• Fur Affinity Forums are governed by Fur Affinity's Rules and Policies. Links and additional information can be accessed in the Site Information Forum.

Antivirus Soft help

Taasla

Taasla

C:
Last night my SO got infected by Antivirus Soft, and we found this site to help us. Unfortunately, Spyware Doctor isn't free. We'll have to pay them money just to recover our machine.

This isn't the variant that doesn't allow you to boot into safe mode, so we're good on that front. I just need to know an alternative method to kill this sucker. I've been told to try Malware bytes, but some people have told me that it sometimes doesn't work against this thing.

I'm not experienced enough to go rooting around and deleting things manually.
 
ToeClaws

ToeClaws

PEBKAC exterminator
Malwarebytes is definitely a good choice for the low-level stuff that might already be on the system. It's used quite frequently here at the university as a scrubber for such things. You may also want to try Spybots Search and Destroy suite (which is free) which is also a great low-level worm tool. Both are available for download on Majorgeeks.com.
 
ArielMT

ArielMT

'Net Help Desk
http://www.malwarebytes.org/

Download the free version of Malwarebytes' Anti-Malware (MBAM), install it, and let it update and run. (The download mirrors I know of are CNet Download.com and Major Geeks.)

If MBAM won't download or run in normal mode, reboot into "Safe Mode with Networking." Reboot, and just after POST (the first screen) finishes, press the F8 key as if it were the F5 key and FA went down, until gives a text menu asking how you want Windows to start. Use the arrow keys to move the highlight bar, and press Enter when "Safe Mode with Networking" is selected. Then try downloading and running MBAM again.

Once a scan gives a clean bill of health, either fix up or reinstall Avast.
 
ArielMT

ArielMT

'Net Help Desk
I

Issashu

Guest
For me Malwarebytes and Microsoft Security Essentials are doing great job so far.
A good way of cleaning the PC would be a bootable antivirus CD. Kaspersky had something like that for free download. You burn the image on a CD and boot it, the program will update the AV definitions and scan/clean the PC with no windows running.

Majorgeeks website (as stated earlier) is a great place to find solutions too :)
 
Runefox

Runefox

Kitsune of the PC Master Race
I don't recommend Spyware Doctor.

Echoing Malwarebytes' Anti-Malware. Spybot can perform additional cleanup, but more than likely will not be as effective out of the gate. In any event, it's not a good idea to rely on any single program when cleaning this kind of thing, because automated cleanups rarely get the whole thing (even Malwarebytes misses bits and pieces, but usually manages to get enough of it that the rest of the cleanup is a snap).

Which version of Avast are you using? 4.x or 5.x? 4.x has a blue system tray icon, while 5.x has an orange one. 4.x is older, and offers less protection. Also, if you're using a 32-bit version of Windows, you can use Avast's Boot-time Scan feature, which will scan for and remove threats before Windows even loads (unfortunately not available on 64-bit systems yet). This can help get rid of it rather nicely.

If none of that works, then there's a couple of industrial-strength choices you can use. Combofix is a powerful utility that automatically scans for and removes a range of malware, and gets in pretty deep. It has anti-rootkit ability (as does MBAM), so it's likely that it can remove or at least detect whatever's hooked in. Close all programs before running, and don't touch the computer while it's going. When it's done, it'll give you a log of what it found and what it did.

Another one you can try is GMER, which is a dedicated anti-rootkit program. In general, if something shows up in red, first disable it, then reboot, scan again and delete it. Disabling first ensures that it isn't running next time Windows starts - Deleting outright can either fail or be undone if it's still running. There are instructions on the website for removal in any case.
 
Melo

Melo

Oh, **** you.
I've had Antivirus Soft infect my brother's pc as well as a co-workers.

Malwarebytes cleaned it off both times.
 
S

Slyck

New Member
1. Download Knoppix (click there) and burn the ISO file to a blank cd. You can use Active@ISO burner for this. Note that the download for Knoppix might start ar 10kb/s or less but it WILL rev up (to around 200kb/s). The server must be throttled. (I'm using a 4mb/s connection)

2a. Pop the CD in the drive. Reboot your comp. You might need to force it to boot from the CD. To do this, go into the BIOS and set 'boot from CD-ROM' as the number one boot priority.

2b. Knoppix (it's a linux distro) will boot off the CD as if the CD is your hard drive. It will make no changes to your computer. On the Knoppix bootup screen, press enter. You'll know when you get this screen.

3. In Knoppix, open up your hard drive. You should be able to find it. It's the folder with all the same files and folders as your C: drive in Windows. Delete these files:

For Vista and 7:

Replace '%UserProfile%' with 'Users\(Your Username)\'
Replace '(Your Username)' with, well, just guess.
Replace '<random>' with a random string of characters like 'cf8dbkd' or 'fkf3gd' or something.


%UserProfile%\AppData\Local\<random>\
%UserProfile%\AppData\Local\<random>\<random>sysguard.exe
%UserProfile%\AppData\Local\<random>\<random>sftav.exe

For XP:

Replace '%UserProfile%' with 'Documents and Settings\(Your Username)\'
Replace '(Your Username)' with, well, just guess.
Replace '<random>' with a random string of characters like 'cf8dbkd' or 'fkf3gd' or something.

%UserProfile%\Local Settings\Application Data\<random>\
%UserProfile%\Local Settings\Application Data\<random>\<random>sysguard.exe
%UserProfile%\Local Settings\Application Data\<random>\<random>sftav.exe

Now boot back in windows and delete these registry entries:

For any version of Windows:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "<random>"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "<random>"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""

HKEY_CURRENT_USER\Software\avsoft

I've got infected with the 'AntiSpyware Soft' variant, and so did two of my clients. (I repair computers for a living.) I just used a slightly modified version of this procedure and it worked all three times.

I guess you could use a automated removal program, but you never know if the job is complete.
 
Last edited:
Taasla

Taasla

C:
Shaui said:
Linux, the best anti virus software V:

but seriously, use something free like avast.
Click to expand...

Avast was running and updated when we were hit. :p It was absolutely useless. (Yes, it was the one with the blue shield, so it looks like I'll have to bug him to update it.)

Thanks guys, using some of the stuff in this thread, I managed to get Antisoft off. It was a royal pain in the ass, but we're good to go now. I have no idea how my fiance got it in the first place, but he's not as anal about security as I am.
 
Last edited:
A

auzbuzzard

Member
I wonder which free anti-virus for mac is nice and decent.
 
Janglur

Janglur

Active Member
AVG, Avast, and Kaspersky seem to be the go-to guys.

Only use Norton/Symantec and McAfee if you don't value your data, don't care if it slows your PC to a crawl, and don't intend to ever actually get a virus, because they won't help if you do.
 
A

auzbuzzard

Member
Nollix said:
BUT MACS DON'T GET VIRUSES AND THEY JUST WORK *smug grin*
durp
Click to expand...

But it's very easy to make a mac virus. Every mac users can juts compile a .app and make someone else run it. Then poof! You can go to the "genius bar" again.
 
ArielMT

ArielMT

'Net Help Desk
A

auzbuzzard

Member
Nollix said:
Do they have sarcasm in China?
Click to expand...

No. I've eaten all of it.

ArielMT said:
Beijing banned it when the UK's lease expired.
Click to expand...

One country two system. That's why people here love potitics. Especially when June 4 is coming.

Did you see the news? Protests of showing the Goddess statue in Causeway Bay. And people are fighting for 2012 universal sufferage.

Wait, this thread is about antivirus right?
 
You must log in or register to reply here.
Top