Antivirus 8

1st post

Hi hope someone can help, somehow a Trogan called Antivirus 8 has got into one on my PC's it is proving very difficult to get rid of, I have searced the internet and downloaded "spyware doctor" from googlepack which was suggested by someone- no good, NOD32 wont get rid of it either, any tips?

I am a bit surprised that it got past NOD32 and that NOD32 wont remove it or have I not followed a proceedure?

I have done a forum search and found nothing

 

Malwarebytes' Anti-Malware is good at removing these rogues, on demand version is free:
http://www.malwarebytes.org/

You can also try Hitman Pro(use is free, but for removal a license is needed, however you can activate a 30 day free trial from within the program.) If they are killed by this Antivirus 8 you can start Hitman Pro with the CTRL key held down to do a force breach.(If you have vista or 7, hold the CTRL key down until you clicked yes to UAC prompt.)

 

Wow! thanks for the prompt reply

I will try Malwarebytes, I will have to download it to a USB stick on my other machine as the Antvius 8 blocks internet access

Not sure I fully understand your second suggestion but will go through it step by step if needed

Thanks again

 

I'd suggest generating a SysInpector log and submitting it to ESET Customer care who will be happy to assist you with locating and removing the malware.

New variants of Antivirus 8 are added quickly if not recognized by heuristics. At the moment I'm not aware of any undetected variants so please make sure to scan your computer using the most current signature database 5766. You can also submit suspicious files to VirusTotal to see how they are detected by other antivirus vendors.

 

OFFT/

Actually VirusTotal scans cannot show if a samples is detected by given vendor because of the on-demand scanners there. Most vendors with residence outside Slovakia include extra protection and detection technologies (different from the classic on-demand command line scanning in VT) and can protect their users with these technologies despite the fact that a sample might be undetected according to Virus Total. These "technologies" include web-protection , behaviour analysis , HIPS , cloud/reputation , etc...

Even if very few vendors on VT detected a given real malware samples (a.k.a. they have created signatures for the sample) this still is not an excuse for the other vendors who miss detection for the threat.

 

You will definitely need internet connection for Malwarebytes' Anti-Malware (MBAM) to update to the very latest defs.
You'd better also download RKill (run it first) , then install MBAM and try to update it

RKill information : http://www.bleepingcomputer.com/forums/topic308364.html
MBAM instructions and special cases:
http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial

 

Please submit the suspicious file to ESET per the instructions here. I'd also appreciate if you could PM me the MD5 or the complete result results from VT so that I can check when exactly the detection was added (make sure you're using the latest version and not an outdated signature database). Also make sure that you have startup scan tasks as well as web protection enabled which also use different approaches to detecting malware than standard on-demand scans.

 

Result!!

The Malwarebytes download sorted it out, it took some time to do, I don't know exactly how long as i had to go to a meeting and did not get back to the machine until this morning, no trace of Antvirus8

Made sure my windows and NOD32 were up to date, did a scan, everything clean, sorted

@Marcos, I am the limit of my computing skill here not sure I will be able to submit the file or even find it for that matter but will give it a try later today.


Thanks again for your prompt replies and help

 

MBAM often identifies threats according to registry keys, folder and files names. Please compress the content of the "C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine" folder and submit it to ESET per the instructions here for perusal.

 

Marcos

Sorry but as I said i am on the limit of my computing skills

I cant even find the "administrator" file even if I did I am not sure I have the skills to compress it

I have read the instructions but failed to understand, I would really like to help but I am no computer whizzo, sorry

 

If you want help them , send me a private message using the forum and I'll send you step-by-step instructructions for newbie users.

Administrator wouldn't exist if it is hidden or if such an user hasn't been used yet in Windows XP . Perhaps by writing Administrator , he means your user name or he copies the path from another computer.

 

Hi Moulder, I'm sorry it's my fault. I merely copied the path without noting that "administrator" needed to be replaced with the user name under which you ran MBAM. You can simply search for "quarantine" in the "documents and settings folder". The MBAM quarantine should be found under "..\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine". We'll need to check what was actually detected as ESET does not detect registry keys that refer to non-existing files or folder/file names typical for malware that are detected by MBAM.

 

I feel so stupid even with instructions i cant find the file

Sorry people but I am just going to call it a day trying to help.


Again thanks so much for you help, I couldn't have got rid of Antivirus8 without your help

I will leave computing to you experts and if you ever want a precision hole drilled or a injection moulded product you know where to come