Antivirus 360

March 13, 2009 at 23:18:47
Specs: Windows XP, ?
I was called in to remove the Antivirus 360 worm from a computer. I deleted it by a method goiven on a forum, namely (a) stop it under Ctrl+Alt+Del, (b) remove the files and (c) remove the registry entries. The owner tells me it came again, and he simply set his computer to an earlier restore point. Somebody on the forum I mentioned, had done the same thing. It sounds to me that the method hasn't removed anything, only swept it under the carpet.

Am I right?


See More: Antivirus 360

Report •


#1
March 13, 2009 at 23:48:54
laidlaws, a couple of things. First, did the restore do the job? If it did and nothing else seems amiss, I'd leave it alone. Next, yeah, you're probably right about it getting swept under the rug, but hey...
Suspect you're dealing with a Trojan rather than a virus.
Be aware that a virus and a Trojan are similar, but not the same. Many times, an AV detects one it can't clean , other times, it gets missed entirely.
If you need to clean one, Superantispyware can do the job and you can get it free @:
http://www.superantispyware.com/
among other places. They have a Vista compatible version if needed.
If it turns out that you need to use it, be sure to update prior to running and disable 'restore' (restart after cleaning) so it doesn't get put back. They just released a new update recently and it changes all the time. Things are in a constant state of flux.
HTH.
Ed in Texas.

Report •

#2
March 14, 2009 at 01:41:59
Thanks Ed. The worm is officially a Trojan. It is fully described at http://www.bleepingcomputer.com/mal...
although that isn't the forum I got the fix from.

I am not a tech. I am a resident in a Retirement Village. I was in the office when the owner rushed in in a state of panic and blurted out the news. The office staff suggested that I look at it. It is a very aggressive fake internet security suite. Even Google's Home Page was re-written with a statement that he needed to buy this thing. Any attempt to browse the Web succeeded momentarily, then got redirected to about.blank. I went back to my own unit, got the instructions from there, and did what it said.

On a reboot it was gone. IE still had the cached page for Google, so I cleaned out all his browser history, including "history put there by programs" or similar (I run Firefox under Linux,) and refreshed the page. It was clean.

I saw him a couple of days ago and he said it had come back. The original infection apparently came from an e-mail, but he claims that this one didn't. He has AVG antivirus, freeware version, but he had automatic scanning switched off. He won't pay for an upgrade. He simply went to an earlier restore point.

So long as he is happy, I am leaving well alone.

Doug.


Report •

Related Solutions


Ask Question