The Evil Antivirus 2009

By mail ·
Has anyone found a good way to finally get this darn thing off?

Dealing with a Dell Optipex 755, with XP running on it.

I have disabled it from auto start up using msconfig.

I have also deleted the folder it created in my Program Files.

However it is still blocking all of my antivirus from going to their sited to update their software.

I've tried AVG, Trend Micro, and Macafee. Any Ideas?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Several tricks to killing this sort of thing....

by robo_dev In reply to The Evil Antivirus 2009

Many of these buggers install themselves as kernel-mode drivers. Therefore the only way to delete them is to:

Once you identify the DLL or other file(s) you need to delete, boot into Windows recovery console and delete the files at the console prompt.

Otherwise, Windows will give you a 'file in use' error and you cannot delete them. (You can also do this by booting with an alternate OS, such as a Linux live CD of some sort).

Next, reboot into safe mode, and run your AV software to get the virus-related entries out of the registry and whererver else they are (BHOs in browser, win.ini, etc).

Some forum discussions have indicated that the 'combofix' utility is effective against what you got, though combofix sometimes cannot fix everything.

Personally, using Windows System Restore to go back to a pre-infected state does work very well. You can spend many hours battling some of these stealthy badware apps. Ask me about vundo or virtumonde....ughhh.

It's pretty common to get rid of the malware, only to have internet access still not work properly. Sometimes it helps to do a TCP/IP stack reset, and sometimes it does not.

netsh int ip reset c:\resetlog.txt

Sometimes you just gotta reinstall the OS, sad to say.

Collapse -

Have you tried...

by Octopus_CO In reply to The Evil Antivirus 2009

Have you tried either SpyBot Search and Destroy or Malware Bytes Anti-Malware? I've had success using both freeware titles for removal

Collapse -

Thanks for the help.

by mail In reply to Have you tried...

Thank you everyone for your help. I'm going to head into the office Sunday night and give it a shot. I'll fill everyone in. You guys rock.

Collapse -

Use the directions here to delete this nasty

by OH Smeg In reply to The Evil Antivirus 2009
Collapse -

Smitfraud fix

by Snuffy09 In reply to The Evil Antivirus 2009

Smitfrad fix was made for removing this program and others like it.

I have removed this Virus about 5 times now from different workstations. each time gets a lil easier.

1. download/install smitfraud fix. Reboot in safe mode. run smitfraud
2. download/install hijack this. remove any related problems
3. run you collection of spybot/ad-ware programs to make sure your 100% clean

Collapse -

Thanks for the help.

by mail In reply to Smitfraud fix

Are these freeware? You rock.

Collapse -


by Snuffy09 In reply to Thanks for the help.

Yep, they are free

Collapse -


by DMambo In reply to The Evil Antivirus 2009

MalwareBytes Anti-malware. Boot to safe mode with networking, load and update Malwarebytes and let 'er rip. After it's done, run your standard anti-spyware and anti-virus software.

Collapse -

This worked for me

by L-Mo In reply to Malwarebytes

I've cleaaned several machines using the Malwarebytes tool. I started seeing it maybe 5 months ago.

What stinks about any infection is the residual effects and/or remnants.

When possible I like re-imaging. Fresh starts are cool. :)

Collapse -

A bit more info

by Jacky Howe In reply to The Evil Antivirus 2009

Removing malware from System Restore points <br>
To remove the malware, you must first disable System Restore, then scan the system with up-to-date antivirus software - allowing it to clean, delete, or quarantine any viruses found. After the system has been disinfected, you may then re-enable System Restore. The steps for disabling System Restore vary, depending on whether the default Start Menu or the Classic Start Menu is being used.
Default Start Menu <br>
If using the default Start Menu, click Start | Control Panel | Performance and Maintenance | System. Select the System Restore tab and check "Turn off System Restore".
Classic Start Menu <br>
If using the Classic Start Menu, click Start | Settings | Control Panel and double-click the System icon. Select the System Restore tab and check "Turn off System Restore".
After scanning the system and removing the offending malware, re-enable System Restore by repeating the steps, this time removing the check from "Turn off System Restore".
Click Start, Run type msconfig and press Enter.
Now if you have the Configuration Utility open. <br>
Configure selective startup options<br>
In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.<br>
Click to clear the Process SYSTEM.INI File check box.<br>
Click to clear the Process WIN.INI File check box.<br>
Click to clear the Load Startup Items check box. Verify that Load System Services and Use Original BOOT.INI are checked.<br>
Click the Services tab.<br>
Click to select the Hide All Microsoft Services check box.<br>
Click Disable All, and then click OK.<br>
When you are prompted, save the settings and restart the PC.<br><br>
Download Malwarebytes Anti-Malware, install it and update it.

* Double-click mbam-setup.exe and follow the prompts to install the program.<br>
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.<br>
* If an update is found, it will download and install the latest version.<br>
* Once the program has loaded, select Perform Quick Scan, then click Scan.<br>
* When the scan is complete, click OK, then Show Results to view the results.<br>
* Be sure that everything is checked, and click Remove Selected.<br>
I would keep scanning with it until it is clean by closing out and rebooting and running it again.
Just to be on the safe side when you finish do an online scan with Bitdefender. Or Google for an online scanner.
If you can't access the internet to update MBAM try the instructions below to clear a path to the internet to be able to run MBAM.
From another PC download and install Spybot, update it and copy the the installed folders to a USB Stick.
Restart the PC in Safe Mode, navigate to the USB stick and run Spybot.
Download Spybot - Search & Destroy and install it. Update it.
With the new strains of Virus that have been created you may find it necessary to rename the executable files so that they will work. Rename mbam-setup.exe and then navigate to the install folder and rename mbam.exe. Do not change the files extension from .exe. Do the same with Spybot.
If you are not successful check out this link.
Also run this Rootkit Revealer GMer

Related Discussions

Related Forums