Best way to remove Antivirus 20xx variants

Malware & SuperAntiSpyware work well for me,
Make sure to disable from msconfig also, easy to see the name..

Currently at my job we see everyday one of these,
antivirus 2008
antivirus 2009
antivirus 1
antivirus Safe
and Norton 360 lol

good luck on your venture.
 
Nuke it from orbit, it's the only way to be sure.

Although to be fair, by the time I see the systems they are well and truly fucked.
 
Foz2001 said:
Will a few anti virus/spyware etc. pick these up and remove them?
Click to expand...

Yes...just hit it with a shotgun approach. We deal with several per week. Quite a few threads each week about cleaning these.

And...there's a new twist on this..the latest variants hold your My Documents contents encrypted...for "ransom"..pay up 50 bucks and they'll remove the encryption for you. I have a thread started on it with links to the fixes for your Docs folder over in the Networking and Security forum.
 
YeOldeStonecat said:
Yes...just hit it with a shotgun approach. We deal with several per week. Quite a few threads each week about cleaning these.

And...there's a new twist on this..the latest variants hold your My Documents contents encrypted...for "ransom"..pay up 50 bucks and they'll remove the encryption for you. I have a thread started on it with links to the fixes for your Docs folder over in the Networking and Security forum.
Click to expand...

Bastards....

Thanks for the info, much appreciated.

Foz
 
It's recommended to disable system restore before scanning to completely remove the infection. Apparently it can hide there and reintroduce itself.
 
I just cleaned up a laptop with some of that crap.

The laptop only had 256 meg o memory so it took a long time. I had to abort the original av scan cause it was taking too long. Here's what worked the best in the following order.

Download and update Malwarebytes and Avira Antivir.
Turn off system restore.
Reboot in safe mode.
Run malwarebytes, clean.
Run Antivir, clean.
Reboot
Download and update Superantispyware and scan. It found and cleaned up a few remnants the others missed.
Things looked pretty good after that. Turn system restore back on.
 
Again another vote for MalwareBytes, it's the best utility I have used for fixing infected machines... ESPECIALLY Antivirus2009 and it's annoying brothers.
 
I see the Antivirus variants a lot at work, MalwareBytes has worked superb for removing it. I highly encourage anyone to purchase it for the real-time scanning. I remember when the Antivirus virus's first started hitting the scene, and removing it was almost as labor intensive as wiping and reinstalling everything.
 
I removed this from a friend's computer by installing Avast. After the install, you're prompted to reboot and it runs a memory scan before it gets into the operating system. It cleaned-up a bunch of stuff there, and whacked what remained once it got into the OS.

I've never tried MalwareBytes. Prior to installing Avast I tried Spybot S&D and Ad-Aware, but neither got rid of it. AVG anti-virus was already installed and couldn't get rid of it either.
 
another +1 for malware bytes. I used malware bytes to rescue a financial (payroll) employee's PC from being formatted at a university in August last year. took it right out.
 
Does anybody ever even try the product I work on? ;)

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Gotta tell 'em what it is... or can't you do that because of some NDA or whatever? :D
 
Ranma_Sao said:
Does anybody ever even try the product I work on? ;)

This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...

Yes I've mentioned the MRT a few times....I've found it "sometimes" removes two or three things that the others seem to miss. As for running it the first time....as the only removal tool, sorry...I've not had much luck with that...it misses a lot. It just..seems to catch two or three leftovers that the others miss. So I tend to run it as one of the last scans....just in case it sometimes finds a couple of things the others missed. Usually though...it does't find anything if run after the others.

These rogues are releasing new variants 4, 5, 6...even more times per day. The MRT is only updated once a month if I'm correct? How is it supposed to keep up with the rogues?
 
YeOldeStonecat said:
Yes I've mentioned the MRT a few times....I've found it "sometimes" removes two or three things that the others seem to miss. As for running it the first time....as the only removal tool, sorry...I've not had much luck with that...it misses a lot. It just..seems to catch two or three leftovers that the others miss. So I tend to run it as one of the last scans....just in case it sometimes finds a couple of things the others missed. Usually though...it does't find anything if run after the others.

These rogues are releasing new variants 4, 5, 6...even more times per day. The MRT is only updated once a month if I'm correct? How is it supposed to keep up with the rogues?
Click to expand...

The MRT is released once a month. Safety.live.com is updated multiple times a day.

The reason if you run it after other tools, the chances of MRT finding anything go way down due to the "clues" mrt uses to look deeper usually got removed by the other tools...


This posting is provided "AS IS" with no warranties, and confers no rights.
 
Mister Natural said:
I just cleaned up a laptop with some of that crap.

The laptop only had 256 meg o memory so it took a long time. I had to abort the original av scan cause it was taking too long. Here's what worked the best in the following order.

Download and update Malwarebytes and Avira Antivir.
Turn off system restore.
Reboot in safe mode.
Run malwarebytes, clean.
Run Antivir, clean.
Reboot
Download and update Superantispyware and scan. It found and cleaned up a few remnants the others missed.
Things looked pretty good after that. Turn system restore back on.
Click to expand...

I went through this on a buddy's box late last year. He came back to me two weeks later ... the infection was still there somehow...it began to rebuild its forces somehow. I couldn't shake it with MWB and all the other tools and even some manual registry hunting and file deleting.

I had him get his personal files off, I downloaded a torrent of the XP HOME OEM (because neither XP PRO or XP HOME would work), grabbing his legit windows key from his box, and nuking it, and calling Microsoft to reactivate. Ugh.

This was the first disastrous infected computer I couldn't save. I couldn't shake that AV20xx crap, so I had to wipe it. Maybe the tools have gotten better in the months since. Don't feel bad if you have to nuke it.
 
You must log in or register to reply here.
Back
Top