Unremovable Antivirus 2010

Reprotected
Posts: 458
Joined: Tue May 27, 2008 9:18 pm

Unremovable Antivirus 2010

Post by Reprotected » Mon Nov 22, 2010 11:06 pm

I have a very big issue with a rogue software. My father somehow installed Antivirus 2010 on my PC, and no matter what, even following Bleeping Computer's guide of removing Antivirus 2010 (http://www.bleepingcomputer.com/virus-removal/remove-antivirus-2010), this ransomware is just non-deletable and it's 100 times stronger than anything else I have faced in my life. This is IMPOSSIBLE to destroy; it locks up MalwareBytes, crashes it when I unlock MalwareBytes through CMD+cacls and re-scan with it, destroys EVERY tool unimaginable like Spyware Terminator and FreeFixer, and even a successful ESET online scan and a partial SUPERAntiSpyware scan and removal (SUPERAntiSpyware crashes in registry scans), it just won't be destroyed. If you have anything, please help.

P.S.
System Restore is dead. I removed Antivirus 2010 off of Add-or-Remove Programs, and I have removed rogue software before.

Guest

Hello please download and

Post by Guest » Mon Nov 22, 2010 11:47 pm

Hello
please download and install HitMan Pro
http://www.surfright.nl/en/hitmanpro (30 days fully working free trial)

how to use it on an infected system

http://hitmanpro.wordpress.com/2010/03/16/hitman-pro-in-force-breach-mode/

The development team introduced a “Force Breach” mode for Hitman Pro. Hold down the left CTRL-key when you start Hitman Pro and all non-essential processes are terminated, including the malware process


Try also

http://www.softpedia.com/get/Antivirus/Remove-Fake-Antivirus.shtml

(freeware)


Should any of the above mentioned methods fail, download Avira Rescue System

Code: Select all

http://dlpro.antivir.com/package/rescue_system/common/en/rescue_system-common-en.iso[

Burn it into a CD, reboot, enter the BIOS and set it to start from CD/DVD device.
Follow the steps to clean your computer

I hope it helps



jeff134
Posts: 171
Joined: Fri Nov 05, 2010 12:42 am

Any ideas where the

Post by jeff134 » Tue Nov 23, 2010 2:38 am

Any ideas where the infection originated from?

Guest

Safe Mode?

Post by Guest » Tue Nov 23, 2010 2:48 am

Can you access safe mode with networking? Press F8 repeatedly when booting up and choose safe mode with networking. If you can do that, then it should be relatively easy to remove... just download the specified removal tools and run them.

Edit: Added more explanation

Keavs
Posts: 533
Joined: Fri Nov 12, 2010 8:38 pm

That thing is all over.... I

Post by Keavs » Tue Nov 23, 2010 3:51 am

That thing is all over.... I have seen it a lot of sites. One of my kids picked it up when it gives the "you have malware on your machine, click here to scan" crap. It usually pops up on exit from a page.

Hitman pro got it right away. Norton couldn't even find it.

Reprotected
Posts: 458
Joined: Tue May 27, 2008 9:18 pm

Safe Mode = Dead

Post by Reprotected » Tue Nov 23, 2010 4:08 am

I'll be trying Hitman Pro, but unfortunately for Safe Mode, it's locked up tight. Even with CMD -> cacls "c:\program files\malwarebytes' anti-malware\mbam.exe" /G Everyone:F doesn't work (locks up after I start a scan).

Reprotected
Posts: 458
Joined: Tue May 27, 2008 9:18 pm

Thank you

Post by Reprotected » Tue Nov 23, 2010 4:08 am

I''ll give this a try :)

Reprotected
Posts: 458
Joined: Tue May 27, 2008 9:18 pm

Fail

Post by Reprotected » Tue Nov 23, 2010 4:10 am

The ransomware is too smart. Didn't work.

Guest

@ Reprotected

Post by Guest » Tue Nov 23, 2010 4:36 am

try SARDU v 2

http://www.sarducd.it/

SARDU (short for Shardana Antivirus Rescue Disk Utility) is a free software application that can produce a CD / DVD or a USB device with multi-boot support.

The CD/DVD or USB device may include comprehensive collections of antivirus rescue cds, collections of utilities, popular distributions of Linux Live, and the best known Windows PE © and recovery disks.



[url=https://www.mywot.com'http://img203.imageshack.us/i/antivirusfullusb.jpg/' t='_blank']Image[/url]

Uploaded with [url=https://www.mywot.com'http://imageshack.us' t='_blank']ImageShack.us[/url]

Keavs
Posts: 533
Joined: Fri Nov 12, 2010 8:38 pm

Files and dlls associated with antivirus2010

Post by Keavs » Tue Nov 23, 2010 4:51 am

Don't know if this will help you out or not. I found this from when I had it....

Associated files:

AV2010.exe
AV2010Installer[1].exe
wingamma.exe
svchost.exe
IEDefender.dll
AV2010[2].exe
QW2010i.exe
QW2010.exe
104656.exe
AntiVirus Studio 2010.exe
djpyqvvi.dll
load.exe
msnsjidv.dll
ouictmop.dll
securitycenter.exe
taskmgr.dll
Antivirus-Golden.exe
Antivirusgold 4.1.exe
Antivirusgolden 3.8.exe
Antivirusgolden 4.0.exe
AntivirusGolden.exe

Dlls implanted

IEDefender.dll
djpyqvvi.dll
msnsjidv.dll
ouictmop.dll
taskmgr.dll

Processes in task manager
AV2010.exe
AV2010Installer[1].exe
wingamma.exe
svchost.exe
AV2010[2].exe
QW2010i.exe
QW2010.exe
104656.exe
AntiVirus Studio 2010.exe
load.exe
securitycenter.exe
SearchSettingsProtection.exe
Antivirus-Golden.exe
Antivirusgold 4.1.exe
Antivirusgolden 3.8.exe
Antivirusgolden 4.0.exe
AntivirusGolden.exe

Registry Entries:

Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}
AppID\IEDefender.DLL
{FC8A493F-D236-4653-9A03-2BF4FD94F643}
IEDefender.IEDefenderBHO
IEDefender.IEDefenderBHO.1
{7BC7565C-5062-43CE-8797-DC2C271140A9}
{705FD64B-2B7B-4856-9337-44CA1DA86849}
AV2010
Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\AV2010
RUNNING PROGRAM\AV2010.exe
RUNNING PROGRAM\QW2010.exe
{9CB00F85-D96F-1C82-F5A4-A31D57D6528D}
{9F9B502D-9C70-E6CC-2892-FA153A3CFF5E}
AntivirusGolden 4.1
AntivirusGolden 4.0
AntivirusGolden 3.8
Antivirus-Golden

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests