Bogus AV 2012 Problem

Discussion in 'malware problems & news' started by WilliamP, Dec 16, 2011.

Thread Status:
Not open for further replies.
  1. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I am trying to help someone overcome the infection. The system had the Bogus AV 2012 on it. I ran Avira ,Super Antispyware.Malwarebytes,and HitmanPro. The system is XP Home. I think that it is clean but damaged.(It won't update Windows and I can't burn a CD of his pictures). I ran a scan of GMER and would like to know if it indicates a Root Kit.
     

    Attached Files:

    • ark.txt
      File size:
      3.9 KB
      Views:
      14
  2. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    CD Problem:

    1. Right click on MyComputer and click on Properties.
    2. Click on the Hardware Tab.
    3. Click on Device Manager.
    4. Expand DVD/CD-ROM drives.
    5. Click on the name of your DVD/CD-ROM drive.
    6. Right click, select Uninstall and say OK to uninstalling the device.
    7. Restart the PC.
    8. When Windows restarts, Windows XP should properly detect and install your DVD/CD-ROM drive.
     
  3. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    SuperAntiSpyware has many Windows Repair Options. I don't remember at this time where these options are located in SuperAntiSpyware. Open SuperAntiSpyware and look for these options.
     
  4. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Do a Full scan with Dr.Web CureIt. Dr.Web CureIt now has a reasonably fast scan speed.

    Also, maybe do a scan with the Kaspersky AVP Tool.

    Once your problems are sorted out, it is highly recommended to start to routinely Image your hard drive so that any future problems with Malware may be quickly and easily fixed.
     
  5. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
  6. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    The computer is an HP and has a D drive for System Restore. So I ran the System restore. Had a couple of problems,but seemed fine. I managed to get XP updated. After everything was updated I ran an Avira scan. Avira found 1 TR/Agent.xvp and 8 TR/Emuni.F and hopefully removed them. Has anyone had to deal with these bugs?
     
  7. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Does the HP Restore from hidden partition have a choice of two Restore options?

    Some PC vendors will have something like a Restore option that does not overwrite all files and a Restore option (sometimes refered to as "Destructive Restore") that will overwrite the entire Windows System (C) Partition. If you did not use a "Destructive Restore", there is a chance of Malware being left on the Windows System Partion after the Restore process.
     
  8. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    There was no choices. Everything seems fine,but I'm concerned. Checking in Google it seems that Avira is the only AV that catches it.
     
  9. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    A couple of years ago, I scanned a Compaq PC with the Avira Rescue System CD and Avira identified a HP Utility ('Process Killer' Utility) as a Trojan. I do not remember the name of the Trojan. A web search showed that this was a "false positive".
     
  10. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    I sent the files to Avira and they said that TR/Emuni.f is a Trojan.
     
  11. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    You could give Comodo Security Essentials 2.x BETA a try. Keep in mind that it is still in BETA Testing. It may find some false positives, so you will have to determine what to do with any suspect files that are found.

    Comodo Security Essentials does not install on the PC. You extract the files to a Folder and Run the appropriate exe file.

    https://www.wilderssecurity.com/showpost.php?p=1989545&postcount=38
     
    Last edited: Dec 19, 2011
Loading...
Thread Status:
Not open for further replies.