Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Virus issues.

  1. #1
    RetroSteve! My location

    Stephen Coates's Avatar
    Join Date
    Mar 2003
    Location
    Rotherham
    Posts
    2,187
    Downloads
    0
    Uploads
    0

    Virus issues.

    Has anyone here had any issues with a 'virus' called 'Antivirus 2010'?

    My Dad's computer seems to have this. It was causing the requester shown in the screenshot. Of course, it was 'imideatly' obvious to me that it was not caused by Windows or the McAffee antivirus which came with the computer back in 2005.

    secalert.jpg

    I uninstalled it using the 'Add/remove' programmes control panel, but I'm not sure if that got rid of it. When using the old version of Firefox 1.x which I installed years ago, some links on the Google search page went to other pages, and the system doesn't log off/shutdown (or at least, it doesn't for me). These issues could be caused by other things though.

    I also removed the old McAffee and installed Avast, but Avast refuses to do anything, as shown in the screenshot. Not sure why.

    avast2.jpg

    Just wondering if anyone had any ideas. Next time I go I will run Malwarebytes and see if that does anything.

    This was slightly concerning as my Dad almost lost several thousand pounds through online banking fraud. Fortunately he checked the account on the date the transaction was made and canceled it, so he didn't loose anything.

  2. #2
    For those who dare! ClassicWB dev
    VIP
    Forum Mod
    Chopper Challenge Champion, The Collector Champion, BombJack Arcade Champion, Turkey Shoot Champion, Paintballing - Assault Champion, Tower 13 - Adventures In Body Saving Champion, Himalayaya Champion, Sea Dogs Champion, Yeti Sports 1- Long Shot Version Champion, Operation Switchover Champion Bloodwych's Avatar
    Join Date
    Dec 2004
    Posts
    601
    Downloads
    0
    Uploads
    0
    Hi Stepahn - I know this horrible pest well!

    This virus has been around for quite a while (about a year) in different names, infection paths and slightly different signatures, to keep ahead of virus checkers. My brothers friend got it on his laptop, and it took me a few hours of cursing and reading the internet to get rid of it. At the time, maleware bytes, spyware monitors, windows defender etc didn't recognise it. I hate being "the computer guy" everyone comes to for help - I get all the sh*t.

    It's a nasty bugger - it adds itself to various startup locations in the registry, including attaching itself to internet explorer or another browser to re-infect too. It also takes over *.EXE file execution, so you can't run virus checkers to remove it. It can be manually cleaned however - it's actual infection files usually resides in the User folders and has been dropped and executed in their via a Java exploit.

    I got rid of it by running a program that kills all startup items (search for rkill.exe) and dodgy processes, then ran a script that returned the *.EXE files back to normal in the registry. Did all this in safe mode I think. Then I searched the registry and hard drive for the infected files. The one I had was called AVE.EXE, but it can be named different and the dropper file (the one responsible for downloading and re-infecting your PC) will have a random name, probably in the Sun Java folders if I remember rightly in my case but it may have been modified to infect differently. You can find the randomly named dropper file by searching for a file with a creation date the same as the AVE.EXE (or other common virus name it comes under) file.

    I'm trying to remember back a year ago, so it's probably easier just to link you to my anandtech post when it was all fresh and to keep the facts straight: http://forums.anandtech.com/showthread.php?t=2067277 (read my second post down for more detail).

    Sounds complicated, but I'd imagine there are auto cleaners out now that will do all this for you. Just suggest doing a search and read about AVE.EXE and RKILL.exe to get you on the right track if other programs fail. Good luck.
    Live Long and Procrastinate
    A500 Batman Pack
    Classic Workbench

  3. #3
    Retro Addict Administrator
    My location

    Burger Time Champion, Sonic Champion Harrison's Avatar
    Join Date
    Dec 2002
    Location
    UK
    Posts
    16,654
    Blog Entries
    1
    Downloads
    6
    Uploads
    14
    I recommend finding a scanner that can be self booted to check the drive, rather than one you run from inside windows. That will stop any system files being locked and able to be scanned or cleaned by a scanner. Download the latest version of HiRens 11.1 Boot disc as that has a load of scanners on the disc that can be booted directly into.

    If you haven't played a classic game in years, it's never too late to start!


  4. #4
    Burn! Hot Blooded Rhythm Soul! Staff Moderator
    My location

    J T's Avatar
    Join Date
    Jan 2003
    Location
    'STRAYA (since 2010)
    Posts
    2,054
    Downloads
    1
    Uploads
    0
    Format the drive, burn down the house, salt the ashes, take off and nuke the site from orbit.

    It's the only way to be sure.

  5. #5
    RetroSteve! My location

    Stephen Coates's Avatar
    Join Date
    Mar 2003
    Location
    Rotherham
    Posts
    2,187
    Downloads
    0
    Uploads
    0
    Quote Originally Posted by J T View Post
    Format the drive, burn down the house, salt the ashes, take off and nuke the site from orbit.

    It's the only way to be sure.
    That would probably do the trick, but reinstalling Windows afterwards might be rather difficult.

  6. #6
    Retro Addict Administrator
    My location

    Burger Time Champion, Sonic Champion Harrison's Avatar
    Join Date
    Dec 2002
    Location
    UK
    Posts
    16,654
    Blog Entries
    1
    Downloads
    6
    Uploads
    14
    It is true that you need to locate the source of the virus, otherwise you might have it on a backup, or something you downloaded, and even reinstalling the OS you might reintroduce the virus again from one of these. A full scan of the existing system is recommended.

    But a clean install is really the only and best way when infected badly to ensure all system files are clean.

    If you haven't played a classic game in years, it's never too late to start!


  7. #7
    RetroSteve! My location

    Stephen Coates's Avatar
    Join Date
    Mar 2003
    Location
    Rotherham
    Posts
    2,187
    Downloads
    0
    Uploads
    0
    I've installed Windows XP Home Edition from the CD which Dell included with the computer, updated it to Service Pack 3, installed all the device drivers, and am currently installing some useful programmes using Ninite.

  8. #8
    C64 addict Staff Moderator
    My location

    Demon Cleaner's Avatar
    Join Date
    Dec 2002
    Location
    Phobos
    Posts
    7,664
    Downloads
    7
    Uploads
    88
    Glad to read that you're using Ninite

  9. #9
    Burn! Hot Blooded Rhythm Soul! Staff Moderator
    My location

    J T's Avatar
    Join Date
    Jan 2003
    Location
    'STRAYA (since 2010)
    Posts
    2,054
    Downloads
    1
    Uploads
    0
    Ninite does look useful. I'd not heard of that before.

  10. #10
    Retro Addict Administrator
    My location

    Burger Time Champion, Sonic Champion Harrison's Avatar
    Join Date
    Dec 2002
    Location
    UK
    Posts
    16,654
    Blog Entries
    1
    Downloads
    6
    Uploads
    14
    I also used Ninite when i installed Win 7 recently on my main PC. Definitely speeds up installing a load of commonly used utilities and programs.

    If you haven't played a classic game in years, it's never too late to start!


Similar Threads

  1. PCMCIA Issues
    By StuKeith in forum Hardware
    Replies: 5
    Last Post: 11th March 2010, 18:01
  2. what (free) anti-virus (PC) are you using now?
    By Tiago in forum PC - Windows, Linux, Mac
    Replies: 8
    Last Post: 15th May 2008, 22:56
  3. Anti Virus software
    By softlad in forum Amiga
    Replies: 34
    Last Post: 16th December 2007, 23:25
  4. The origin of Virus
    By Harrison in forum Games
    Replies: 1
    Last Post: 10th October 2007, 11:10

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Copyright classicamiga.com