WiredWX Hobby Weather ToolsLog in

 


descriptionInfected with Antivir Solution Pro EmptyInfected with Antivir Solution Pro

more_horiz
Hey guys!

Would like to firstly say thanks for looking at my post and (hopefully) having the time to reply. Really appreciate it!

I have recieved the 'Antivir Solution Pro' trojan/virus. I could not access any program; Internet, Windows Defender, CCleaner... ANYTHING! So I went on my mothers laptop and found many sites that recommended entering safe mode with network capabilities. I have, and am currently on the infected laptop typing this post.

Many sites suggest downloading Spyware Doctor, but as I do not own a credit card and my mother does not trust entering details online, I have had to resort to doing it manually! (Unless there are free programs about I don't know about?)

I tried to follow this sites way of manually removing it (http://www.411-spyware.com/remove-antivir-solution-pro) but just got waaay to scared when it came to deleting the registry bits. I deleted the 'files' section, and am quite comfortable I deleted the right one. The only other thing I deleted was the 'HKEY_CURRENT_USER\Software\avSofT' in the registry folder, but it was named like 'AVSolutions' instead of 'avSofT'. Once again I am quite comfortable. But then I am having troubles deciding what are all the others, so this is as far as I went and the only files I deleted.

I am currently running a Windows Defender full system scan over night, so I shall see how that goes.

I have tried to help you by downloading the 'OTL' but it says access denied?

EDIT: Am currently running Vista Business

~~Icetrash

descriptionInfected with Antivir Solution Pro EmptyRe: Infected with Antivir Solution Pro

more_horiz
Hi, Welcome to GeekPolice.net! Smile...

Geekstogo is down due to a URL injection attack that is why you are unable to download OTL.


Please download ComboFix Infected with Antivir Solution Pro Combofix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.





descriptionInfected with Antivir Solution Pro EmptyRe: Infected with Antivir Solution Pro

more_horiz
ComboFix seemed to cause more trouble. I couldn't get it to work it kept popping up with a message that it is not a Win32 application. Then it said 'Access Denied'

Anyway, Windows Defender deleted the virus (or so it said...) I am currently in Normal Mode typing on the infected computer. But there still are some symptoms:

- When on startup comes up with a messge ' "Run DLL" Error loading C:\Users\User\AppData\Local\kerct8.dll'. This has never come up before

- Overall slowness to the computer

~~Icetrash

descriptionInfected with Antivir Solution Pro EmptyRe: Infected with Antivir Solution Pro

more_horiz
Hi, Smile...

That thing on startup is malware, probably what windows defender deleted and now it is missing so it notifies you on startup.

Please download exeHelper from one of the two links.
Link 1
Link 2

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

==========

After you have done this, please try to run ComboFix again.

descriptionInfected with Antivir Solution Pro EmptyRe: Infected with Antivir Solution Pro

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum