• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 557
  • Last Modified:

Windows XP system infected with spyware/trojan??

hi experts,

 My system got infected with spyware/malware and it installed this AV Guard Online software and it doesn't let me do anything. I just get a box from AV Guard Online that windows is in danger and even in safe mode I get it and I can't even get to task manager because it says its also infected and impossible to run. HELP!! I don't want to format or re-image this pc it has a lot of custom apps/configurations.
1 Solution
Em ManCommented:
Slave Drive to another Protected PC, do a Full system Scan.
Hi frankbustos,

AV Guard can normally be removed using Malwarebytes http://www.malwarebytes.org/

Can you run Malwarebytes on your machine, from safe mode? You may need to use another machine to download the program.
Check your Internet options and make sure your lan settings aren't pointing to a proxy server (AV Guard symptom)

further reading: http://www.bleepingcomputer.com/virus-removal/remove-av-guard-online

I hope this helps

frankbustosAuthor Commented:
Taga_ipil,  I mounted it on another pc and running scans now.

Alienwalker, nope I can't even run malware in safe mode or do anything at all.
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Use combofix
Wow, it must have buried itself in reg.

The scan from a different computer like Taga_ipil said should work.  

If not will help you locate the registry files.
frankbustosAuthor Commented:
Ok, I'll keep you guys posted.
Try to -:

1. Perform a system restore to a previous date (It will not affect any of your data files) or
2. Uninstall it in Safe mode. or
3. Boot through CD (like UBCD, Hiren Boot) and try to scan or delete unwanted trojan/malware files.
4. Make it slave on another PC and scan it.
The instructions linked to by 'Alienwalker' have worked for me before. Are you sure that you followed all of the steps outlined by Grinler?

Note that you must use one of the 'Rogue Process' stopper programs before doing the scan. If one of the versions of RKill won't work for you, try "RogueKiller" (Rogue-Killer-What-a-great-name)

You will want to run Menu Items 1 & 2 to scan and clean your system, then #4 to fix the Proxy settings - then immediately (no re-boot) run the Malwarebytes scan.

Please note that there are a lot of reasons for you to NOT scan as either a "Slaved" Hard Drive or from a Boot CD. Details here: Malware Fighting – Best Practices

Final point: You are selecting "Safe Mode w/networking" and not just "Safe Mode", right?
frankbustosAuthor Commented:
Ok, it seemed like the hard drive is clean because there are no more pop ups but now I can't open IE, i double click and it doesn't do anything???
frankbustosAuthor Commented:
Looks like it's working now, I'm going to run another malwarebytes scan.
frankbustosAuthor Commented:
This was the only thing that worked for me. Thanks!

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now