Many other hits for advanced virus remover or advanced virus removal, though, including comparable instructions. One of them might be all you need.
| Forum Announcement |
Welcome to the new CNET Forums! Please don't panic. You are not in the Twilight Zone, you are experiencing the new CNET forums platform! Please click here to read the details. Thanks!!
My computer has been hit the Avanced Virus Removal and everything I try to do to get rid of it doesn't work.
I started by downloading Malwarebytes and running it. As soon as it starts to scan it disappears. I then renamed the .exe file when installing with the same result. After that I tried right clicking on the short cut, hitting properties, and then find target to get into malware.exe folder from there - no luck.
I then went to my program files; C:\Program Files\Malwarebytes' Anti-Malware, hoping it would be there - nothing.
After that I read that a system restore can help, but when I go to restore my computer through help and support it says the application is infected and won't open it.
I've also tried other spyware/malware removal software such as SuperAntiSpyware, Avira, and SpyTools with the same results.
I'm using a Dell XPS 410 and it runs on Windows XP. Everything I've tried to do has been while the computer is in "safe mode with networking."
I'm losing my mind. Any help and suggestions are much appreciated. Thanks.
I tried removing it manually. I got through the first step - removing it in the program files, but when I tried to get into windows task manager, by hitting "start" and then "run" and then typing either tskmgr or cmd I got:
Application can not be executed. File infected. Please update your antivirus software.
same thing happens when i hit ctrl+alt+del or ctrl+shift+esc
ok, downloaded and ran it from the .zip file.
here is where i'm at:
Process list saved on 11:16:30 AM, on 8/16/2009
Platform: WinNT 5.01.2600 SP3
[pid] [full path to filename] [file version] [company name]
856 C:\WINDOWS\System32\smss.exe 5.1.2600.5512 Microsoft Corporation
908 C:\WINDOWS\system32\csrss.exe 5.1.2600.5512 Microsoft Corporation
932 C:\WINDOWS\system32\winlogon.exe 5.1.2600.5512 Microsoft Corporation
976 C:\WINDOWS\system32\services.exe 5.1.2600.5755 Microsoft Corporation
988 C:\WINDOWS\system32\lsass.exe 5.1.2600.5512 Microsoft Corporation
1156 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
1284 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
1460 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
1556 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
1716 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
2040 C:\WINDOWS\Explorer.exe 6.0.2900.5512 Microsoft Corporation
716 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
1228 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.5512 Microsoft Corporation
1380 C:\WINDOWS\system32\svchost.exe 5.1.2600.5512 Microsoft Corporation
1396 C:\Program Files\Safari\Safari.exe 4.530.19.1 Apple Inc.
1124 C:\WINDOWS\system32\winupdate.exe 184.108.40.20685 Microsoft Corporation
624 C:\WINDOWS\system32\ctfmon.exe 5.1.2600.5512 Microsoft Corporation
1564 C:\Documents and Settings\Ryan\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe 220.127.116.11 Google
1916 C:\DOCUME~1\Ryan\LOCALS~1\Temp\Temporary Directory 1 for ibprocman.zip\IBProcMan.exe 18.104.22.168 Soeperman Enterprises Ltd.
It gives me the option to Kill Processes (as well as Run and Refresh.) I'm not sure which processes to kill. I don't want to crash my computer by choosing the wrong one, and I don't see the processes listed here http://www.spywareremove.com/removeAdvancedVirusRemover.html
Very confused now.
sometimes these things hide in legit places.
Bleeping Computer, which I much prefer over SpywareRemove also has removal instructions but if you scroll down past the ads on the page, you will see that it involves MBAM which you are having problems with.
Perhaps the best thing for you to do would be to post a HJT log at ONE of the forums below.
CNET does not analyze HJT logs but below is a list of some of the forums that do. You will have to join to post as you did at CNET.
Download HijackThis from http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Save it in your desktop. Double-click HijackThis.exe
Click Scan and save log.
Please post a log at ONE of the below forums. Please be patient with them they are busy.
Good luck and please let us know how you are doing.
I downloaded HijackThis and scanned and saved. However, when I went to look at it it had disappeared. I went to do the scan again and got this message:
"Windows can not access the specified device, path, or file. You may not have the appropriate permissions to access the item."
I have no idea what to do now. I did read in the forums that downloading malwarebytes to flashdrive and running it from there might help. Thoughts?
Unless you have an older version, this is not going to be a one-shot fix. The newest variant of this is nastier than the older one, in that if you initially delete its files, they will break things. It's like saying, "Buy my product, or I'll break your computer."
For that reason, there is a procedure to follow for cleaning.
Following Roddy's suggestion to post in a malware removal forum is the way to go with this -- if it is not too late.
If you cannot run MBAM, you probably want to stop wasting your time and just download Avira's free rescue CD. you are going to need a clean computer to do this, with a CD burner and a blank CD. The link for the downloadable image is here:
Just follow the directions, burn the disk, and boot off the disk on the infected system. Make sure that any files you want to delete are not critical system files. If you need to do research on the internet on that 2nd clean PC before deleting files, then I would do that. This approach will probably save you time in the end.
After running a scan from a bootable CD, you then should be able to run MBAM, SAS, and AVP.
Kaspersky Labs makes a free virus tool, based off their KAV 7 enginge, with full virus definitions, updated several times a day. The AVP tool is available here:
It is digitally signed by kaspersky labs.
Tired of your tricky Wi-Fi password?
Stop trying to memorize a complicated sequence of numbers and letters. Learn how to change the default password.