anyone ever dealt with alpha antivirus

Discussion in 'malware problems & news' started by zfactor, Nov 23, 2009.

Thread Status:
Not open for further replies.
  1. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    and know an easy way to remove it..

    also is it known to create a fake bsod screen? someone i know said they have this one their system and it pops up and asks them to update it and when they click no they get a blue screen and the system shuts down... they said the pop up is alpha antivirus. but would that cause a fake bsod scren or is it really affecting vista causing it. ill have the system in my hands tomm and hopefully i can help her out with this but any advice from anyone who has had to remove it before would be a great place to start.

    does combofix work on this? or i saw a tool called removefakeantivirus also that claims to remove it but i have not used that one. and any thoughts about smitfraudfix for this one??

    thank you in advance
     
  2. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
  3. ASpace

    ASpace Guest

    The product you probably use (~your avatar~) should detect and remove it. This is a very new variant released max. 3-4 days ago. At the beginning it was detected and destroyed by SONAR2 , now detected and removed by Auto-Protect (signatures) and Download Insight.

    alphaav.png

    Additionally , Malwarebytes AM (run renamed and updated) and ComboFix should help . Use ComboFix with caution and only if necessary!!!
     
  4. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    thanks for all the info. the thing that worries me is if the bsod's atre fake or not though. i assume they are not right now though
     
  5. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
  6. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Grabbed the latest installer for Alpha AV and going to folder options - show extentions then renaming mbam.exe to mbam.com allows mbam to perform a quick scan and delete the rogue.

    After a reboot to get rid of the rogue rename mbam.com back to mbam.exe.

    Alpha.jpg
     
  7. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    lol so yeah WAYYYYYYYY fake bsod messages hahahahahahahahaha

    it gives a bsod message about a fatal exception due to a unregistered version of alpha. and it kills the ati drivers also!! blocks me from opening ccc control center. wow a nasty little bugger..even has its own vista startup screen that under the welcome screen has a message about alpha being unregistered...

    removing it now shouldnt be a huge deal hopefully

    edit hmm mbam only found 5 things and none looked to be part of alpha....

    wow so far NOTHING will kill this. i have tried mbam and yes renamed, every tool i can find for it, norton, avira free, dr web cure it, super anti spyware etc nothing will kill it. everything says it did but upon reboot there it still is.. arghhhh
     
    Last edited: Nov 24, 2009
  8. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    Make sure to update before you scan , the most recent version of Alpha AV came out after the last program update so the integrated defs wont catch it .

    If you are still having trouble removing this PM me at malwarebytes.org (I a nosirrah there as well) and will get this fixed for you .
     
  9. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    yeah fixed it what was wierd is i updated and it said it was done.. then it would not remove it... i rebooted and clicked update again and it loaded another update and this time it worked.. THANK YOU!!
     
Thread Status:
Not open for further replies.