1 2 3 4 Previous Next 33 Replies Latest reply on May 16, 2010 10:57 PM by Jobo_the_Hobo

    Cure for "Antivirus Soft?"

      February 2, 2010--I somehow contracted "Antivirus Soft". It appears to have been attached to a .pdf attachment to an email sent to me via my Comcast account.  The sender does not have the problem that I do, and others have apparently been able to open his mail without the same problem.  I have read several of the articles about this insidious spyware, but being a bit of a "non-techie" I do freeze at the thought of editing my computer's registry.  There are several sites that have been recommended as having a possible solution, but I can't access them to download it because "Antivirus Soft" has taken over my Internet access, and only allows me to go to the sites it decides I need to see--one of them being theirs from which I can buy their so called antivirus and antispyware software.  I do run McAfee on my computer, and it indicted that it had detected and eradicated the problem, but it was mistaken.  In addition, it appears that Antivirus Soft has the ability to disable McAfee.

       

      Regrettably, I do not have any back-up discs--I just store copies of my critical files on a thumb drive.  Serves me right, as I do know  better!

       

      Has anyone out there had the same problem and been able to correct it?  Fortunately I have an alternative computer so that I can access this site, but right now I'm not feeling too good about this situation.  Wonder if these guys ever thought about doing something constructive, positive and caring with their obvious talents!

        • 1. Re: Cure for "Antivirus Soft?"
          Peter M

          Just noticed this so moved it to the correct area.   You should still be able to get Internet acess in "Safe Mode with Networking" - reached by tapping F8 repeatedly while booting up.

           

          This link gives excellent removal instructions.  Scroll down the page as those first links you see are adverts.

           

          http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft

           

          You should save the Malwarebytes download to your desktop, rename it in case the infection doesn't like it.    You should update it before running.  It will also run in Safe Mode if necessary.

           

          Follow the instructions on that link.

          • 2. Re: Cure for "Antivirus Soft?"
            techrumy

            Hi,

            I just had the unfortunate happen and have spent the last 5 hours getting rid of a really annoying virus called Antivirus Soft. I got infected right after visiting Facebook. I found a website with detailed instructions on getting rid of it. It worked perfectly and so I wanted to share it, just in case. http://deletemalware.blogspot.com/2010/01/how-to-remove-antivirus-soft-fake.html

            • 3. Re: Cure for "Antivirus Soft?"
              Peter M

              Glad it helped.

              • 4. Re: Cure for "Antivirus Soft?"

                Ex-Brit came though.  I used his advice, and it took about 2 hours to clear up the Antivirus Soft malware.  Now, let's see if I can be smarter next time!  It seems as though the fact that I have Adobe reader 7.0 may have contributed to the ease with which this item attached itself to my computer.  I'll be upgrading that.  One thing that was interesting--when i was able to boot up in normal mode again, McAfee had been "turned off"--an easy fix, but it shows the power of these rogue programs that they can actually turn off the very items that are supposed to protect you.

                 

                Dick

                • 5. Re: Cure for "Antivirus Soft?"
                  Peter M

                  It's amazing what some of these things can do.  Glad you are over it.  Yes Adobe Reader is now at 9.3, you should also check your version of Flash and Shockwave players while at the Adobe site.   Next go to Java.com and make sure that is also up to date.

                  • 6. Re: Cure for "Antivirus Soft?"

                    While updating my mother's computer I got a rogue antivirus (pro) window which began "scanning" immediately.  I could not access task manager because I got and "error" message when I tried.  The red M in the systray DID NOT HAVE AN X OVER IT and I was not told it was "turned off".  I tried to open McAfee from the systray and it opened and warned me that the firewall, antivirus protection, scripblocking, everything was off!  So I turned off the computer with the power button and rebooted to safe mode.  McAfee would not FIX even in safe mode.

                    I then opened the Registery Editor and wrote down the entries I found under RUN in all keys.  Here's what it indicated on C drive:

                     

                    1) an executable file named JBUKSFTAV.exe inside a folder named ybvblw located here: c/documents and settings/myNAME/local settings/application

                        data/ybvblw. (I am sure these letters are interchangable and will be different on other machines).

                    2) the registry entry bchouqbr under HKLM in RUN (which gave me the location of the exe file)

                    3) it put a checkmark beside "RUN A PROXY" under lan setting which I do not need.  This prevented me from accessing the internet if the page

                        needed http, ftp or https to run, to keep me from researching this rogue.

                     

                    Once I removed these manually and rebooted to normal windows I was able to access McAfee and it was restored to working, I could access the internet and task manager normally.

                     

                    Yesterday while using my own computer I noticed that the red M in systray had an X over it but when I opened it and clicked FIX, its corrected itself.

                    Now I am wondering if I prevented this problem on my own machine yesterday. We live in different cities.

                     

                    I this normal that this rogue antivirus JUNK and turn off McAfee????  That just doesnt seem right, but I see others have said the same thing.

                    • 7. Re: Cure for "Antivirus Soft?"
                      Peter M

                      In your case it looks like you got a slightly different problem but you probably licked it.   The removal instructions for that on the web are here.

                       

                      Scroll down the page as the first links are all adverts.

                       

                      Yes these things can get in through the best protection, no matter what brand.   Some can even disable protection.

                       

                       

                      Message was edited by: Ex_Brit on 18/02/10 7:07:10 EST AM
                      • 8. Re: Cure for "Antivirus Soft?"

                        First of all, the people who dream up things like "Antivirus Soft" should all be lined up and shot!  I'm so sick and tired of wasting my time screwing around with someone's idea of a joke, that continues to perpetuate a multimillion dollar industry like a game of "cat and mouse" all at the expense of business productivity... grrrrrrrr....

                         

                        I've also tried windows defender, hijackthis, superantispyware as well as spyware doctor.  All to no avail.  I've read on the symantec website where their flagship products (SAV10 & SEP11) aren't catching (much less removing) this virus.

                         

                        Having said that, I've tried the repair method suggested here... and it worked!  I would point out a couple of broad strokes for people to remember:

                         

                        1. Safe mode with networking

                        2. Disable proxy server settings

                        3. Download, install and run RKILL (it should stop about 5 processes)

                        4. Download Malwarebytes and RENAME THE INSTALLER (I used iexplore.exe, I don't know if it is essential to rename the file, but I tried it once already without renaming the install file and it found NO malware)

                        5. Install Malwarebytes using all the default settings. (It should update the definition files by default, but if it doesn't, run the update before scanning the system.)

                        6. Run the COMPLETE system scan, not the QUICK scan. (Quick note, my scan ran almost completely through without detecting anything, then in the final seconds it found 6 infections which was able to remove... whew...)

                        7. Remove the selected infections (I immediately delete them from the quarantined sections as well)

                         

                        Thank you for your help Ex_Brit... much appreciated.

                         

                         

                        on 2/23/10 6:28:41 PM CST

                         

                         

                        on 2/23/10 6:30:12 PM CST
                        • 9. Re: Cure for "Antivirus Soft?"
                          Peter M

                          You're welcome.

                          1 2 3 4 Previous Next