5 Replies Latest reply on Mar 6, 2011 7:17 PM by Hayton

    Trouble with virus and AntiVirus Monitor program

      Tonight I have been getting messages that my computer is being attached by trojan viruses and then I get a pop up ad to purchase and install the Antivirus monitor program.  Does anyone know what is going on?

        • 1. Trouble with virus and AntiVirus Monitor program
          Hayton

          Sounds like a fake anti-virus program. Which one is it?

          • 2. Trouble with virus and AntiVirus Monitor program
            Hayton

            Apologies. This is a new one, but it's the same old trick of trying to scare you into paying for "protection". The standard method for getting rid of these is to run Malwarebytes. This fake AV program is so new that it may not yet be detected by Malwarebytes, but they're pretty quick to issue updates, so download it from here and check for updates, then run in Windows and let us know if gets rid of the problem.

             

            At the moment we don't know if this one has any special features, so you may need to run it again later, with any other removal tools that are necessary.

            • 3. Trouble with virus and AntiVirus Monitor program
              techrumy

              Yes, the GUI is new, but the rogue is pretty much the same as AntiVira Av https://community.mcafee.com/thread/32655

               

              Antivirus Monitor description and removal instructions:

               

              http://www.bleepingcomputer.com/virus-removal/remove-antivirus-monitor

               

              http://deletemalware.blogspot.com/2011/03/how-to-remove-antivirus-monitor.html

               

              I also got this message from a twitter user: "F8 START IN DEBUG MODE, THEN CHOOSE TO USE A PREVIOUS RESTORE POINT! THAT'S THE ONLY THING THAT WORKED FOR ME ON A WIN7!"

               

              I hope this helps. Good luck!

              • 4. Trouble with virus and AntiVirus Monitor program

                This is what I had to do on my system:

                1. Turn on the computer in Safe Mode.  When booting up, continuously tap the F8 key until the system stops booting and displays the options to boot in Safe Mode.
                2. Complete the boot up process in Safe Mode.
                3. Click Start – Run – and enter Regedit to edit the registry
                4. Make the changes to the following keys

                 

                    HKEY_CURRENT_USER\Software\<random>                      Look for any entries that are not part of your standard antivirus programs and delete these keys, e.g. Antimalware GO

                HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer

                                \Download "RunInvalidSignatures" = '1'                                 Should be 0

                                \Download "CheckExeSignatures" = 'no'                               Should be yes

                                \PhishingFilter "Enabled" = '0'                                                    Should be 1

                HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion

                                \Internet Settings "ProxyOverride" = ''                                          Delete this entry

                                \Internet Settings "ProxyServer" = '127.0.0.1:33554'                Delete this entry

                                \Internet Settings "ProxyEnable" = '1'                                           Should be 0

                                \Policies\Associations "LowRiskFileTypes" = '.exe'                 Delete this entry

                                \Run "<random>"                            Note the location of any unknown exe files and then

                                                                                                delete these entries.                                    

                HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

                                \Uninstall\  "<random>"                               Delete any entries for valid antivirus software

                                \RUN  "<random>"                         Note the location of any unknown exe files and then

                                                                                                delete these entries. 

                 

                1. Exit Regedit
                2. Open My Computer
                3. For Window 2000 or Windows XP    
                  1. Go to  C:\Documents and Settings\<Profile Name>
                  2. Click on Tools – Folder Options – View Tab
                  3. Ensure that “Show hidden files and folders is selected.”
                  4. Uncheck “Hide extensions for known file types”  This allows you to see the .exe file names
                  5. Select the subfolder \Local Settings\Temp
                  6. Delete all files and folders unless you know these are valid files
                  7. Select the subfolder \Application Data\
                  8. Find the directory of the Run files your removed from the Registry in step 4
                  9. Delete these exe files and any directory associated only with that file.
                4. For Windows Vista or Windows 7
                  1. Go to  C:\Users\<Profile Name>\AppData\Local\
                  2. Select the subfolder \Temp
                  3. Delete all files and folders unless you know these are valid files
                  4. Find the directory of the Run files your removed from the Registry in step 4
                  5. Delete these exe files and any directory associated only with that file.

                 

                1. Reboot your computer in Normal mode.  System should work correctly.
                • 5. Trouble with virus and AntiVirus Monitor program
                  Hayton

                  Moved from Home & Home Office to Security Awarenenss (Home User Assistance)