Solved

Virus, Spyware, Malware? Can't uninstall AVG 2011 etc..

Posted on 2013-06-19
10
600 Views
Last Modified: 2013-11-22
I have a pc here that I can not uninstall AVG 2011 free edition. I scanned the PC with Malwarebytes (found 2 Trojans Fake AV) and found nothing with SuperAntiSpyware. When I would try to download other programs(HighJackThis etc.) the AVG 2011 would say that the file was infected with a virus and was deleted. This person even paid for AVG 2013 and the disk that came in the mail was supposedly infected with a virus. What type of bug on a Vista desktop would make this happen. I tried uninstalling AVG 2011 and it does nothing. I even downloaded the uninstall AVG 2011 program and it said it was infected with a virus and was deleted. Can some of you experts lead me where to go from here? I don't know what else to try. PC is a 2008 HP Pavilion a9614f running Vista 32 bit.
0
Comment
Question by:bbbb2
10 Comments
 
LVL 23

Expert Comment

by:tailoreddigital
ID: 39261299
Will it restore back?  This would only affect installed software, not your files.
0
 

Author Comment

by:bbbb2
ID: 39261312
I restored back to a time that they said it was working right  6-8-13. It took a while but ot did restore. Maybe they are wrong about when the infection set in and I need to go back a little further?
bbbb2
0
 
LVL 23

Expert Comment

by:tailoreddigital
ID: 39261313
I would try back a bit further.
0
 
LVL 24

Assisted Solution

by:aadih
aadih earned 125 total points
ID: 39261320
Try also (even after restoring):  Boot up and scan with an antivirus rescue disk (free) from a well known antivirus vendor (e.g, Avira, Comodo, Bitdefender, etc.)

At the least, try scanning for a rootkit:

(1) TDSSKIller: < http://www.bleepingcomputer.com/download/tdsskiller/ >

(2) MBAM AntiRootkit: < http://www.malwarebytes.org/products/mbar/ >
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 91

Assisted Solution

by:nobus
nobus earned 125 total points
ID: 39261638
slave the disk to a working- and protected system, and run the scan from there
or scan from a boot cd : http://windows.microsoft.com/en-gb/windows/what-is-windows-defender-offline
0
 
LVL 62

Assisted Solution

by:☠ MASQ ☠
☠ MASQ ☠ earned 125 total points
ID: 39262271
Sounds like you have a virut variant infecting your system.  If so everytime you try to run an .exe file virut will try to write code to it and AVG will flag it.  The problem with virut is as a virus program it is badly written and also injects a load of "harmless" code into files as well.  The end result is the more that you run the more files that get infected/damaged, mainly the Windows system files.


Virut is one of the few infections where my advice is unless you've caught this immediately don't bother repairing, Just flatten the partiton and reinstall or use a recovery partiton to rebuild.  You can off load data as virut only targets .exe .asp. html and .scr files and only when the partition it is in is active, but as nobus says make sure if you are slaving the drive that the host machine is protected as normally it arrives with a host of other nasties.

Some virut background:
http://www.symantec.com/security_response/writeup.jsp?docid=2007-041117-2623-99



AVG's removal tool (if you want to try a clean up) follow instructions exactly!
http://free.avg.com/gb-en/remove-win32-virut
0
 
LVL 29

Accepted Solution

by:
Sudeep Sharma earned 125 total points
ID: 39271472
Almost all the vendors have Virut cleaner available, you could try other cleaners too if required and do post the logs once the tools are finished running.

http://support.kaspersky.com/2735?el=88446

http://www.symantec.com/security_response/writeup.jsp?docid=2009-022016-4444-99

Sudeep
0
 
LVL 38

Expert Comment

by:younghv
ID: 39335086
I've requested that this question be closed as follows:

Accepted answer: 168 points for nobus's comment #a39261638
Assisted answer: 166 points for SSharma's comment #a39271472
Assisted answer: 166 points for MASQUERAID's comment #a39262271

for the following reason:

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
 

Author Comment

by:bbbb2
ID: 39330848
agree with
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Sub-Titled: “My Way” (with apologies to Francis Albert Sinatra) Let me start by stating emphatically that I am one of those Experts who prefer doing things “My Way”. It’s kind of a no-brainer. “The following procedure works for me, so here is …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now