Real Geek Forums

Real Geek Forums (http://www.realgeek.com/forums/index.php)
-   Windows Vista Security (http://www.realgeek.com/forums/windows-vista-security-19/)
-   -   Complete Antivirus 2008 Removal (http://www.realgeek.com/forums/complete-antivirus-2008-removal-234331.html)

RLund 06-21-2008 01:40 PM

Complete Antivirus 2008 Removal
 
A few days ago, the Antivirus 2008 pop-up appeared on my friend's new
computer. It stated that he had 41 infections. HIs access to the internet
was blocked, as well.
In order to remove them, he had to pay for the service.
After a bit of research, I discovered that it was a scam and attempted to
remove it from his computer, via standard means (control panel, programs and
features, uninstall). It appeared that some files were removed, but some
were left behind. Those that remained still indicated that he had 41
infections and blocked his access to the internet, by indicating that the
websites posed a threat.
I found this community and the instructions for removing Antivirus 2008,
through http://www.bleepingcomputer.com/malw...antivirus-2008. I
carefully followed the instructions and ran the scan...to no avail. The
program didn't find the Antivirus 2008 or any infections, for that matter.
Unfortunately, the problem remains.
I thought that it might work to restore the computer to a time prior to the
arrival of the Antivirus 2008 pop-up and then follow the removal
instructions. When I restored it to a restore point from May, I could not
get on the internet (the error message indicated that we were not connected
to the internet. After an hour with the Roadrunner support people, we
determined that their signal to the computer was strong and that the modem
was working; but apparently the TCI/IP(?) was damaged by the restore and
needed to be re-installed). Out of desperation, I restored the computer back
to a restore point from yesterday. Now, he can connect to the internet
again, but the Antivirus still states that the websites (any of them) pose a
threat and prevents him from going any further.
Does anyone have any ideas on how I can thoroughly remove this malicious
program and restore his computer's functionality?
Thanks, in advance.

--
RLund

Malke 06-21-2008 02:01 PM

Re: Complete Antivirus 2008 Removal
 
RLund wrote:
Quote:

> A few days ago, the Antivirus 2008 pop-up appeared on my friend's new
> computer. It stated that he had 41 infections. HIs access to the internet
> was blocked, as well.
> In order to remove them, he had to pay for the service.
> After a bit of research, I discovered that it was a scam and attempted to
> remove it from his computer, via standard means (control panel, programs
> and
> features, uninstall). It appeared that some files were removed, but some
> were left behind. Those that remained still indicated that he had 41
> infections and blocked his access to the internet, by indicating that the
> websites posed a threat.
> I found this community and the instructions for removing Antivirus 2008,
> through http://www.bleepingcomputer.com/malw...antivirus-2008. I
> carefully followed the instructions and ran the scan...to no avail. The
(much snippage)

First have your friend back up his data to external media Just In Case. Then
have him go back to BleepingComputer (or one of the other specialty forums
listed below in no particular order), register, read the posting FAQ, and
post to get guided help. PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

http://www.bleepingcomputer.com/foru...howtutorial=42 - another
tutorial
http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
the stickies *first*.
http://www.atribune.org/forums/index.php?showforum=9
http://aumha.net/viewforum.php?f=30
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/...splay.php?f=25
http://www.geekstogo.com/forum/Malwa..._Here-f37.html
http://gladiator-antivirus.com/forum...?showforum=170
http://spywarewarrior.com/viewforum.php?f=5
http://forums.techguy.org/54-security/
http://forums.tomcoyote.org/

Malke
--
MS-MVP
Elephant Boy Computers
www.elephantboycomputers.com
Don't Panic!

GTS 06-21-2008 04:28 PM

Re: Complete Antivirus 2008 Removal
 
It's likely you have multiple infections, so by all means, follow Malke's
advice for a total clean up. I would also specifically suggest you download
and run the free version of SuperAntiSpyware from
http://www.superantispyware.com/ I've had some luck with it against the
Antivirus 2008 infection in a few service cases.

If there is a connectivity problem again after the malware cleanup, try
running the following command in an elevated command prompt >Netsh Winsock
Reset

Once fixed, disable and then re-enable System Restore to clear infection
items from the SR repository.
--

"RLund" <RLund@discussions.microsoft.com> wrote in message
news:41B97919-413F-4486-986E-70B3415253B9@microsoft.com...
Quote:

>A few days ago, the Antivirus 2008 pop-up appeared on my friend's new
> computer. It stated that he had 41 infections. HIs access to the internet
> was blocked, as well.
> In order to remove them, he had to pay for the service.
> After a bit of research, I discovered that it was a scam and attempted to
> remove it from his computer, via standard means (control panel, programs
> and
> features, uninstall). It appeared that some files were removed, but some
> were left behind. Those that remained still indicated that he had 41
> infections and blocked his access to the internet, by indicating that the
> websites posed a threat.
> I found this community and the instructions for removing Antivirus 2008,
> through http://www.bleepingcomputer.com/malw...antivirus-2008. I
> carefully followed the instructions and ran the scan...to no avail. The
> program didn't find the Antivirus 2008 or any infections, for that matter.
> Unfortunately, the problem remains.
> I thought that it might work to restore the computer to a time prior to
> the
> arrival of the Antivirus 2008 pop-up and then follow the removal
> instructions. When I restored it to a restore point from May, I could not
> get on the internet (the error message indicated that we were not
> connected
> to the internet. After an hour with the Roadrunner support people, we
> determined that their signal to the computer was strong and that the modem
> was working; but apparently the TCI/IP(?) was damaged by the restore and
> needed to be re-installed). Out of desperation, I restored the computer
> back
> to a restore point from yesterday. Now, he can connect to the internet
> again, but the Antivirus still states that the websites (any of them) pose
> a
> threat and prevents him from going any further.
> Does anyone have any ideas on how I can thoroughly remove this malicious
> program and restore his computer's functionality?
> Thanks, in advance.
>
> --
> RLund


Mick Murphy 06-22-2008 03:44 AM

RE: Complete Antivirus 2008 Removal
 
Use Spybot Search & Destroy in Safe Mode.
All instructions below.
http://www.spybot.info/en/index.html

Spybot Search & Destroy 1.5.2 is a very good, FREE Anti-Spyware Program.
Download, install, update, and immunize your System with it.
Then SCAN with it.
Update it, and scan your System once a fortnight.

Important re: Safe Mode
If you happen to find a problem that you can’t uninstall / delete, reboot
the computer, and go into Safe Mode.
To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
key to get to Safe Mode, then hit ENTER.
RESCAN your computer with Spybot S & D while in Safe Mode.

--
Mick Murphy - Qld - Australia


"RLund" wrote:
Quote:

> A few days ago, the Antivirus 2008 pop-up appeared on my friend's new
> computer. It stated that he had 41 infections. HIs access to the internet
> was blocked, as well.
> In order to remove them, he had to pay for the service.
> After a bit of research, I discovered that it was a scam and attempted to
> remove it from his computer, via standard means (control panel, programs and
> features, uninstall). It appeared that some files were removed, but some
> were left behind. Those that remained still indicated that he had 41
> infections and blocked his access to the internet, by indicating that the
> websites posed a threat.
> I found this community and the instructions for removing Antivirus 2008,
> through http://www.bleepingcomputer.com/malw...antivirus-2008. I
> carefully followed the instructions and ran the scan...to no avail. The
> program didn't find the Antivirus 2008 or any infections, for that matter.
> Unfortunately, the problem remains.
> I thought that it might work to restore the computer to a time prior to the
> arrival of the Antivirus 2008 pop-up and then follow the removal
> instructions. When I restored it to a restore point from May, I could not
> get on the internet (the error message indicated that we were not connected
> to the internet. After an hour with the Roadrunner support people, we
> determined that their signal to the computer was strong and that the modem
> was working; but apparently the TCI/IP(?) was damaged by the restore and
> needed to be re-installed). Out of desperation, I restored the computer back
> to a restore point from yesterday. Now, he can connect to the internet
> again, but the Antivirus still states that the websites (any of them) pose a
> threat and prevents him from going any further.
> Does anyone have any ideas on how I can thoroughly remove this malicious
> program and restore his computer's functionality?
> Thanks, in advance.
>
> --
> RLund

Steve Thackery 06-22-2008 10:30 AM

Re: Complete Antivirus 2008 Removal
 
By far the best thing you can do is copy your data files to an external hard
disk, and then reformat your hard disk and reinstall from scratch. It's not
such a big deal - allow half a day.

SteveT



All times are GMT. The time now is 11:07 AM.

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright © 2005 - 2007 RealGeek.com. All rights reserved.