|
| Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free! |
"Antivirus 2008"
|
Original Message
|
Name: Piotrb
Date: June 5, 2008 at 20:24:05 Pacific
Subject: "Antivirus 2008"OS: Windows XPCPU/Ram: AMD Athlon xp 2800+, 1GB |
Comment: Hey guys, My dad recently downloaded what I am to understand is a spyware program that pretends to be an anti virus program and claims you have trojans, and then it says you need to buy now! You might have heard of it, it is called Antivirus 2008. I panicked, not know what it was so I believed it, but luckily I realized quickly that it was phoney and I never gave out any credit card info etc. I went online to see what I could do and a number of websites claimed you could get rid of it by modifying your registry keys and locating certains files that you had to delete. I didn't trust deleting some of them so I kept them, but eventually I did a system restore anyway. It's gone as far as I can see, but is there any way to know for sure if I'm safe? Please help me.
Report Offensive Message For Removal
|
|
Response Number 1
|
Name: btk1w1
Date: June 5, 2008 at 20:44:57 Pacific
|
Reply: (edit)Do an online scan with Kaspersky Click here to go to Kaspersky Online Scanner Please be patient with the online scan as they can take a while to complete. 1.Click on "Kaspersky Online Scanner".
2.You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
3.The program will launch and then begin downloading the latest definition files.
4.Once the files have been downloaded click on "NEXT".
5.Now click on "Scan Settings".
6.In the scan settings make that the following are selected:
7.Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
8.Scan Options:
Scan Archives
Scan Mail Bases
9.Click OK.
10.Under select a target to scan, select "My Computer". The program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Upon completion, click on the "Save as Text" button.
Save the file to your desktop. If you have any trouble reading the log or find there are entries you are unsure of feel free to post the log back here.
 Report Offensive Follow Up For Removal
|
|
Response Number 2
|
Name: Piotrb
Date: June 6, 2008 at 09:43:47 Pacific
|
Reply: (edit)Hey, I got the results and here are the things I am not sure of!
All of these showed up as apparant Trojans, they appear to be the same result repeated over, except for the first one C:\System Volume Information\_restore{23271AF4-2610-4B66-8355-DF6D47D87EB8}\RP51\A0010561.exe Infected: not-a-virus:AdWare.Win32.DealHelper.ah skipped
C:\System Volume Information\_restore{23271AF4-2610-4B66-8355-DF6D47D87EB8}\RP88\A0017938.exe Infected: Trojan-Downloader.Win32.FraudLoad.axq skipped
C:\System Volume Information\_restore{23271AF4-2610-4B66-8355-DF6D47D87EB8}\RP88\A0017939.exe Infected: Trojan-Downloader.Win32.FraudLoad.axq skipped
C:\System Volume Information\_restore{23271AF4-2610-4B66-8355-DF6D47D87EB8}\RP88\A0017940.exe Infected: Trojan-Downloader.Win32.FraudLoad.axq skipped
C:\System Volume Information\_restore{23271AF4-2610-4B66-8355-DF6D47D87EB8}\RP88\A0017941.exe Infected: Trojan-Downloader.Win32.FraudLoad.axq skipped
C:\System Volume Information\_restore{23271AF4-2610-4B66-8355-DF6D47D87EB8}\RP88\A0017942.exe Infected: Trojan-Downloader.Win32.FraudLoad.axp skipped
C:\System Volume Information\_restore{23271AF4-2610-4B66-8355-DF6D47D87EB8}\RP88\A0017945.exe Infected: Trojan-Downloader.Win32.FraudLoad.axp skipped
C:\System Volume Information\_restore{23271AF4-2610-4B66-8355-DF6D47D87EB8}\RP90\A0017985.exe Infected: Trojan-Downloader.Win32.FraudLoad.axp skipped
C:\System Volume Information\_restore{23271AF4-2610-4B66-8355-DF6D47D87EB8}\RP90\A0017986.exe Infected: Trojan-Downloader.Win32.FraudLoad.axp skipped
C:\System Volume Information\_restore{23271AF4-2610-4B66-8355-DF6D47D87EB8}\RP90\A0017987.exe Infected: Trojan-Downloader.Win32.FraudLoad.axq skipped
C:\System Volume Information\_restore{23271AF4-2610-4B66-8355-DF6D47D87EB8}\RP90\A0017988.exe Infected: Trojan-Downloader.Win32.FraudLoad.axq skipped
C:\System Volume Information\_restore{23271AF4-2610-4B66-8355-DF6D47D87EB8}\RP90\A0017989.exe Infected: Trojan-Downloader.Win32.FraudLoad.axq skipped
C:\System Volume Information\_restore{23271AF4-2610-4B66-8355-DF6D47D87EB8}\RP90\A0017990.exe Infected: Trojan-Downloader.Win32.FraudLoad.axq skipped It also listed these various "object locked" in my windows folder, but they all seem to be legitimate windows files C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-20021102}.CDF Object is locked skipped
Report Offensive Follow Up For Removal
|
|
Response Number 3
|
Name: btk1w1
Date: June 6, 2008 at 10:24:28 Pacific
|
Reply: (edit)The news is really good, from what you have shown of the list, the only infections are on a restore point. The trojan has written itself to the latest one. It is important the restore points are flushed as malware can creep back into the system. Click on "Start" > "All Programs" > "Accessories" > "System Tools" > "System Restore". Click on "System Restore Settings", on the left and put a tick in "Turn off System Restore", when prompted click "Yes" then reboot the pc. When the PC has booted up go back and turn system restore back on. Turning the system restore off and back on again will delete all old restore points and create a fresh one.
Report Offensive Follow Up For Removal
|
Post Locked
This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
Go to Security and Virus Forum Home
|
|
|
