Just noticed this so moved it to the correct area. You should still be able to get Internet acess in "Safe Mode with Networking" - reached by tapping F8 repeatedly while booting up.
This link gives excellent removal instructions. Scroll down the page as those first links you see are adverts.
You should save the Malwarebytes download to your desktop, rename it in case the infection doesn't like it. You should update it before running. It will also run in Safe Mode if necessary.
Follow the instructions on that link.
I just had the unfortunate happen and have spent the last 5 hours getting rid of a really annoying virus called Antivirus Soft. I got infected right after visiting Facebook. I found a website with detailed instructions on getting rid of it. It worked perfectly and so I wanted to share it, just in case. http://deletemalware.blogspot.com/2010/01/how-to-remove-antivirus-soft-fake.html
Glad it helped.
Ex-Brit came though. I used his advice, and it took about 2 hours to clear up the Antivirus Soft malware. Now, let's see if I can be smarter next time! It seems as though the fact that I have Adobe reader 7.0 may have contributed to the ease with which this item attached itself to my computer. I'll be upgrading that. One thing that was interesting--when i was able to boot up in normal mode again, McAfee had been "turned off"--an easy fix, but it shows the power of these rogue programs that they can actually turn off the very items that are supposed to protect you.
It's amazing what some of these things can do. Glad you are over it. Yes Adobe Reader is now at 9.3, you should also check your version of Flash and Shockwave players while at the Adobe site. Next go to Java.com and make sure that is also up to date.
While updating my mother's computer I got a rogue antivirus (pro) window which began "scanning" immediately. I could not access task manager because I got and "error" message when I tried. The red M in the systray DID NOT HAVE AN X OVER IT and I was not told it was "turned off". I tried to open McAfee from the systray and it opened and warned me that the firewall, antivirus protection, scripblocking, everything was off! So I turned off the computer with the power button and rebooted to safe mode. McAfee would not FIX even in safe mode.
I then opened the Registery Editor and wrote down the entries I found under RUN in all keys. Here's what it indicated on C drive:
1) an executable file named JBUKSFTAV.exe inside a folder named ybvblw located here: c/documents and settings/myNAME/local settings/application
data/ybvblw. (I am sure these letters are interchangable and will be different on other machines).
2) the registry entry bchouqbr under HKLM in RUN (which gave me the location of the exe file)
3) it put a checkmark beside "RUN A PROXY" under lan setting which I do not need. This prevented me from accessing the internet if the page
needed http, ftp or https to run, to keep me from researching this rogue.
Once I removed these manually and rebooted to normal windows I was able to access McAfee and it was restored to working, I could access the internet and task manager normally.
Yesterday while using my own computer I noticed that the red M in systray had an X over it but when I opened it and clicked FIX, its corrected itself.
Now I am wondering if I prevented this problem on my own machine yesterday. We live in different cities.
I this normal that this rogue antivirus JUNK and turn off McAfee???? That just doesnt seem right, but I see others have said the same thing.
In your case it looks like you got a slightly different problem but you probably licked it. The removal instructions for that on the web are here.
Scroll down the page as the first links are all adverts.
Yes these things can get in through the best protection, no matter what brand. Some can even disable protection.
First of all, the people who dream up things like "Antivirus Soft" should all be lined up and shot! I'm so sick and tired of wasting my time screwing around with someone's idea of a joke, that continues to perpetuate a multimillion dollar industry like a game of "cat and mouse" all at the expense of business productivity... grrrrrrrr....
I've also tried windows defender, hijackthis, superantispyware as well as spyware doctor. All to no avail. I've read on the symantec website where their flagship products (SAV10 & SEP11) aren't catching (much less removing) this virus.
Having said that, I've tried the repair method suggested here... and it worked! I would point out a couple of broad strokes for people to remember:
1. Safe mode with networking
2. Disable proxy server settings
3. Download, install and run RKILL (it should stop about 5 processes)
4. Download Malwarebytes and RENAME THE INSTALLER (I used iexplore.exe, I don't know if it is essential to rename the file, but I tried it once already without renaming the install file and it found NO malware)
5. Install Malwarebytes using all the default settings. (It should update the definition files by default, but if it doesn't, run the update before scanning the system.)
6. Run the COMPLETE system scan, not the QUICK scan. (Quick note, my scan ran almost completely through without detecting anything, then in the final seconds it found 6 infections which was able to remove... whew...)
7. Remove the selected infections (I immediately delete them from the quarantined sections as well)
Thank you for your help Ex_Brit... much appreciated.
on 2/23/10 6:28:41 PM CST