We help IT Professionals succeed at work.

Bogus AVG

ycguy1117
ycguy1117 asked
on
Medium Priority
686 Views
Last Modified: 2013-11-22
On clients computer is rogue AVG.  Have opened interface, there is nothing to run or running.  However on the task bar and in program file, cannot delete.
AVG 2012.  Tired delete program from AVG, ran malwarebytes, combofix.  Nothing works
Comment
Watch Question

Sudeep SharmaTechnical Designer
CERTIFIED EXPERT

Commented:
Most of the times you would need to run Rogue Killer before you could run MalwareBytes. Please see the articles below for the steps and links:

http://www.experts-exchange.com/A_4922.html (Rogue-Killer-What-a-great-name)
http://www.experts-exchange.com/A_5124.html (Stop-the-Bleeding-First-Aid-for-Malware)
http://www.experts-exchange.com/A_1940.html (Basic Malware Troubleshooting)

I hope that would help.

Sudeep
Sudeep SharmaTechnical Designer
CERTIFIED EXPERT

Commented:
Post the logs once you are through with RogueKiller and MalwareBytes.

You have also mentioned that you ran Combofix, do you have logs from it? Can you please post them too.
Please make sure you are also booting into safe mode with networking when you run these fixes.
Sudeep SharmaTechnical Designer
CERTIFIED EXPERT

Commented:
@bloodygonzo,

Running any removal tool in Safe Mode is not recommended unless user is unable to boot into Normal Mode. Please don't suggest running the tools in safe mode unless you know what could be the consequences.
CERTIFIED EXPERT
Author of the Year 2011
Top Expert 2006
Commented:
Here are the details for removing "Fake AVG" malware:
http://www.bleepingcomputer.com/virus-removal/remove-avg-antivirus-2011

Note that the instructions call for "Safe Mode with Networking" to allow you to connect to the Internet and download the programs you need.

@bloodygonzo,
Please review the information in this EE Article of some information on "Safe Mode" scans:
Malware Fighting – Best Practices
@SSharma and younghv,

Often times with Fake AV there is no way to run any program while the FakeAV is running. In fact I have removed dozens of maleware infections especially FakeAV while booted into safe mode. Malewarebytes consistently finds the offending files so that when you reboot into normal mode things are mostly clean.
CERTIFIED EXPERT
Author of the Year 2011
Top Expert 2006

Commented:
@bloodygonzo,
Please have a read through the EE Articles we linked to.

Many people still have a false understanding of how to properly stop the the rogue processes before starting the scanning/repair process.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.