1 2 3 Previous Next 114 Replies Latest reply on Dec 27, 2010 11:30 PM by vinoo

    Antivirus Action infection

      My computer has been infected with a program called Antivirus Action which seems to be a lot like "Security Suite" and "Fake Alert".  I managed to get control back of my internet but I don't know how to get rid of the virus.  I did a full scan for Viruses and McAfee didn't find anything.  So I took the advice of Vinoo Thomas and ran "GetSusp".  So can someone help me get rid of this virus or is there a cleaner program that I can use.

       

      Thanks,

      Aaron

        • 1. Re: Antivirus Action infection
          vinoo

          Thanks for the posting the GetSusp logs. The culprit is:

           

          C:\Users\Aaron\AppData\Local\Temp\icijtlhss\fwudqacyhsn.exe
          md5: 6638b3e8e264647748835768332b3729

           

          Try to boot to safe mode and delete this file.

          1 of 1 people found this helpful
          • 2. Re: Antivirus Action infection

            Vinoo - for the un-initiated this is not of great help..

            I too have the virus above - but in replacing "aaron" with my name - I could not find the file..

             

            What is McAfee doing to update the virus protection to eliminate this issue??

             

            Disappointing too that there is NO WAY to access a Customer Service or Technical agent for Ireland - yet we pay the same fee as the rest of Europe..

             

            • 3. Re: Antivirus Action infection

              A string on web provided by Spyware-experts.com suggests a methodology and use of their product to rid my PC of this issue..

              Should I buy this product  - is it safe?

              It would seem that I NEED this product to plug the apparent gap in the McAfee product capability..

              Do I have this right??

               

              Garry

              • 4. Re: Antivirus Action infection

                Hi Opie and garry,If you guys have internet acces you can try this site.IT is a great site for removal.

                http://www.bleepingcomputer.com/virus-removal/remove-antivirus-action  This is the guide on how to remove this virus.

                                                                                                                    Good luck  Newjack

                • 5. Re: Antivirus Action infection

                  Thanks Vinoo for the information.  I have been able to delete this file and the virus seems to have stopped bothering me for now.  Is there any other corrective action that I should be taking.  I read on some other sites that this type of virus makes changes to the registry that you need to undo.  I see some removal tools for some Viruses on the Mcafee website.  Is there one for this Virus?

                   

                  Thanks,

                  Aaron

                  • 6. Re: Antivirus Action infection
                    vinoo

                    @Garry: The folder name under Temp is random. That could be why you could not find the file. Could you run GetSusp on the affected machine and post the logs here please?  Download it from: https://community.mcafee.com/message/148081

                     

                    I'll be able to then help you isolate the culprit.

                     

                    @Aaron: Glad you were able to delete the malware file. The registry changes this Trojan makes are benign without the actual file itself. For example it creates a run key to execute everytime at system startup - without the executable, this key is harmless. Based on reviewing your GetSusp logs and if your system is behaving as normal - there shouldn't be anything to worry about.

                    1 of 1 people found this helpful
                    • 7. Re: Antivirus Action infection

                      Hi Guys i just got infected too while running total protection, how did it slip by mcafee??

                      I was able to disable antivirus action on the process tree but it regenerated this morning.

                      Ran getsusp but what is it i am looking for ???

                      • 8. Re: Antivirus Action infection

                        NewJack..

                        Tried the fix you suggested and  looks like the virus has been deleted..

                        Continued with thecleansing instructions under step 19..

                        Am concerned that I saw 2 files under the C:\windows\system32\drivers\etc\hosts and deleted only one - as I am not a software savvy individual..

                        All looks OK for the moment - I think..

                         

                        Thanks for your help..

                         

                        If it returns - I'll need to get further assistance from Vinoo..

                         

                        Again - thanks

                        • 9. Re: Antivirus Action infection
                          vinoo

                          @godanicus:

                           

                          Please post the Gsusp.zip file that GetSusp created on your machine to this thread - i'll review and let you know if it identified the malware file.

                          1 2 3 Previous Next