How do i delete 'antivirus' software?

View previous topic View next topic Go down

How do i delete 'antivirus' software?

Post by tanyar on Thu Mar 11, 2010 8:33 am

Hi
In a panic I (stupidly) installed an antivirus software called 'Antvirus soft' related to one of those 'security alert' virus/trojan horses that I got yesterday. Now, I'm trying to install a legitimate antivirus software (McAfee) but it won't install until i remove the Antivirus soft. I tried deleting it and it seems like the folder it was contained in has disappeared from my c drive, but McAfee is still detecting it somewhere and will not install/run. Please can anyone help me i) find where Antivirus soft is now located and; ii) to delete it. Thanks. Tanya

tanyar
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-11
OS OS : i dont know
Points Points : 24688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: How do i delete 'antivirus' software?

Post by Dr Jay on Thu Mar 11, 2010 5:54 pm

Hello! We need to do some diagnostics to get started.

1. Please download [You must be registered and logged in to see this link.] by noahdfear.
  • Save it to your desktop.
  • Double-click profiles.exe and post its log when you reply


2. Download [You must be registered and logged in to see this link.] by ad13 and save it to your Desktop.
  • Double-click Win32kDiag.exe to run Win32kDiag and let it finish.
  • When it states "Finished! Press any key to exit...", press any key on your keyboard to close the program.
  • Double-click on the Win32kDiag.txt file that is located on your Desktop and post the entire contents of that log as a reply to this topic.


3. Please download [You must be registered and logged in to see this link.] by me, and save to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.zip, and extract the file to your Desktop.
  • Double-click on Cheetah-Anti-Rogue.cmd to start.
  • It will finish quickly and launch a log.
  • Post the contents of it in your next reply.


4. In your next reply, please post the following logs for my review:
  • Profiles log (1)
  • Win32kDiag log (2)
  • Cheetah log (3)


Thanks! Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: How do i delete 'antivirus' software?

Post by tanyar on Thu Mar 11, 2010 10:08 pm

Hi Dragon Master Jay

Thanks for your reply. As requested, for your review, please see below.

Profiles log(1):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2718311291-1536665785-1674959463-1006
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Rofani

SystemRoot REG_SZ C:\WINDOWS


Win32kDiag log(2) is:
Running from: C:\Documents and Settings\Rofani\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Rofani\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...





Finished!

Cheetah log(3):
Cheetah-Anti-Rogue v1.3.23
by DragonMaster Jay

Microsoft Windows XP [Version 5.1.2600]
Date: 11/03/2010 - Time: 22:04:20 - Arch.: x86


-- Malware removal tools check --


-- Known infection --

C:\DOCUME~1\Rofani\LOCALS~1\Temp\VGX8.tmp (Trj.FakeAlert)


Extra message: Detection only.


EOF

tanyar
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-11
OS OS : i dont know
Points Points : 24688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: How do i delete 'antivirus' software?

Post by Dr Jay on Thu Mar 11, 2010 10:20 pm

Please download RootRepeal from [You must be registered and logged in to see this link.].

  • Extract the program file to your Desktop.
  • Run the program RootRepeal.exe.
  • Click Settings > Options. Drag the slider to High Level. Then, click the Red X.
  • Go to the Report tab and click on the Scan button.


  • Select ALL of the checkboxes and then click OK and it will start scanning your system.

  • If you have multiple drives you only need to check the C: drive or the one Windows is installed on.
  • When done, click on Save Report
  • Save it to the Desktop.
  • Please copy/paste the contents of the report in your next reply.

Please remove any e-mail address in the RootRepeal report (if present).


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: How do i delete 'antivirus' software?

Post by tanyar on Fri Mar 12, 2010 3:13 pm

HI
As requested below are the contenst of the report.

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/03/12 15:09
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA39C000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7ABC000 Size: 8192 File Visible: No Signed: -
Status: -

Name: hiber_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\hiber_WMILIB.SYS
Address: 0xF7AA4000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA85BD000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

tanyar
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-11
OS OS : i dont know
Points Points : 24688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: How do i delete 'antivirus' software?

Post by Dr Jay on Fri Mar 12, 2010 3:24 pm

Ok. That was short. Open Grin

Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].
Alternate link: [You must be registered and logged in to see this link.].
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)

Double Click mbam-setup.exe to install the application.

(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: How do i delete 'antivirus' software?

Post by tanyar on Tue Mar 23, 2010 10:32 am

Hello
As requested a copy of the MBAM log is below. Thanks, tanya

Malwarebytes' Anti-Malware 1.44
Database version: 3902
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

23/03/2010 10:19:46
mbam-log-2010-03-23 (10-19-46).txt

Scan type: Full Scan (C:\|)
Objects scanned: 157904
Time elapsed: 46 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

tanyar
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-11
OS OS : i dont know
Points Points : 24688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: How do i delete 'antivirus' software?

Post by Dr Jay on Tue Mar 23, 2010 4:59 pm

I need to see a full log to see what infection is on the computer.

Please post a full log.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: How do i delete 'antivirus' software?

Post by tanyar on Tue Mar 23, 2010 5:41 pm

Ok - the only log i saved is the one i copied above- also i deleted the files that were infected following the last scan - do ineed to do a full scan again to provide a full log?

Tanya

tanyar
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-11
OS OS : i dont know
Points Points : 24688
# Likes # Likes : 0

View user profile

Back to top Go down

Re: How do i delete 'antivirus' software?

Post by Dr Jay on Tue Mar 23, 2010 6:58 pm

Please run a free online scan with the [You must be registered and logged in to see this link.]
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: How do i delete 'antivirus' software?

Post by Dr Jay on Mon Mar 29, 2010 3:36 pm

Still with us?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13714
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302072
# Likes # Likes : 10

View user profile

Back to top Go down

Re: How do i delete 'antivirus' software?

Post by tanyar on Fri Jul 02, 2010 10:34 am

Hi
Sorry have been offline writing exams and dissertation. I tried to run ES online scaner but I am unable to run the scnner because when the terms and conditions window pops up, it is too large for the screen of my notebook and I cannot see or click on the 'I accept' or 'run'. What should I do?

tanyar
Novice
Novice

Posts Posts : 6
Joined Joined : 2010-03-11
OS OS : i dont know
Points Points : 24688
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum