Results 1 to 13 of 13
  1. #1
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Arkansas
    Posts
    952
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Infected with Antivirus 2008 pro

    A friend with a DELL running Windows XP Home has gotten infected with ANTIVIRUS 2008 PRO. When the system starts up, he gets notifications from PRIVACY PROTECTOR, ERROR CLEANER and other malware that he should purchase the full versions so he can get rid of all of these viruses etc. He is infected with lots of trojan horses. Once the system starts, we can not access the Control Panel to even try to remove the malware software. Also we can not access Windows Explorer to try to backup his documents, pictures, email addresses etc. I have started the system in safe mode with no change to the above. Is there anyway to get to Control Panel or Windows Explorer? Thanks for any and all help.

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Infected with Antivirus 2008 pro

    If you use Start > Run > explorer.exe <Enter> can you start Windows Explorer that way? If not, it might have been renamed or deleted.

    Have you found any cleanup instructions on the web? Perhaps they include some kind of alternate startup that will not run the malware.

  3. #3
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Arkansas
    Posts
    952
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Infected with Antivirus 2008 pro

    The RUN command is not available. When I click on START - all that shows is Internet Explorer, Outlook Express, Antivirus 2008 PRO, Adobe Reader, AVG 7.5 (which I am running a scan with as I type this - it has already found 37 threats) and SET PROGRAM ACCESS and DEFAULTS. There is no RUN command, no ALL PROGRAMS, no CONTROL PANEL, etc.

    From what I have read, the best thing to do is to format the hard drive and reload all programs. But I would like to try to backup his documents, pictures, etc. But without access to them, not sure that is possible.

    Oh yes, I tried to access the TASK MANAGER, I get a message that "it has been disabled by your administrator".

  4. #4
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,572
    Thanks
    5
    Thanked 1,057 Times in 926 Posts

    Re: Infected with Antivirus 2008 pro

    Have you tried booting as the builtin administrator? See How to log in as Administrator on any XP machine : Christopher Null : Yahoo! Tech.

    Joe
    Joe

  5. #5
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Infected with Antivirus 2008 pro

    The Windows key + E also should open Windows Explorer, but perhaps that has been removed as well. What a nasty piece of work.

  6. #6
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Arkansas
    Posts
    952
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Infected with Antivirus 2008 pro

    This ANTIVIRUS2008 is one nasty malware. My friend decided to have me simply format the HD and reload everything without worrying about backing up his files, addresses, etc. So that is where I am - thanks for the help.

  7. #7
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Infected with Antivirus 2008 pro

    Your friend needs the help of the good folks that read the HijackThis logs and help remove this sort of serious infection. There's a QuickStart Tutorial and download link here.

    There is a full tutorial here that will help you understand and read the log files, but you will need to go to the forums for help. There is a quick read, self help site here where you can post your first log and it will parse the log and tell you some of what you need to, and can, remove safely. Then you should create a new log and post it on the HijackThis forum. (It should be noted that HijackThis is a program whose results should only be read by advanced users to determine what to fix. The wrong 'fix' will disable your system !!)

    Follow the posting guidelines with you logs or it will delay the process. These people are very good at what they do, and if you are patient and follow all their instructions (they will have you downloading and running special tools and utilities you have never heard of, but do what they say) you should get your computer back in working order and clean of all infections. HTH <img src=/S/smile.gif border=0 alt=smile width=15 height=15>
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  8. #8
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Infected with Antivirus 2008 pro

    Hope you haven't done the deed yet and take a look at my previous post first. Sorry if it was late, but I had to run down all the links before I could post it.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  9. #9
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Infected with Antivirus 2008 pro

    Okay, I didn't realize you were that far down the road. If you haven't formatted yet, you can get one of those external cases for connecting a drive via USB in order to make a backup using your or someone else's computer. Assuming you trust yourself not to execute anything and infect the other PC!

  10. #10
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Arkansas
    Posts
    952
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Infected with Antivirus 2008 pro

    Hi Doc, thanks for the input but to use HijackThis you need to have access to Windows Explorer and other programs. I have no way to access those programs.

  11. #11
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Arkansas
    Posts
    952
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Infected with Antivirus 2008 pro

    I am familiar with external HD cases but my friend said he had minimal documents and pictures and we had a backup of his address book from February so we just decided to go ahead with the format and reload. As bad as this infection was, I think this was the right decision. Again, thanks for everyone's help and input.

  12. #12
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Infected with Antivirus 2008 pro

    >"to use HijackThis you need to have access to Windows Explorer and other programs."

    That's not necessarily so, if you can access the C drive through My Computer after running a scan (assuming that you can install HijackThis or any other of the utilitilities given the state of corruption at this point) you should be able to remove many of the .dll and .exe files that the malware needs to function. You can even do this by following the lists of things associated with the malware and manually remove many of these things, gradually restoring some of the functionality until you gain the upper hand. The process of cleaning up after as serious an infection as your friend seems to have is tedious and time consuming. But if your friend isn't worried about their data and can live with a rebuild of their system then that is probably the way to go.

    I learned the hard way a few years ago that it pays to have a current image backup of your system if you do any kind of serious work or value your data.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  13. #13
    5 Star Lounger
    Join Date
    Jan 2001
    Location
    Arkansas
    Posts
    952
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Infected with Antivirus 2008 pro

    There was no way to access the C drive - MY COMPUTER was not available, ALL PROGRAMS was not available, RUN was not available. It was really bad. I have read about you guys doing the image backup - at this point, I do a backup of my personal files to an external hard drive but have not done the IMAGE BACKUP. One day I will have to try that.

    Thanks again for your help.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •