I have been infected with Internet AV 2011

Hewlett-packard / Ra917aa-abu m7580.uk
December 26, 2010 at 08:09:34
Specs: Windows XP Sp3, 2.8 ghz/512 ram
Managed to get rid of it (I think) with Malware Bytes but still seems slow, some unwated pop-ups appear and I can't access my email (Sky)

Mike


See More: I have been infected with Internet AV 2011

Report •


#1
December 27, 2010 at 17:45:15
Did you use the latest version 1.50.1 of Malwarebytes & update before scanning?

Report •

#2
December 27, 2010 at 22:18:36
You did remove it but it was not completely removed, some files of it may be lurking there in your pc thats why you get unwanted popups.
Internet AV 2011, also known as Internet Antivirus 2011 is a bogus program. It is a fake virus and its not so easy to get rid of it. You should check this manual removal tutorial
http://www.techvts.com/internet-ant...
and manually remove and make sure no component of internet av 2011 is existing in your computer

Happy Virus Free Computing(.net)
Virus Removal tutorials and Softwares


Report •

#3
December 28, 2010 at 07:33:35
Thanks for your replies, I did use the latest MWB version and have also scanned in safe mode since (nothing found). I will follow your advice to try and remove it all.

Thanks

Mike


Report •

Related Solutions

#4
December 28, 2010 at 09:00:00
you may want to use combofix:
http://www.bleepingcomputer.com/com...
follow the guide and you should be fine.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#5
December 30, 2010 at 12:42:45
Thanks to you both, especially Mr XP who has helped me before. The Combo Fix log is shown below. Any comments would be welcomed. Thank You

ComboFix 10-12-30.01 - Wendy 30/12/2010 19:30:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.1085 [GMT 0:00]
Running from: c:\users\Wendy\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\cid.tmp
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\CLSV.dll
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\CLSV.tmp
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.drv
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\delfile.exe
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\delfile.tmp
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\energy.sys
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\fan.sys
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\FS.sys
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\FW.sys
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\gid.drv
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\grid.dll
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\pal.exe
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\PE.sys
c:\users\Wendy\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-30 )))))))))))))))))))))))))))))))
.

2010-12-30 19:49 . 2010-12-30 19:51 -------- d-----w- c:\users\Wendy\AppData\Local\temp
2010-12-30 19:49 . 2010-12-30 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-30 18:12 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{173BC344-7AC0-4B78-BB25-230BE5712AA7}\mpengine.dll
2010-12-23 14:45 . 2010-12-23 14:45 -------- d-----w- c:\users\Wendy\AppData\Roaming\Malwarebytes
2010-12-23 14:45 . 2010-12-20 18:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-23 14:44 . 2010-12-23 14:44 -------- d-----w- c:\programdata\Malwarebytes
2010-12-23 14:44 . 2010-12-20 18:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-23 14:44 . 2010-12-23 14:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-22 16:13 . 2010-12-22 16:13 -------- d-sh--w- c:\programdata\IABTPV
2010-12-22 16:09 . 2010-12-23 14:28 -------- d-sh--w- c:\programdata\0293ea
2010-12-15 11:55 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-15 11:55 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 11:55 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 11:55 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 11:55 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 11:55 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 11:55 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 11:55 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 11:55 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-15 11:55 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 11:55 . 2010-10-28 15:44 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 11:55 . 2010-10-28 13:27 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 11:55 . 2010-06-16 15:30 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-12-15 11:54 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-12 18:53 . 2010-05-22 15:24 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-10 04:33 . 2009-11-05 15:37 6273872 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-10-19 20:51 . 2009-10-03 08:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-28 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-01 185896]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-5-21 50688]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [2010-10-03 59240]
S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-02-26 390528]
S1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [2010-10-03 34792]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-10-03 169320]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 PCDSRVC{E9D79540-57D5953E-06020101}_0;PCDSRVC{E9D79540-57D5953E-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc.pkms [2010-11-18 21744]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 13:06]

2010-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 13:06]

2010-12-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2010-11-18 15:13]

2010-12-30 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\pcdrcui.exe [2010-11-18 15:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com/
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-30 19:51
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{E9D79540-57D5953E-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-30 20:29:18
ComboFix-quarantined-files.txt 2010-12-30 20:28

Pre-Run: 76,090,302,464 bytes free
Post-Run: 76,017,623,040 bytes free

- - End Of File - - 0CCD9B9BAAF24DC14D04A165168BD0E3

Mike


Report •

#6
December 30, 2010 at 13:27:42
ComboFix has done it's job, did you do this & reboot.

Start > Run, Copy and Paste > ComboFix /uninstall and click OK.

How is your comp now?


Report •

#7
December 31, 2010 at 03:05:57
Yes, many thanks. All seems to be working okay now

Mike


Report •

#8
December 31, 2010 at 09:41:50
Thanks for the feedback Mike

Report •

#9
April 2, 2011 at 19:13:00
This keeps popping up on my screen
pcdrcui.exc - Windows\microsoft.net\framework64\mscoreei.dll could not be loaded

There is no PC dr program in my programs.

How do I get rid of this? I think it is a virus.
I have already run a malwarebytes


Report •

#10
April 2, 2011 at 20:44:05
comet, you are welcome, posting back helps others who may encounter the same problem.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#11
April 3, 2011 at 17:14:56
"pcdrcui.exc - Windows\microsoft.net\framework64\mscoreei.dll could not be loaded"

pcdrcui.exc

http://tinyurl.com/3usmeu3

alid1216, It belongs to PC-Doctor.


Report •


Ask Question