Question:
HELP!!! COMPUTER UNDER ATTACK BY FAKE "ANTIVIRUS SOFT" AND CAN'T ACCESS ANYTHING!?
1970-01-01 00:00:00 UTC
HELP!!! COMPUTER UNDER ATTACK BY FAKE "ANTIVIRUS SOFT" AND CAN'T ACCESS ANYTHING!?
Sixteen answers:
2010-01-30 07:31:20 UTC
None of those responses worked for me :( I have the same thing, just popped up this morning
2016-10-19 02:29:06 UTC
Yeah, you could attempt booting up in risk-free mode with networking. After that by using fact the different human beings have pronounced, acquire an anti virus. i might propose A-Squared unfastened or Hitman professional, all are very solid suggestions and could be waiting to restoration your difficulty.
2014-08-22 04:44:06 UTC
There are a lot of different ideas about what is the best antivirus software on the market. I tried a lots of AV programs. The best for me is Avira, the latest version is amazing, it's realiable, safe. You can get it for free here http://bit.ly/1r2fUdB
2014-08-10 04:20:48 UTC
Hey there,

Here I got Avira Free Antivirus for free http://j.mp/1r2fZOo

Very useful program!

Hope it helps.
Kukoo
2010-01-30 10:17:59 UTC
Hi ,



I opened my computer this morning & experienced this problem . Thanks to the Original Poster and those who have replied -- Thanks Folks for such prompt responses . I tried the malware .. it might have done some of the work but the problem remained . Heres how I ve resolved the problem .



Ran a couple of s/ws mentioned above resarting the computer after every run .

Followed the instructions as a guide and found similar entries in the regedit -

Go to Safe Mode with NW .. Remove the Proxy .

Start - Run - Regedit ...

Found an entry AVSOFT instead of AVSCAN ... rt clicked and renamed to 'NAVSOFT' .

Removed the Proxy Server value by db clicking the regedit entry . The same ip was there .

Removed Proxy Override property in the same manner .

Found the Run entry as RunOnce ... Rt clicked & renamed to NRunOnce ...

Invalid Signature ... deleted '1'



Where I did not find the exact match I found a very close match . If a value was there for that entry as mentioned , I removed that value . Else I renamed by adding an 'N' .. in case I need to revert back .



Its worked for me and after successfully logging back in normal mode , I have downloaded Avast free Anti Virus as well as Super Anti Spyware .... Currently scanning with Avast & will follow up with SAS ... Remmeber to update both of these to the latest ( there s an option to download updates & sync ) before scanning ... While scanning turn off your I net connection as it is not needed .... Both these s/ws stay on at run time ....



Hope this helps .
dmick152002
2010-01-30 09:54:46 UTC
RE: ANTIVIRUS SOFT VIRUS



I couldn't access anything executable, couldn't go in safe mode or last good config. After only a few hours, my computer was done... after each restart, I got the blue screen and it immediately shut down.



What I am doing...

I purchased an external drive enclosure and I'm saving my files to it. Then I will reload my OS.
?
2010-01-30 06:08:27 UTC
Antivirus Soft removal instructions:

http://www.geekpolice.net/malware-removal-guides-f12/how-to-remove-antivirus-soft-removal-guide-t18839.htm

http://deletemalware.blogspot.com/2010/01/how-to-remove-antivirus-soft-fake.html
JBNOVICE
2010-01-30 05:59:55 UTC
YOU ARE INFECTED BY THE LATEST VARIANT OF THE "ANTIVIRUS LIVE" VIRUS.



My antivirus software did not find or stop it either.



I found it by rebooting in safe mode (F8) and going into regedit



did a search on guard.exe and found 3 callls to drfmsysguard.exe which i deleted from registry (after exporting) . also delete actual exe from c:\windows\prefetch.



This seemed to work for me



Note that the letters before guard.exe are randomly generated by virus and may differ on your machine
Screaming Sun
2010-01-29 22:48:59 UTC
Restart in safe mode and run your antivirus. If you don't have antivirus you may have to wipe your HD and reinstall windows.
lolg
2010-01-29 22:52:25 UTC
Get into Windows in Safe Mode with Networking. Choose an Adminsitrative user and Download Avira Antivir and install it. Then, Scan you pc and remove all the detections. Then, Download Malwarebytes and scan the system using it, remove the detections. Finally Download and Install McAfee SiteAdvisor to prevent you from visiting infected sites in the future.



Avira AntiVir can be downloaded from: http://download.cnet.com/Avira-AntiVir-Personal-Free-Antivirus/3000-2239_4-10322935.html?tag=contentMain;contentAux



Malwarebytes can be downloaded from: http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?tag=contentMain;contentAux



McAfee SiteAdvisor can be downloaded from: http://download.cnet.com/McAfee-SiteAdvisor/3000-18510_4-75016155.html?tag=mncol



All the best and happy computing.
?
2010-01-30 07:55:08 UTC
Hi

This will give you a hint as to what you need to do about this Antivirus Soft malware http://windowsprotection.net/how-to-remove-antivirus-soft-antivirussoft-removal-guide/ .

This post provides the detailed description of Antivirus Soft and the rogue anti-spyware species it belongs to. There's additionally a set of tips and tricks to get rid of Antivirus Soft menace manually (by deleting the bad files and Windows registry keys) or via the use of automatic remover.

Check this out, it helps!
2010-01-29 22:51:12 UTC
If you can't completely erase everything on your computer (and then reinstall your OS, which is about the only way to fix it) you can try swapping the hard drive and starting anew. Or I have had sucess loading Linux Unbuntu and using that to do a full deletion of everything on your puter (For the simple fact that most viruses are written for windows not linux)
Rayna
2010-01-29 23:00:22 UTC
don't worry just open google and search how to remove antivirus 2009 if you are not able to access google than follow these steps &you will free from infection have a nice day





Antivirus 2009 manual removal:

Kill processes:

av2009.exe av2009[1].exe AV2009Install.exe Antivirus2009.exe

HELP:

how to kill malicious processes



Delete registry values:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\ CurrentVersion\Run\15358943642955870504508370025739

HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”Antivirus” = “%ProgramFiles%\Antivirus 2009\Antvrs.exe”

HKEY_CURRENT_USER\Software\Antivirus

HELP:

how to remove registry entries



Unregister DLLs:

shlwapi.dll wininet.dll

HELP:

how to unregister malicious DLLs



Delete files:

av2009.exe av2009install.exe av2009install_0011.exe av2009[1].exe Antivirus2009.exe ieupdates.exe scui.cpl %program_files%\\antivirus 2009\\av2009.exe %startmenu%\\antivirus 2009\\antivirus 2009.lnk %startmenu%\\antivirus 2009\\uninstall antivirus 2009.lnk winsrc.dll %desktopdirectory%\\antivirus 2009.lnk winsrc.dll ieupdates.exe av2009install_0011.exe av2009install.exe %program_files%\\antivirus 2009\\av2009.exe

HELP:

how to remove harmful files



Delete directories:

C:\Program Files\Antivirus 2009
2010-01-29 22:51:17 UTC
Hi,

Go to another computer and download UBCD program, make a CD and boot and repair your machine from that.

http://www.ultimatebootcd.com/
2010-01-29 22:53:55 UTC
yet another person falls for fake virus protection xD

take it to a computer tech :)

or kick the **** outa the comp and reformat the drive
givemetruth
2010-01-30 08:28:02 UTC
I tried the malwarebytes, and it did not resolve it. This sucks.


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...