Antivirus 8

Discussion in 'ESET NOD32 Antivirus' started by jimwillsher, Dec 7, 2010.

Thread Status:
Not open for further replies.
  1. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    Hi,

    For the second time in 12 hours, one of our remote users has got hit with something that ESET didn't catch. This time it's "Antivirus 8", on an XP Pro machine fully-patched and up to date with ESET.

    I'm not going to rant about how it slipped past ESET - two problems on two fully-patched machines in 12 hours says enought about that - all I'm looking for is the best removal procedure please.

    I won't have access to the machine until 5PM today as the user is using it for a presentation (or I guess.....was going to be using it) so I've time to research it. But if somebody has a quick pointer to a removal tool I'd appreciate it. As it's a remote machine I can't risk screwing it up.

    "antivirus 8" is all I've been told. The quote from my remote user is: "Today my Pc has had an antivirus 8 programme start running we cannot delete or remove and apparently it is something that is trying to log onto machines and get details etc."

    Thanks in advance,



    Jim

    EDIT Looks like MBAM will come to the rescue as usual: http://www.bleepingcomputer.com/virus-removal/remove-antivirus8. I'll report back later.
     
    Last edited: Dec 7, 2010
  2. MattJN

    MattJN Former ESET Support Rep

    Joined:
    Feb 19, 2010
    Posts:
    149
    Hello,

    Rogue AV threats like these get on to your computer by getting the permission of the user. It then installs a an actual program on your computer just like any other software that was installed by the user. So as far as Windows is concerned, it is just a program not a virus.

    These types of infection usually start with a pop up window from some malicious code on a web site. If the user clicks on the window at all, including the the red X, they are actually giving the malicious software permission to install on the system. So when this initial pop up comes up, what the user should do is either open the task manager and end the process or use the ALT+F4 function to close the window. Never click on the actual window.

    That being said, you can download our Rogue AV cleaning tool here to try removing it:

    http://download.eset.com/special/ERACleaner.exe

    If that doesn't remove the software, let us know. We will need you to open a case with customer care to gather samples and get detection/cleaning added to the cleaning utility.

    Thanks,
     
  3. vtol

    vtol Registered Member

    Joined:
    Apr 8, 2010
    Posts:
    774
    Location:
    just around the next corner
    funny, as if the average user knows or even should know. what is missing in your statement is the role of NOD to protect the user
     
  4. jimwillsher

    jimwillsher Registered Member

    Joined:
    Mar 4, 2009
    Posts:
    668
    MBAM removed AV8 and ERACleaner finds nothing, but sadly there's still something lurking. The laptop is getting couriered to me and I'll flatten it.
     
Thread Status:
Not open for further replies.