Online that windows is in danger and even in safe mode I get it and I can't even get to task manager because it says its also infected and impossible to run. HELP!! I don't want to format or re-image this pc it has a lot of custom apps/configurations.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Taga_ipil, I mounted it on another pc and running scans now.
Alienwalker, nope I can't even run malware in safe mode or do anything at all.
Alienwalker, nope I can't even run malware in safe mode or do anything at all.
Use combofix
Wow, it must have buried itself in reg.
The scan from a different computer like Taga_ipil said should work.
If not will help you locate the registry files.
The scan from a different computer like Taga_ipil said should work.
If not will help you locate the registry files.
ASKER
Ok, I'll keep you guys posted.
Try to -:
1. Perform a system restore to a previous date (It will not affect any of your data files) or
2. Uninstall it in Safe mode. or
3. Boot through CD (like UBCD, Hiren Boot) and try to scan or delete unwanted trojan/malware files.
4. Make it slave on another PC and scan it.
1. Perform a system restore to a previous date (It will not affect any of your data files) or
2. Uninstall it in Safe mode. or
3. Boot through CD (like UBCD, Hiren Boot) and try to scan or delete unwanted trojan/malware files.
4. Make it slave on another PC and scan it.
@frankbustos,
The instructions linked to by 'Alienwalker' have worked for me before. Are you sure that you followed all of the steps outlined by Grinler?
Note that you must use one of the 'Rogue Process' stopper programs before doing the scan. If one of the versions of RKill won't work for you, try "RogueKiller" (Rogue-Killer-What-a-great-
You will want to run Menu Items 1 & 2 to scan and clean your system, then #4 to fix the Proxy settings - then immediately (no re-boot) run the Malwarebytes scan.
Please note that there are a lot of reasons for you to NOT scan as either a "Slaved" Hard Drive or from a Boot CD. Details here: Malware Fighting – Best Practices
Final point: You are selecting "Safe Mode w/networking" and not just "Safe Mode", right?
The instructions linked to by 'Alienwalker' have worked for me before. Are you sure that you followed all of the steps outlined by Grinler?
Note that you must use one of the 'Rogue Process' stopper programs before doing the scan. If one of the versions of RKill won't work for you, try "RogueKiller" (Rogue-Killer-What-a-great-
You will want to run Menu Items 1 & 2 to scan and clean your system, then #4 to fix the Proxy settings - then immediately (no re-boot) run the Malwarebytes scan.
Please note that there are a lot of reasons for you to NOT scan as either a "Slaved" Hard Drive or from a Boot CD. Details here: Malware Fighting – Best Practices
Final point: You are selecting "Safe Mode w/networking" and not just "Safe Mode", right?
ASKER
Ok, it seemed like the hard drive is clean because there are no more pop ups but now I can't open IE, i double click and it doesn't do anything???
ASKER
Looks like it's working now, I'm going to run another malwarebytes scan.
ASKER
This was the only thing that worked for me. Thanks!
AV Guard can normally be removed using Malwarebytes http://www.malwarebytes.org/
Can you run Malwarebytes on your machine, from safe mode? You may need to use another machine to download the program.
Check your Internet options and make sure your lan settings aren't pointing to a proxy server (AV Guard symptom)
further reading: http://www.bleepingcomputer.com/virus-removal/remove-av-guard-online
I hope this helps
Alienwalker