Infected with Antivir Solution Pro

View previous topic View next topic Go down

Infected with Antivir Solution Pro

Post by icetrash on Thu 22 Jul 2010, 2:23 am

Hey guys!

Would like to firstly say thanks for looking at my post and (hopefully) having the time to reply. Really appreciate it!

I have recieved the 'Antivir Solution Pro' trojan/virus. I could not access any program; Internet, Windows Defender, CCleaner... ANYTHING! So I went on my mothers laptop and found many sites that recommended entering safe mode with network capabilities. I have, and am currently on the infected laptop typing this post.

Many sites suggest downloading Spyware Doctor, but as I do not own a credit card and my mother does not trust entering details online, I have had to resort to doing it manually! (Unless there are free programs about I don't know about?)

I tried to follow this sites way of manually removing it (http://www.411-spyware.com/remove-antivir-solution-pro) but just got waaay to scared when it came to deleting the registry bits. I deleted the 'files' section, and am quite comfortable I deleted the right one. The only other thing I deleted was the 'HKEY_CURRENT_USER\Software\avSofT' in the registry folder, but it was named like 'AVSolutions' instead of 'avSofT'. Once again I am quite comfortable. But then I am having troubles deciding what are all the others, so this is as far as I went and the only files I deleted.

I am currently running a Windows Defender full system scan over night, so I shall see how that goes.

I have tried to help you by downloading the 'OTL' but it says access denied?

EDIT: Am currently running Vista Business

~~Icetrash

icetrash

Unborn
Unborn

Posts : 2
Joined : 2010-07-22
Operating System : PC

View user profile

Back to top Go down

Re: Infected with Antivir Solution Pro

Post by Sneakyone on Thu 22 Jul 2010, 5:43 am

Hi, Welcome to GeekPolice.net!

Geekstogo is down due to a URL injection attack that is why you are unable to download OTL.


Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.







I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Infected with Antivir Solution Pro

Post by icetrash on Thu 22 Jul 2010, 1:50 pm

ComboFix seemed to cause more trouble. I couldn't get it to work it kept popping up with a message that it is not a Win32 application. Then it said 'Access Denied'

Anyway, Windows Defender deleted the virus (or so it said...) I am currently in Normal Mode typing on the infected computer. But there still are some symptoms:

- When on startup comes up with a messge ' "Run DLL" Error loading C:\Users\User\AppData\Local\kerct8.dll'. This has never come up before

- Overall slowness to the computer

~~Icetrash

icetrash

Unborn
Unborn

Posts : 2
Joined : 2010-07-22
Operating System : PC

View user profile

Back to top Go down

Re: Infected with Antivir Solution Pro

Post by Sneakyone on Thu 22 Jul 2010, 2:59 pm

Hi,

That thing on startup is malware, probably what windows defender deleted and now it is missing so it notifies you on startup.

Please download exeHelper from one of the two links.
Link 1
Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

==========

After you have done this, please try to run ComboFix again.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Infected with Antivir Solution Pro

Post by Sponsored content Today at 9:47 pm


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum