Spyware, Viruses, & Security forum

General discussion

How do I kill Antivir Pro?

My wife's computer has been invaded by Antivir Pro. Anybody familiar with it and how to kill it?

The computer is a Dell desktop running WinXP SP3. The malware has the classic approach of a warning screen with the message "Your computer may be infected. Start virus scan now?" With other such pop-ups, to avoid touching the offending program I have always gone directly to Task Manager (ctrl/alt/del) and shut it down from there. Has always worked in the past. But Antivir blocks the Task Manager from coming up. It won't let me start AVG (which is probably running in the background anyway, but has somehow been outsmarted by Antivir.)It even sends a message via the Windows Security icon (making it appear legitimate), asking if I want to run a virus scan. I can't find any way to get around this thing. Any ideas out there?

NTG

Discussion is locked
You are posting a reply to: How do I kill Antivir Pro?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: How do I kill Antivir Pro?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re: How do I kill Antivir Pro?

In reply to: How do I kill Antivir Pro?

Collapse -
Stymied

In reply to: Re: How do I kill Antivir Pro?

Per instructions at that site, I downloaded fixmt onto my own computer and then copied to my wife's computer without problem. But when I tried to use fixmt, I was unable to execute it, just as I am unable to excecute anything else.
What now? Call the Geek Squad?

*

Collapse -
No Need To Call The Geek Squad..

In reply to: Stymied

NT..

Until Tufenuf's return, there's something worth trying. I'd hate to see you wasting money to have it repaired, when there are tools at your disposable, which might help.

The below removal guide instructs you how to run the Rkill tool (Step 9), just prior to scanning with Malwarebytes' Anti-Malware (MBAM). Its purpose is to kill malicious processes, thus allowing removal applications to run. Follow ALL the steps referring to Rkill and MBAM. (To include NOT rebooting between running the two)

Check IE, on the outside chance her settings have been changed to use a proxy server. (See the guide)

Remove Antivir Solution Pro (Uninstall Guide)

If you find you're unable to download the files (to include MBAM) to your wife's computer, you're going to have to download them to yours and transfer them to hers. (Flash drive, CD/DVD, etc)

If you run into any problems along the way, please do not hesitate to post back and ask.

Best of luck..
Carol

Collapse -
Question on the side

In reply to: How do I kill Antivir Pro?

While I'm working on getting rid of this little nasty, I'm wondering what, if anything, is being done or can be done about this malware and other like it? Is there any way for law enforcement to get at the originators? Any way for a ticked-off power user to find where the infection came from and send a bomb back to the site? How do malware programs like this manage to survive? Just curious.

MTG

Collapse -
Antivir Pro

In reply to: Question on the side

It make changes to internet explorer. for immediate return. you can simply setup internet explorer as follows.

Restart your computer with safe mode.

from Start --> RUN --> inetcpl.cpl--> connections -->LAN settings --> unchecked the ?Use a proxy server for your LAN? option. you can use internet now.

To remove...

Download and use Malwarebytes? Anti-Mawlare tool from malwarebytes.com.


Regards.
Natheer Sheriff (Akkaraipattu)

Collapse -
Fixed it

In reply to: How do I kill Antivir Pro?

Following the suggestions posted here, I was able to eliminate the problem. Thanks, everybody!

NTG

Collapse -
Uh, no I didn't. . .quite

In reply to: Fixed it

By using Malwarebytes I was able to make the nasty go away. But it came back.

So I ran exactly the same procedure again: start in safe mode, run rkill, run malwarebytes, clean out the displayed infections. (There were a bunch of them again.) Computer now booted up fine in normal mode.

Then I ran my regular AVG scan. That picked up six more infections, one of them labeled a trojan downloader, and the others labeled FakeAlerts. Killed them all, and now the computer is running fine again.

So, if you have this problem and follow the instructions above, when you are back in operation, run your regular antivirus program scan.

NTG

Collapse -
It's Advisable To Run MBAM A Few Times..

In reply to: Uh, no I didn't. . .quite

NT...

It's good to run MBAM a few times, even if the first scan comes up clean. MBAM, along with other tools, don't always pick everything up, the first time around. I would suggest also running a Complete Scan with SUPERAntiSpyware. You can download SUPERAntiSpyware FREE Edition from here.

As far as what AVG detected. I don't know what AVG found on your system, but I've (recently) read where a few AVG user's have been reporting the same "malware". In other words, it may have been a false positive. I'm not saying this is your case. Only that the possibility exists.

Carol

Collapse -
That's new to me

In reply to: It's Advisable To Run MBAM A Few Times..

I've always assumed that what a virus program didn't pick up the first time through it wouldn't pick up at all. So are you suggesting that whenever I run a routine scan, I repeat it once or twice?

*

Collapse -
Not With A Routine Scan

In reply to: That's new to me

Only when trying to rid yourself of the type of infection you experienced. You mentioned you were able to "make the nasty go away, but it came back".

At times, you may find ... it never left. Hence, my recommendation. Not sure what happened in your case. All I know is .. you did a good job!

Hope this helps..
Carol

Collapse -
Type quickly to break through AntiVir scamware

In reply to: Uh, no I didn't. . .quite

If you can't break in to get anything to run when trying to get rid of this problem, you will need to be able to launch something (I suggest regedit, though almost any other of the system utilities will be able to help).
As the system comes up to the point where you can hit Windows+r to get a run window, type regedit quickly before the virus launches the executable blocker. I was able to get both regedit and msconfig launched before the blocker stopped me.
I've seen this create a key in HKLM>Microsoft>Windows>Run and list an executable using apparent random letters (mine used adnxvdxd) and store its executable in [userid]\local settings\application data\ohjhorxhg\fpipinsntssd.exe.

Every time I've seen it on a machine, it tends to use random letters in its key.

DO NOT FORGET TO FIX THE INTERNET CONNECTION ISSUE WITH THE PROXY SETTING (see previous notes.)

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.