Infected with Antivir Solution Pro

View previous topic View next topic Go down

Infected with Antivir Solution Pro

Post by icetrash on 21st July 2010, 3:23 pm

Hey guys!

Would like to firstly say thanks for looking at my post and (hopefully) having the time to reply. Really appreciate it!

I have recieved the 'Antivir Solution Pro' trojan/virus. I could not access any program; Internet, Windows Defender, CCleaner... ANYTHING! So I went on my mothers laptop and found many sites that recommended entering safe mode with network capabilities. I have, and am currently on the infected laptop typing this post.

Many sites suggest downloading Spyware Doctor, but as I do not own a credit card and my mother does not trust entering details online, I have had to resort to doing it manually! (Unless there are free programs about I don't know about?)

I tried to follow this sites way of manually removing it (http://www.411-spyware.com/remove-antivir-solution-pro) but just got waaay to scared when it came to deleting the registry bits. I deleted the 'files' section, and am quite comfortable I deleted the right one. The only other thing I deleted was the 'HKEY_CURRENT_USER\Software\avSofT' in the registry folder, but it was named like 'AVSolutions' instead of 'avSofT'. Once again I am quite comfortable. But then I am having troubles deciding what are all the others, so this is as far as I went and the only files I deleted.

I am currently running a Windows Defender full system scan over night, so I shall see how that goes.

I have tried to help you by downloading the 'OTL' but it says access denied?

EDIT: Am currently running Vista Business

~~Icetrash

icetrash
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-07-21
OS OS : PC
Points Points : 23328
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with Antivir Solution Pro

Post by Sneakyone on 21st July 2010, 6:43 pm

Hi, Welcome to GeekPolice.net! Smile

Geekstogo is down due to a URL injection attack that is why you are unable to download OTL.


Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.







I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with Antivir Solution Pro

Post by icetrash on 22nd July 2010, 2:50 am

ComboFix seemed to cause more trouble. I couldn't get it to work it kept popping up with a message that it is not a Win32 application. Then it said 'Access Denied'

Anyway, Windows Defender deleted the virus (or so it said...) I am currently in Normal Mode typing on the infected computer. But there still are some symptoms:

- When on startup comes up with a messge ' "Run DLL" Error loading C:\Users\User\AppData\Local\kerct8.dll'. This has never come up before

- Overall slowness to the computer

~~Icetrash

icetrash
Beginner
Beginner

Posts Posts : 2
Joined Joined : 2010-07-21
OS OS : PC
Points Points : 23328
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Infected with Antivir Solution Pro

Post by Sneakyone on 22nd July 2010, 3:59 am

Hi, Smile

That thing on startup is malware, probably what windows defender deleted and now it is missing so it notifies you on startup.

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

==========

After you have done this, please try to run ComboFix again.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56094
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum