Antivirus System Pro

I have a client who just recently got his system hijacked by the nasty Antivirus System Pro malware. I could not remove the rogue virus running the normal antivirus software. I ended up removing the program files, DLL files and several registry entries from Windows. What a struggle that was. Here’s some info about the Antivirus System Pro from remove-malware.net.

Antivirus System PRO (aka AntivirusSystem PRO or AntivirusSystemPRO) appears to be the representative of the new generation of rogue anti-spywares. Being a clone of the infamous Spyware Protect 2009 and System Guard 2009 scarewares, Antivirus System PRO inherits its determinative traits; moreover, the hackers have been driving a lot of traffic to the websites promoting it, one of which is Antivirsystem.com.

Antivirus System PRO infiltrates the target computers through illicit browser-hijacking techniques or via Trojans using backdoor tactics to trespass undetected. When inside, Antivirus System PRO freeware will do its best to convince the victim to register its license. For this purpose, Antivirus System PRO usually floods the compromised system with its exaggerated popup alerts that state the PC is badly infected and needs a remedy, i.e. Antivirus System PRO full version which demands payment.

The deceitful effect of Antivirus System PRO pop-ups may he reinforced by its bogus security scanners that emerge out of nowhere and claim to detect more infections on your computer. The ultimate goal of Antivirus System PRO is to brainwash the victim into purchasing its license; if the victim is “stubborn” and refrains from installing the pimped scamware, Antivirus System PRO will attempt disrupting the target system. Therefore, it’s strongly recommended to remove Antivirus System PRO rogue as soon as possible.

In case you run into the same issue, perform the following to remove the annoying Antivirus System Pro malware.

Delete the following files:

  • c:\windows\sysguard.exe
  • c:windows\system32\iehelper.dll.

You may have to boot to the Windows command line to remove these files especially if the DLL file is running in the background.

In addition, you need to remove these registry entries:

  • HKEY_CURRENT_USER\Software\AvScan
  • HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “system tool”

Good luck. It’s an annoying virus if there was one.

68 thoughts on “Antivirus System Pro

  1. I got hooked by could not get my computer to go to any programs two days after I made a contract with them for $49 dollars.I had to do a full system re covery to get rid of it. I still have the credit card charge.

    1. What I had to do was identify the program folder by checking the most recently modified, go into safe mode, and remove it. None of the malware removal tools suggested worked, as this bastard kept not allowing full installation, and I could not find any regedit keys or file and .exe names as labeled in all these self help sites. The file under programs was called something wierd that started with a v (I can’t recall). This thing sucks and took me over an hour to find and kill.

      1. SD, Can you go into more detail about this? I’ve done all the self-help, I’ve got malwarebytes searching and searching and this thing is STILL popping up. I don’t remember how to go into safe mode… And where did you look to find the most recently modified in the program folder?

        Thanks!

        1. Okay, so I went into the C drive, program files, and changed the view tab to most recently modified. As I had just caught this bastard, it was easy to see. I can’t remember the name of the file, but once I opened it, the program had a windows logo and was called something-sysguard. To go into safe mode, you have to restart your system and repeatedly tap F8 while it’s rebooting (make sure you have the f keys enabled). Once there, just delete the file and you should be good. Hope this helps!

          SD

          1. Thanks! I think I got it all but I wasn’t in safemode. Will that make a difference?

            Also, do I need to go and change all my on-line passwords now? Just what does this bug DO besides try to sell you software? I’ve read that it’ll steal passwords but mostly on sites that sell some type of anti- software so I’m not sure what to do now.

        2. If your system is done acting screwy (popups and stuff), you should be good. I don’t think you need to change any passwords, as this thing (to my knowledge) just gives you false positives to sell their piece of crap product. It’s probably a good idea to change your passwords every so often anyway (I do). I had to go into safemode to eliminate it, so I’m surprised you got it clean without, but that’s cool. Peace, man

          SD

  2. hey I was wondering if any of you have tried using any of the automatic
    removers for this program Im a little worried that they will just make things worse

    1. Kurt, I have not used it. I think it’s a scam to get people to buy their products, the main reason I don’t want to purchase their anti-virus program.

  3. I’ve used MBAM (Malwarebytes Anti-Malware) for Antivirus XP 2009 which is similar to Antivirus System Pro. It’s free and it worked!

  4. I’ve used MBAM (Malwarebytes Anti-Malware) for Antivirus XP 2009 which is similar to Antivirus System Pro. It’s free and it worked!

    Same here after your suggestion. The MBAM worked

  5. My computer was infected by the EVIL Antivirus System Pro yesterday…..I tried everything to remove it…no luck. I was going to have to spend $150 to get Geek squad to come fix it and then a miracle happend. My boss told me a very simple solution. Some people may find this difficult because the virus trys to prevent you from doing anything at all on the computer…but just keep clicking.
    First go to Start
    then Accessories
    then Systems restore
    follow the prompts and pick a date before the virus hit..i played safe and selected a month prior.
    keep following the prompts and your computer will reboot…it took my computer about 15 minutes to reset the computer.
    What it does is restores your computer to that specific date (it says you don’t loose information or files but im not sure about that yet ((havent checked))
    As soon as my computer came back on THE VIRUS WAS GONE!!!! I then went on Majorgeeks.com and downloaded a free antivirus protection software.
    My computer has been working perfectly!
    Hope this helps someone!

  6. I have Malwarebites installed. I had it sweep my computer, but it didn’t detect Antivirus System Pro. Now, I’m prevented from opening Malwarebites at all. (The virus claims my Malwarebites is infected).

    I did 3 scans on Avast! Each time, it found the virus and directed me to either put it in a “closet” or delete it. I did both. Didn’t help a damn bit.

    I’m pretty computer illiterate, but will try the solutions suggested here. None of the other sites gave me useful information.

    Thanks

  7. Just had this jerk of a virus on my laptop, and did the system restore, then updated my AVG again. Seems to have worked fine.

  8. Got this virus yesterday, worked with it for about 4 hours. I think I finally got rid of it (i think)

    I ended a processes in task manager(which wouldn’t open up, kept clicking no when it said xxxxx is infected) The process was called vyusysguard or something

    Then i renamed a file called iehelper in system 32
    Then I updated malwarebites and ran a quick scan
    Restarted and walla

    keep clicking No when you get the message tells you
    (xxxx program is infected, do you want to activate your anti-virus program).
    This virus doesn’t let the computer start in safe mode 🙁
    This rogue must be new, older solutions for it didn’t work.

    1. nope i lied…i still have it

      the messages/antivirus system pro alerts stopped
      but my browser is still getting redirected from time to time

  9. Hello. I’ve been screwing around with trying to get rid of this all morning using various self-help sites. I’m really bad with technology.
    But when i tried to delete c:windows\system32\iehelper.dll., it won’t let me, says something about disk not being full and whatnot.

    Also, a lot of the registry entries weren’t there soi don’t know if i got rid of them already or what.

    Help would be super appreciated!

    1. Zach, You need to be either safe mode or from the dos recovery prompt to delete the iehelper.dll file. You can’t delete it if Windows has it loaded.

  10. Oh boy, this just started for me. we had this before and was able to download Malware and it worked. This time, it corrupted Malware and crashed my computer by opening all of these stupid ads & porn sites I mean millions of them. Can’t start in safe mode.

    Here is what I did:

    I rebooted. Waited until everything settled then opened up my taskmgr by hitting control-alt-delete. I clicked on processes and looked for ovysysguard.exe and ended the process. I did a file search for that file and deleted it. So far, it stopped the pop ups. Now I am going to reload malware and hope that works. GOOD LUCK!

    1. I did exactly what you just said, and it worked perfectly. Thank you, thank you thank you. After 2 days of hell (and random porno sites) and the scan not working, I am now free of that stinkin virus. Thank you!!

  11. I have gone through this process several times now. Each time, the icon goes away and the pop-ups stop, but it all comes back when I reboot. How does it keep coming back? Also, I am unable to start in safe mode at all.

  12. I thought I would try the system restore, but it didn’t work either. I have tried three different dates, but each time it says that it was unable to restore, no action has been taken, and to choose another date. Each time I reboot, I end the sysguard process using the task manager, and have tried both deleting and renaming the iehelper.dll file, but every time I reboot it just makes a new one.

    1. Ryan, It looks like you still have the virus. It’s probably attached to a different file than most of us have discussed here. Have you tried the file PP mentioned?

  13. Another variaion put the executable in registery “RUN”
    under local settings\application data\xmngj\
    epuusysguard.exe

    it still loaded the iehelper.dll
    but the trojan replacing it seem to be more random in location now.

    1. This is the variant I got, but we didn’t seem to have the iehelper.dll installed. It could be our antivirus software stopped that ie hijack, but not the AV installation.

      The scary thing here is that while I was remotely working on the infected computer, MY computer got infected. Random chance? I doubt it. Could this trojan be spreading itself virally through a corporate network? This might be something to watch.

  14. So, you need to get your hands on ERD Commander 5 for XP or ERD 6 for Vista. Create the boot disk on another pc. Boot the machine with the disk and launch Standalone Sweeper. It will find and remove most of the pest. Ensure you let the ERD config your NIC Card so you can get the latest virus defs for Sweeper. If this does not completely work reboot and download Spybot. Antivirus System PRO will try to stop you with it’s bogus popups but be persistent and it cannot hijack every thread. Keep trying to launch and install. (I have it done it, it is annoying but keep at it). Once spybot is installed launch and run the scan, it will find it and kill it. Let it reboot and Spybot will alos remove it form the boot order and startup. Then run another scan to be sure once you have rebooted. Look for any of the remnants in the registry or file structure as noted in this thread. It may take a couple of hours but you can beat this evil bastard.

    1. Thanks for sharing how you were able to remove this virus. There are several ways and tools to get rid of it. I’ve also noticed that there are slight variations of the virus. It tends to attach itself to not just one DLL, but several others as noted by many in their comments. Thanks for your invaluable input. The more we talk about the solution, the more we can help people out. Thanks.

  15. okay, I can’t seem to find this attached to my windows or system 32 file, but I have found something called Tybpsysguard in my AppData/Local/Mgnemr which my computer asks me to run every time I turn on my computer….I’m pretty damn sure that that’s my problem, but I want a second opinion, just to make sure…really don’t want to have to re-image AGAIN

    also, if I don’t tell it to NOT run the program, Anti Virus Pro comes on, and won’t allow me to use ANY other program that isn’t vital for the computer’s running including things that I got to get rid of it like MBAM.

    1. That’s the one. I removed that directory and the associated key in the registry and everything appears to be running just fine.

  16. I’ve had this acursed virus three times in the last year, and I’ve noticed that the first tools I used to destroy it didn’t work on the second, and so on. For the third one, I used malware-bites, as was previously suggested. Worked like a charm. Make sure you upgrade it. Also, don’t be fooled by anything your computer says. AVSP is just trying to get you to reboot your computer untill it has full control. Also, remember the two magic words: Safe Mode.

  17. I’ve ran into the same thing lately with a few of my users affected by Antivirus System Pro. Once the user was logged on, I couldnt run Task Manager or MSConfig. I had MBAM installed on the user’s pc, but I would get a popup that mbam.exe was infected also. In the past I have seen this happen with Antivirus Pro 2008 and 2009. I got around it by renaming mbam.exe. The program would run and kill the virus, but this latest one would still not let it run even after the name change.

    After alot of frustration, I finally was able to solve the problem. I relogged the user and immediately went to Start/Run/MSConfig before the virus had time to kick in. I went to Startup and disabled any ###sysguard.exe applications I saw then rebooted. Once the pc came back up, I was able to go to c:\documents and settings\username\local settings\application data\nicl. The ###sysguard.exe program was located in that folder. I deleted the folder and ran MBAM. It found avscan in the registry and removed it.

    I’ve done this successfully on a few pcs. The ###sysguard.exe and the folder where its located always have different names, but they’re easy to identify. I think theres different variations of this particular virus problem, but thats the solution that worked for me. Good luck to anyone else who’s dealing with this headache.

  18. Because they are able to conduct a credit card transaction, can these thieves not be tracked down (follow the money!) and if not killed, at least punished for fraud or somesuch?

  19. I have been infected twice. Like the experiences of some above, the first time Malewarebites took care of it with a full scan.

    The second time has been a disaster–I have tried Spybot freeware (detected but could not remove), and the fix above of going into MSconfig, eliminating sysguard from startup–the folder was named something different in c:\documents and settings\username\local settings\application data\–it was svfvn or something like that.

    Anyway, even with this I could not start Malewarebites. I tried uninstalling and reinstalling. It did not work.

    Spyware Doctor (installed by smuggling it in from another computer on a flash drive) picked a bunch of stuff in a scan (210 infections with the Suurch Trojan and other toxic stuff). I have spent five hours on this–what is $30 at this point? I bought the license on another computer and copied and pasted the license number into the box on the infected computer. The IntelliScan–their quick scan–seemed to work. Now I am doing a full scan. Will report on this when it is done.

    I have dealt with maleware before–this is the nastiest one I have ever encountered.

  20. I need help!!

    I have spent 3 days trying to get rid of this virus. I deleted the sysguard virus (mine happens to be bhwasysguard.exe) from the registery files, in my program files and ended the process in task manager. However, once I reboot my computer is is back!!! Malwarebytes did not detect the virus. I uploaded the new version onto a flash drive from another computer, ran it and this virus was not detected.

    How do I permentaly delete this sysguard virus??

  21. Does anybody know how you GET this virus? When I got it, I only went to two sites that were out of my “norm” Facebook and OKCupid.com

    One of them popped me to a make money online site… I don’t know which one sent me there or even HOW I got there. I don’t remember clicking on it.

    Ideas?

  22. I installed StopZilla. I must admit, it took a few attempts at downloading the software and some persistance, but StopZilla took over and I have not had a problem since. I tried other freebie Malware and they worked temporaily and the virus came back. StopZilla is not free if you want to get the updates, but between all of the irritation and porn sites showing up; it is worth it.

    1. Mitch,

      How long have you had StopZilla installed? As I mention above Spyware Doctor could not kill it entirely for me–I have sent an e-mail to tech support asking for ideas or updates to get rid of this thing. No replies yet.

      Malewarebytes is ineffective, apparently (I am beginning to wonder if Malewarebytes got rid of the original infection entirely for me (I have had this thing twice now)–something may have been left behind that got triggered somehow). Anyway, the new variant attacks Malewarebytes viciously. Spybot did not work. I tried it. And now Spyware Doctor.

      If StopZilla really does get rid of it, permanently, I am sure we would all like to know. Could you keep us posted?

      1. I have had it for four days. It immediately blocks and quarantees it and I am then asked if I wish to remove it entirely. As part of a the first scheduled system scan it cleaned it up as well, and I no longer have the pop ups and disruption of my computer. I would not suggest it prevents any attempt at infecting my computer, but it has blocked all attempts and cleaned up all previous infectons thus far.

        The jury is still out. It has only been four days.

        I had the Malewarebytes and it did a good inital job of stopping the pop-ups, etc. but lasted a few days.

        1. The other thing you should try is to disconnect your computer from the internet when trying to get rid of the virus. The virus may be pulling additional viruses, malware, etc to your computer while you are in the act of cleaning it up. I have no proof of this happening. It’s just a precaution.

  23. Thanks!

    System Restore fixed mine.

    This virus was so damned annoying.
    It disabled my malwarebytes, I couldn’t get to my task manager.

    The pop-ups were also un-movable, and all other screens would be displayed BEHIND them, so I had to read this webpage by shrinking my browser and moving it to a corner of my screen.

    Thanks for the comments section guys.

    1. System Restore is likely a short term fix. As long as Antivirus System Pro is attacking our computers it will pop up again and again. I had thirty instances of attacks on my computer in less than twenty four hours and they were all blocked and quranteed. I had no pop ups or interruptions. Malware that will block it, quarantee it and allow you to remove it is likely the only long term solution.

  24. Thanks Mitch. I have not yet done a system restore yet for that very reason–also once it is done all the software I have loaded will be gone, and I will have to reload it and start anew. I am still working on the problem. A Spybot scan, after several other scans with Spyware Doctor and others, turned up virtumonde files, atr, dll, and sdn. I am researching how to get rid of these, and they are very, very bad. There are special tools for virtumonde, but they should be used in conjunction with other software, at least that is what I read. These are probably the guys responsible for a lot of the random creation of new files and self replicating. I have not found anywhere one single solution. It is one big mess.

    And so it goes.

    I hope a super expert chimes in on this thread–as far as I can tell, even the guys writing the software to get rid of this stuff cannot get it entirely right.

  25. And one more scary thing–after several scans with different software, and fixes, of course, Spyware Doctor picked up a Backdoor.Bifrose program out of nowhere.

    I have control of the computer, no pop-ups or anything, but I no longer connect to the Internet except to update anti-virus/anti-spyware software.

    1. HomerB,

      I am still constantly connected to the internet and I have had no problems whatsoever using StopZilla. I also have McAfee, which I have had all along, but it was too slow to keep the initial infection from occuring. Since I installed StopZilla, no issues. No interruptions.

  26. Thanks Mitch.

    After countless scans with various software, and a lot of research, I have shut my computer down temporarily. It looks like StopZilla does an adequate job of preventing disruptive attacks from proliferating (but, then, how does one really know if a stealth backdoor program gets activated?). Spyware Doctor is somewhat effective in clearing out the obvious and getting the computer operational. But, viruses and spyware still turn up in scans sometimes with various sotfware. Clean one moment. Dirty the next. I have found nothing that can more or less guarantee a complete cleaning–and some of the proposed manual fixes go beyond my technical abilities, without spending hours studying. Anyway, I have some evidence that Anti-Virus Pro, at least the variant I have, embeds virtuemonde viruses in the SVI directory–and these files, according to what I read, will survive a System Restore and remain dormant for indefinite periods of time.

    This experience has really turned me off from Windows. I am now learning Linux and my next computer may very well be a Mac.

    Take care Mitch!

    1. Hi Homer,

      I understand your frustration with Windows. I’ve been a Linux user for many years, although it wasn’t because of Windows viruses. I just wanted to expand my knowledge, in particular, with Linux. I’m glad I made that switch many years ago. I don’t miss Windows at all although I have XP on my netbook. Anyways, good luck with the Antivirus System Pro virus.

    2. HomerB,

      Our next computer will also be a Mac. I will continue to do deep scans as there may be some dormant virus lingering as well.

      Thanks. Mitch

  27. man alive. glad to have two computers. one is infected with this thing. i was doing windows updates, rebooted, noticed this shield in the boot up and thought it was a new security update. it said a “virus” was present and click here. like a doofus i clicked it and all bleep bleep broke loose.

    i rebooted and got taskmgr.exe running before this thing started up again. i stopped all applications. then i restored the sytem to NOV 1

    Windows Updates always freak me out. something just pop ups on your computer and starts changing your system. im certain that someone could replicate this view so that we unsuspectingly update our computers with a plethora of viruses thinking a windows update is running.

    the restore is complete. the computer is running without pop-ups and now im going to do as per the instructions at the top of this thread.

    many thanks for starting this thread.

  28. after the restore

    1. searched for sysguard in all files and folders. found it in a prefetch folder for windows. so this file was placed on the computer between Nov 1 and now.
    DHWNSYSGUARD.EXE is the file name i found.

  29. Try this, seems to be effective: http://www.bleepingcomputer.com/virus-removal/remove-antivirus-system-pro

    One tip though – if you can’t get the “rkill.com” file to run and kill the rogue process, try placing the rkill.com file in your startup folder and reboot your computer – I was removing this “scareware” remotely and did not have the safe mode option, this trick worked like a charm. All traces gone, back up and running normally in about 1 hr. time, remotely even. Good luck to any who get this.

  30. After reading through the posts, which were helpful, I decided to post my own experience with this effing virus. After taking the PC off the network and much fruitless work, I followed Roberts post about placing rkill in the ‘Startup’ folder and it worked like a charm. Then I decided to log on as a local administrator and the first thing that I saw upon entering windows was a prompt to run ‘kalnsysguard.exe’ located in the users ‘Local Settings\Application Data\xrmbkm’ folder. Of course, I’m sure the ‘xrmbkm’ folder will change name every time the virus is installed. But suffice to say that any folder named like this should arouse suspicion. I deleted the folder with the file. I did a search for all files/folder named “sysguard” in all folders (hidden and system). I found a file called ‘KALNSYSGUARD.EXE-1348DDEC’ which was located in the ‘C:\Windows\Prefetch’ folder. No idea what this file is or does, but I’ve deleted it. So I removed rkill from the ‘Startup’ folder and then logged back in as the user, no virus activity. I can actually work on it now. So now I’m running Spybot to remove anything it finds. While it’s running, I took a look at the processes running in Task Mgr. Nothing abnormal. Spybot returned Fraud.Sysguard and WinSpywareProtect registry keys. I cleaned them up. Then I ran HijackThis! It found a couple registry entries referencing the “kalnsysguard.exe” file I deleted. I cleaned up those entries. I ran CCleaner and cleaned everything up, but nothing was related to the virus.

    So far everything is working fine. I wonder if this virus is really gone, or if there is anything hidden….

  31. I found a pretty good way to get rid of it.

    1. Download rkill.com mentioned a couple posts ago and put it on your desktop.

    2. Restart your computer. While your computer is still loading your startup programs, run rkill.com. This should give rkill enough time to finish running and shut AV system down before AV can shut it down and/or affect other programs. You will then be unaffected by AV for the time being until you restart your computer.

    3. Download Spyware Doctor, which is mentioned in almost every thread I found on how to get rid of this thing. Make sure it is able to update, meaning it doesn’t fail to connect because AV has affected something. If it fails to connect, redo step 2 as an older version might not find all the places this thing may be lurking.

    4. Play it safe and run a FULL system scan with SD. This may take a while, but it’s worth it. When it’s done, you must either register the product or manually go through and delete everything it found since the trial version just detects and won’t eliminate stuff (even though it gives the file paths and everything!) . If you manually delete, go through My Computer to get to the files and run regedit to get to the registry entries. This can be very tedious depending on how much it finds. If you register SD, you can either pay them >:-( or you can say “f**k them” cause they’re probably in league with the bastards who created AV and find a keygen. Just Google “Spyware doctor keygen” and ye’ll find what ye seek, matey! (hint, hint) 😉 . I can’t provide any more instructions on that though. Whichever you do, this should get rid of it. It did for me. Hope this helps somebody.

  32. I am not sure if this will help but I wanted to contribute to this chat out of respect of “my” usage of the site. I had this #*@+$* sysguard virus and I “think” I got rid of it “for now”. After reading the threads I did the cntrl-alt-del immediately upon start and found the .exe file XJUFSYSGUARD. I immediately closed the file. I then went to d/l the malewire program. I ran the program with no success. I then went and upgraded AVG to version 9. It allows u to test the FULL copy for 30 days and then switch back to the free version. I d/l’d and while running the scan the bugger flagged the virus and all of it associated files and then vaulted them. So far so good. It boots up and its running w/o interuption. Pls note I tried to do the whole system restore and it would not allow me. It went thru the initial stages and then stated that it could not restore. I also tried spy-bot and that didn’t detect. Pls also note that I did all of the research on my blackberry. Good Luck Virtual Warriors!!

  33. A quick observation: in my experience Spybot has been the best program in detecting the virtumonde files left hanging around after the major stuff has been killed off. But, Spybot will not ‘fix’ these, although it will try. These files will come back in various forms (different variations on virtumonde) with reboots–and sometimes it takes more than one.

    I have found a couple of help threads at http://www.safer-networking.org/index2.html dealing with this problem. I will eventually, when I have time, be submitting logs for review and instructions on how to remove virtumonde for good.

    Best of luck to all.

    The folks at safer networking seem to do a great job. They deserve support.

  34. I think I got rid of this thing, after 4 hrs of non-stop work and worry.

    I was not able to restart in Safe Mode (it hung up on the driver BTHidMgr.sys), but I followed the bleepingcomputer steps:
    http://www.bleepingcomputer.com/virus-removal/remove-antivirus-system-pro

    with a few modifications:
    1. I wasn’t able to use IE at all until I manually deleted eomhsysguard.exe from my App Data folder.
    2. Then I followed their instructions up to downloading rkill.
    3. I had to run rkill immediately upon restart in order to get it going before eomhsysguard would start. That took quite a while, actually.
    4. Then I used IE to download Malwarebytes. I ran their quick scan, it found 5 or 6 items, and I deleted those. That part took about 10 min.
    5. When I restarted Firefox, it wanted to open a bunch of windows again, but I think that is just b/c I have it set up to start with the last window.

    I’ll keep you updated on whether this fix sticks. I also downloaded AVG, but I didn’t download it b/c I’d have to uninstall my existing McAfee… although I’m tempted to do it since McAfee dropped the ball on this one, big time.

  35. Wow… I fixed my computer by myself for free…

    I had “Antivirus system pro” on my computer…. it’s a rogue spyware… fake program. It is obtained like any virus… email, internet surfing etc….

    I researched the internet for hours and found “Malwarebytes” a free basic version download program… there is a full paid for version as well…

    Since my CD Rom was infected I had to download to a thumb drive and start the computer ready to”Install and Run”…

    It was tricky because at start up the virus at times kicks in quick and other times is a little slower….so I had to time it right… once the Malwarebytes was running that’s all I needed to do… the Antivirus system pro never showed up during the running of Malwarebytes.

    Malwarebytes ran for 4.5 hours…. scanning & cleaning the entire computer…. 40 gigs worth of information…. I think it even scanned my thumb drive for virus issues…

    I thought when all was done that Malwarebytes download might say “Yup, your infected”.. now “purchase” the product to clean your computer… but it did not…. it showed a diganostic sheet of all infected files and folders and then FIXED THEM ALL…over 180 infected files…

    If the computer stays fixed I am SOOOOO impressed…. I will be backing up my files ASAP… or maybe later.. 🙂

    Ok, here is the shameless promotion portion of the email… http://www.malwarebytes.org/
    Free version & Purchase full version available… the download to my thumb drive took only minutes… it’s a 4.61 MB download.

    It might be a good preventive measure and it’s working with my Norton program without issues at this time… sometimes running multiple Anti-virus programs can cause computer problems as well, but none yet… I fixed this computer yersterday by 8:00pm and no problems yet….
    -m

  36. For the record here is what finally happened:

    I used the following software: Super Antispyware, Malwarebytes, Spyware Doctor (I am not sure I would buy this if I had to do this again–Spybot and SuperAntiSpywarre seem to do fine), Spybot, McAfee (one will still need an antivirus program, I think, although McAfee is spineless), rkill, and ATF Cleaner, and some recommendations at this page:

    http://www.bleepingcomputer.com/forums/lofiversion/index.php/t271072.html

    Step 1) Get control of your computer (there is information above on how to do that–several methods seem to work–use rkill, ATF Cleaner, closing the toxic programs in Task Manager, and Safe Mode scans).

    Step 2) Begin scans with anti-malware programs to eliminate most of the bad stuff (NOTE: anti-malware programs will be under attack . A breakthrough for me occured when I downloaded Malewarebytes anew for the third time–it suddenly seemed to work better than it did–also, remember to shut down other anti-maleware programs when scanning. Conflicts between Spyware Doctor and others jammed scans. Also, as one begins to get rid of this junk, some programs do better than others in picking stuff up, and others do better at killing stuff: e.g. Spybot detects virtumonde but can’t kill it. Malewarebytes is a great killer once functioning well.)

    Step 3) Do not think you have got it all after a few clean scans–at least if you have the variant I had. trojans and viruses are embedded in Systerm Restore and SVI files. They will go dormant and come back. I kept scanning until I had 3 reboots with no problems. Then, I following the instructions here (WebCure it was a bust for me, but it didn’t seem to matter).

    http://www.bleepingcomputer.com/forums/lofiversion/index.php/t271072.html

    Step 4) Following the instructions above I cleaned out my Restore points and made a new one.

    Step 5) The computer was slow–there was 9GB of junk in my McAfee Quarantine files. I shredded it all, defragmented and compressed the disk. For now, all looks well. Clean scans and the computer is functioning fairly well.

    This seemed to work for me, but I am not an expert. Another option is to get control, go to Safer Networking register and ask for help. If I had to do this all over again, this is what I would probably have done–but it takes time.

    Best to all!

  37. Oh yes, and some folks warn against cleaning out all restore points. But, I was tired and just did not care anymore.

Comments are closed.