The Orange Mane -  a Denver Broncos Fan Community  

Go Back   The Orange Mane - a Denver Broncos Fan Community > Orange Mane Discussion > Orange Mane Central Discussion
Register FAQ Members List Calendar Chat Room Mark Forums Read



Reply
 
Thread Tools Display Modes
Old 02-17-2009, 10:26 PM   #1
Br0nc0Buster
2013 AFC Champs
 
Br0nc0Buster's Avatar
 
Oh........yea

Join Date: Apr 2007
Location: Kansas
Posts: 6,007
Default Looking for advice from computer knowlegable people

I got this virus(actually I think it is a type of spyware) called "MS Antivirus 2009" like a day or two ago.

I didnt download anything on my computer, but I think my trojan adclicker(another virus I had at the time) must of got it on my computer.

Anyways I ran the ComboFix scan and the Malwarebytes scan and it helped clean up a lot of stuff, but I have yet to get rid of the "MS Antivirus" thing

Ever since I got that it wont let me click on any links in the internet, and I cant download anything(which is extremely inconvenient since I have to download notes a lot).

I am looking for any advice for how to get rid of this.
I cant find it anywhere, no scanner can pick it up, any opinions would be welcomed.

thanks
Br0nc0Buster is offline   Reply With Quote
Sponsored Links
Old 02-17-2009, 10:37 PM   #2
SureShot
Hurry! Hurry!
 
SureShot's Avatar
 

Join Date: May 2006
Location: Denver
Posts: 5,939

Adopt-a-Bronco:
Matt Russell
Default

Get a Mac!

First!
SureShot is offline   Reply With Quote
Old 02-17-2009, 10:39 PM   #3
SureShot
Hurry! Hurry!
 
SureShot's Avatar
 

Join Date: May 2006
Location: Denver
Posts: 5,939

Adopt-a-Bronco:
Matt Russell
Default

JK I dont own a Mac. I'm surprised Malwarebytes didn't pick it up.
SureShot is offline   Reply With Quote
Old 02-17-2009, 10:50 PM   #4
Bronco Bob
Tastee Freeze
 
Bronco Bob's Avatar
 

Join Date: Dec 2002
Posts: 9,538

Adopt-a-Bronco:
Montee Ball
Default

Go to the task manager. (open by pressing ctrl+alt+delete)
End process the process name nearest to the name of the pop-up.
It will be something like AV09.exe
If you have successfully turned off the pop-up,
go to the program files folder.
Delete the whole folder of that AntiVirus 2009.

Also have you tried Spybot Search & Destroy. It's found and gotten
rid of stuff on my computer, including trojans.
Bronco Bob is offline   Reply With Quote
Old 02-17-2009, 11:06 PM   #5
Los Broncos
Broncos Country
 
Los Broncos's Avatar
 

Join Date: Jun 2006
Location: Eastern Utah
Posts: 18,703

Adopt-a-Bronco:
Ryan Clady
Default

Reformat is my first choice or reimage, I use Nlite to just restore the image in about 10 minutes.
Los Broncos is offline   Reply With Quote
Old 02-17-2009, 11:43 PM   #6
OBF1
Ring of Famer
 

Join Date: Apr 2004
Location: Orlando, Florida
Posts: 15,756

Adopt-a-Bronco:
Marvin Austin
Default

Stay away from the gay porn sites
OBF1 is offline   Reply With Quote
Old 02-17-2009, 11:46 PM   #7
Wes Mantooth
Ring of Famer
 
Wes Mantooth's Avatar
 

Join Date: Jan 2005
Posts: 2,902
Default

Quote:
Originally Posted by Iron Clady View Post
Reformat is my first choice or reimage, I use Nlite to just restore the image in about 10 minutes.
Agree here. Start over. You will spend less time and less $$.

Next, get a total Spyware and Antivirus solution. Shouldn't have to spend more than $50.
Wes Mantooth is offline   Reply With Quote
Old 02-18-2009, 12:53 AM   #8
ZONA
Ring of Famer
 
ZONA's Avatar
 

Join Date: Jan 2006
Location: Phoenix, AZ
Posts: 10,738

Adopt-a-Bronco:
Chris Harris
Default

Well, you may not want to hear this but that is one nasty MF you got there bro. I had that one too. You can't just delete the folder it's in because the true problem lies in the registry. If you just delete the folder, it re-creates itself since you didn't get rid of the source. I ran Spybot and several others and all they do is detect the file that shows it's face, but not the one imbedded into the registry.


There is a fix out there but it's a long process and unless you know how to edit a registry, you might just want to roll back or even reformat.

In the future, if you ever get a pop up that says it has found spyware on your PC, stop, don't do anything, don't click anything. Hit CTRL+ALT+DEL and close down IE if that's what you were using.

Also, use Firefox instead of IE, you will have less trouble in the future.



Here's the manual fix I did. You have to un-register a bunch of dll files and stuff but it worked for me.



Manual Antivirus 2009 Removal Instructions:

Unregister Antivirus 2009 DLL Files:
(Learn how to do this)
shlwapi.dll
wininet.dll

Stop Antivirus 2009 Processes:
(Learn how to do this)
av2009.exe
Antivirus 2009.lnk
Uninstall Antivirus.lnk
Antivirus2009.exe

Find and Delete these Antivirus 2009:
(Learn how to do this)
av2009.exe
Antivirus2009.exe
shlwapi.dll
wininet.dll
Antivirus 2009.lnk
Uninstall Antivirus 2009.lnk

Remove Antivirus 2009 Registry Values:
(Learn how to do this)
HKEY_CURRENT_USER\Software\Antivirus
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\”Antivirus” = “%ProgramFiles%\Antivirus 2009\Antvrs.exe”

Last edited by ZONA; 02-18-2009 at 01:02 AM..
ZONA is offline   Reply With Quote
Old 02-18-2009, 01:57 AM   #9
TDmvp
Ring of Famer
 
TDmvp's Avatar
 
This ones for Pat...

Join Date: Mar 2004
Posts: 8,392
Default

first one is online scan and free ... I run this once a month or so , finds things my mcafee misses , kills spyware and trackers ... normally gets everything ... easy ... simple ...

http://housecall65.trendmicro.com/


this will most likely kill the thing you have picked up ...
I could make a living cleaning those stupid fake virus scan viruses out of friends and families pcs ..

http://www.malwarebytes.org/index.php
TDmvp is offline   Reply With Quote
Old 02-18-2009, 02:19 AM   #10
Wes Mantooth
Ring of Famer
 
Wes Mantooth's Avatar
 

Join Date: Jan 2005
Posts: 2,902
Default

by this time, you would have already had it rebuilt by now.
Wes Mantooth is offline   Reply With Quote
Old 02-18-2009, 04:49 AM   #11
i4jelway7
Ring of Famer
 
i4jelway7's Avatar
 
loves haters & trolls

Join Date: Apr 2005
Posts: 2,251
Default

If you have an idea about when you got the virus, you can use system restore and go back to an earlier time when you didn't have the virus, provided the virus did not disable the system restore which it probably did.
i4jelway7 is offline   Reply With Quote
Old 02-18-2009, 05:42 AM   #12
chadta
Atomic Meatball Keeper
 
chadta's Avatar
 

Join Date: Aug 2004
Location: Hamilton, Ontario
Posts: 2,934

Adopt-a-Bronco:
The Mc Rib
Default

Quote:
Originally Posted by TDmvp View Post
first one is online scan and free ... I run this once a month or so , finds things my mcafee misses , kills spyware and trackers ... normally gets everything ... easy ... simple ...

http://housecall65.trendmicro.com/


this will most likely kill the thing you have picked up ...
I could make a living cleaning those stupid fake virus scan viruses out of friends and families pcs ..

http://www.malwarebytes.org/index.php
i second this with a footnote, i run the scan after booting up in safe mode, ive had a couple things before where you had to run safemode to get ride of them.

i also agree with the firefox vs ie thing, and wouldnt be caught dead without my NOD32
chadta is offline   Reply With Quote
Old 02-18-2009, 06:34 AM   #13
ksBRONCOfan
I love beer and Broncos!
 
YUM-O!

Join Date: Dec 2005
Location: McPherson, KS
Posts: 1,017

Adopt-a-Bronco:
Pat Bowlen
Default

Talk to Rev. He had a thread about this awhile back. I don't recall if he ever posted what finally took care of it.
ksBRONCOfan is offline   Reply With Quote
Old 02-18-2009, 10:31 AM   #14
ZONA
Ring of Famer
 
ZONA's Avatar
 

Join Date: Jan 2006
Location: Phoenix, AZ
Posts: 10,738

Adopt-a-Bronco:
Chris Harris
Default

Quote:
Originally Posted by ksBRONCOfan View Post
Talk to Rev. He had a thread about this awhile back. I don't recall if he ever posted what finally took care of it.
Why would he do that. I had it also and posted exact instructions on how to remove it. Why does he need to talk to Rev?


Broncobuster - you can do online scans and this and that but isn't that the kinda of crap that got you where you are now? I don't trust any of those sites or programs. I've read many articles and reviews on how even current adware and spyware removal tools actually place tracking cookies on your system.

Screw all of them. Do it the RIGHT WAY. Do it yourself. Remove the bug manually using the tools in your OS. It's not that hard to do. Everybody thinks they are a PC tech now a days. I've been doing it for 10 years and went to school for it also.

I'm not saying any of those programs mentioned are bad (although anybody who has Macafee or Norton really should get rid of those, they are a damn virus in their own right but I won't get into that now).

I use Superantispyware and Spybot S&D to do scans but when I get a nasty bug, I find the manual instructions on how to clean it from top to bottom. Those programs can only do so much. For the most part, they don't edit your damaged registry. Sometimes people actually think there PC is clean from infected files when they run these scans and see that files were removed or fixed but they are totally unaware of the hidden bugs still in their system.
ZONA is offline   Reply With Quote
Old 02-18-2009, 10:36 AM   #15
Kaylore
4 time AFCW Champs
 
Kaylore's Avatar
 
12 straight road division wins

Join Date: Aug 2004
Location: Ceti Alpha V
Posts: 47,204

Adopt-a-Bronco:
Pat Bowlen
Default

You'll need to run HijackThis and to post the report so people here can tell you what you need to delete out of your registry.
Kaylore is online now   Reply With Quote
Old 02-18-2009, 10:43 AM   #16
SoDak Bronco
Lace em' up and lets go!!
 
SoDak Bronco's Avatar
 
Von Miller aka QB Killa

Join Date: Jun 2005
Location: South Dakota
Posts: 4,222

Adopt-a-Bronco:
Robert Ayers
Default

SoDak Bronco is offline   Reply With Quote
Old 02-18-2009, 10:45 AM   #17
gyldenlove
Ring of Famer
 
gyldenlove's Avatar
 

Join Date: Mar 2006
Location: Næstved, DK
Posts: 11,205

Adopt-a-Bronco:
Spencer Larsen
Default

I had that same issue about half a year ago, I booted to safe mode, (hold CTRL while booting, it will give you the boot menu), deleted the files that were created and deleted the keys from the registry. It takes about an hour to get it all right, then it is gone.

You can use the windows restore utility to remove the registry keys after you have deleted the files in safe mode. It should be in start, accessories, system tools, it will allow you to put your registry back to the way it was before you got the virus. If you do that in safe mode as well it will be all clean.
gyldenlove is offline   Reply With Quote
Old 02-18-2009, 03:44 PM   #18
Br0nc0Buster
2013 AFC Champs
 
Br0nc0Buster's Avatar
 
Oh........yea

Join Date: Apr 2007
Location: Kansas
Posts: 6,007
Default

Quote:
Originally Posted by ZONA View Post
Well, you may not want to hear this but that is one nasty MF you got there bro. I had that one too. You can't just delete the folder it's in because the true problem lies in the registry. If you just delete the folder, it re-creates itself since you didn't get rid of the source. I ran Spybot and several others and all they do is detect the file that shows it's face, but not the one imbedded into the registry.


There is a fix out there but it's a long process and unless you know how to edit a registry, you might just want to roll back or even reformat.

In the future, if you ever get a pop up that says it has found spyware on your PC, stop, don't do anything, don't click anything. Hit CTRL+ALT+DEL and close down IE if that's what you were using.

Also, use Firefox instead of IE, you will have less trouble in the future.



Here's the manual fix I did. You have to un-register a bunch of dll files and stuff but it worked for me.



Manual Antivirus 2009 Removal Instructions:

Unregister Antivirus 2009 DLL Files:
(Learn how to do this)
shlwapi.dll
wininet.dll

Stop Antivirus 2009 Processes:
(Learn how to do this)
av2009.exe
Antivirus 2009.lnk
Uninstall Antivirus.lnk
Antivirus2009.exe

Find and Delete these Antivirus 2009:
(Learn how to do this)
av2009.exe
Antivirus2009.exe
shlwapi.dll
wininet.dll
Antivirus 2009.lnk
Uninstall Antivirus 2009.lnk

Remove Antivirus 2009 Registry Values:
(Learn how to do this)
HKEY_CURRENT_USER\Software\Antivirus
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run\”Antivirus” = “%ProgramFiles%\Antivirus 2009\Antvrs.exe”

Well I am not computer illiterate, but I dont know nearly as much about this as you seem to

Here is what I have done so far since I got the rogue program:
I ran the Norton scan in safe mode(did nothing)
I went into safemode with networking and downloaded the malawarebytes and Combofix scanners and ran those

Malawarebytes did not open, but I renamed the Combofix something else when I downloaded it and it cleaned up a lot of stuff, but not that particular virus.

I dont know how to manually do all that stuff you listed, I dont even know how to reformat.
Should I start all over then and figure out how to reformat?

I cant run system restore, it says there are no restore points
Br0nc0Buster is offline   Reply With Quote
Old 02-18-2009, 03:55 PM   #19
ksBRONCOfan
I love beer and Broncos!
 
YUM-O!

Join Date: Dec 2005
Location: McPherson, KS
Posts: 1,017

Adopt-a-Bronco:
Pat Bowlen
Default

Quote:
Originally Posted by ZONA View Post
Why would he do that. I had it also and posted exact instructions on how to remove it. Why does he need to talk to Rev?


Broncobuster - you can do online scans and this and that but isn't that the kinda of crap that got you where you are now? I don't trust any of those sites or programs. I've read many articles and reviews on how even current adware and spyware removal tools actually place tracking cookies on your system.

Screw all of them. Do it the RIGHT WAY. Do it yourself. Remove the bug manually using the tools in your OS. It's not that hard to do. Everybody thinks they are a PC tech now a days. I've been doing it for 10 years and went to school for it also.

I'm not saying any of those programs mentioned are bad (although anybody who has Macafee or Norton really should get rid of those, they are a damn virus in their own right but I won't get into that now).

I use Superantispyware and Spybot S&D to do scans but when I get a nasty bug, I find the manual instructions on how to clean it from top to bottom. Those programs can only do so much. For the most part, they don't edit your damaged registry. Sometimes people actually think there PC is clean from infected files when they run these scans and see that files were removed or fixed but they are totally unaware of the hidden bugs still in their system.
Chill dude. I quickly scanned this thread first thing this morning before my first cup of coffee. Obviously I paid no attention to your post.
ksBRONCOfan is offline   Reply With Quote
Old 02-18-2009, 04:01 PM   #20
baja
Headmaster
 
baja's Avatar
 
The Fixer

Join Date: Apr 2001
Location: in the present moment
Posts: 61,250

Adopt-a-Bronco:
C J Anderson
Default

Not trying to be a smart ass here but I love my Mac.
baja is offline   Reply With Quote
Old 02-18-2009, 04:39 PM   #21
TDmvp
Ring of Famer
 
TDmvp's Avatar
 
This ones for Pat...

Join Date: Mar 2004
Posts: 8,392
Default

Quote:
Originally Posted by chadta View Post
i second this with a footnote, i run the scan after booting up in safe mode, ive had a couple things before where you had to run safemode to get ride of them.

i also agree with the firefox vs ie thing, and wouldnt be caught dead without my NOD32

agree ... safe mode
TDmvp is offline   Reply With Quote
Old 02-19-2009, 09:20 AM   #22
slatimer
Seasoned Veteran
 

Join Date: Sep 2003
Posts: 296

Adopt-a-Bronco:
Cody Latimer
Default

SuperAnti Spyware usually picks that up.

http://www.superantispyware.com/download.html

get the free version....

It is a nasty one and one of the worst I deal with. The federal government is hopefully going to start going after these fake alert companies.
slatimer is offline   Reply With Quote
Reply

Thread Tools
Display Modes



Forum Jump


All times are GMT -7. The time now is 11:21 PM.


Denver Broncos