Guest RLund Posted June 21, 2008 Posted June 21, 2008 A few days ago, the Antivirus 2008 pop-up appeared on my friend's new computer. It stated that he had 41 infections. HIs access to the internet was blocked, as well. In order to remove them, he had to pay for the service. After a bit of research, I discovered that it was a scam and attempted to remove it from his computer, via standard means (control panel, programs and features, uninstall). It appeared that some files were removed, but some were left behind. Those that remained still indicated that he had 41 infections and blocked his access to the internet, by indicating that the websites posed a threat. I found this community and the instructions for removing Antivirus 2008, through http://www.bleepingcomputer.com/malware-re.../antivirus-2008. I carefully followed the instructions and ran the scan...to no avail. The program didn't find the Antivirus 2008 or any infections, for that matter. Unfortunately, the problem remains. I thought that it might work to restore the computer to a time prior to the arrival of the Antivirus 2008 pop-up and then follow the removal instructions. When I restored it to a restore point from May, I could not get on the internet (the error message indicated that we were not connected to the internet. After an hour with the Roadrunner support people, we determined that their signal to the computer was strong and that the modem was working; but apparently the TCI/IP(?) was damaged by the restore and needed to be re-installed). Out of desperation, I restored the computer back to a restore point from yesterday. Now, he can connect to the internet again, but the Antivirus still states that the websites (any of them) pose a threat and prevents him from going any further. Does anyone have any ideas on how I can thoroughly remove this malicious program and restore his computer's functionality? Thanks, in advance. -- RLund Quote
Guest Malke Posted June 21, 2008 Posted June 21, 2008 RLund wrote: <span style="color:blue"> > A few days ago, the Antivirus 2008 pop-up appeared on my friend's new > computer. It stated that he had 41 infections. HIs access to the internet > was blocked, as well. > In order to remove them, he had to pay for the service. > After a bit of research, I discovered that it was a scam and attempted to > remove it from his computer, via standard means (control panel, programs > and > features, uninstall). It appeared that some files were removed, but some > were left behind. Those that remained still indicated that he had 41 > infections and blocked his access to the internet, by indicating that the > websites posed a threat. > I found this community and the instructions for removing Antivirus 2008, > through http://www.bleepingcomputer.com/malware-re.../antivirus-2008. I > carefully followed the instructions and ran the scan...to no avail. The</span> (much snippage) First have your friend back up his data to external media Just In Case. Then have him go back to BleepingComputer (or one of the other specialty forums listed below in no particular order), register, read the posting FAQ, and post to get guided help. PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS. http://www.bleepingcomputer.com/forums/ind...showtutorial=42 - another tutorial http://aumha.net/ - Click on the HijackThis forum. Read the announcement and the stickies first . http://www.atribune.org/forums/index.php?showforum=9 http://aumha.net/viewforum.php?f=30 http://www.bleepingcomputer.com/forums/forum22.html http://castlecops.com/forum67.html http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.geekstogo.com/forum/Malware_Rem...o_Here-f37.html http://gladiator-antivirus.com/forum/index.php?showforum=170 http://spywarewarrior.com/viewforum.php?f=5 http://forums.techguy.org/54-security/ http://forums.tomcoyote.org/ Malke -- MS-MVP Elephant Boy Computers www.elephantboycomputers.com Don't Panic! Quote
Guest GTS Posted June 21, 2008 Posted June 21, 2008 It's likely you have multiple infections, so by all means, follow Malke's advice for a total clean up. I would also specifically suggest you download and run the free version of SuperAntiSpyware from http://www.superantispyware.com/ I've had some luck with it against the Antivirus 2008 infection in a few service cases. If there is a connectivity problem again after the malware cleanup, try running the following command in an elevated command prompt >Netsh Winsock Reset Once fixed, disable and then re-enable System Restore to clear infection items from the SR repository. -- "RLund" <RLund@discussions.microsoft.com> wrote in message news:41B97919-413F-4486-986E-70B3415253B9@microsoft.com...<span style="color:blue"> >A few days ago, the Antivirus 2008 pop-up appeared on my friend's new > computer. It stated that he had 41 infections. HIs access to the internet > was blocked, as well. > In order to remove them, he had to pay for the service. > After a bit of research, I discovered that it was a scam and attempted to > remove it from his computer, via standard means (control panel, programs > and > features, uninstall). It appeared that some files were removed, but some > were left behind. Those that remained still indicated that he had 41 > infections and blocked his access to the internet, by indicating that the > websites posed a threat. > I found this community and the instructions for removing Antivirus 2008, > through http://www.bleepingcomputer.com/malware-re.../antivirus-2008. I > carefully followed the instructions and ran the scan...to no avail. The > program didn't find the Antivirus 2008 or any infections, for that matter. > Unfortunately, the problem remains. > I thought that it might work to restore the computer to a time prior to > the > arrival of the Antivirus 2008 pop-up and then follow the removal > instructions. When I restored it to a restore point from May, I could not > get on the internet (the error message indicated that we were not > connected > to the internet. After an hour with the Roadrunner support people, we > determined that their signal to the computer was strong and that the modem > was working; but apparently the TCI/IP(?) was damaged by the restore and > needed to be re-installed). Out of desperation, I restored the computer > back > to a restore point from yesterday. Now, he can connect to the internet > again, but the Antivirus still states that the websites (any of them) pose > a > threat and prevents him from going any further. > Does anyone have any ideas on how I can thoroughly remove this malicious > program and restore his computer's functionality? > Thanks, in advance. > > -- > RLund </span> Quote
Guest Mick Murphy Posted June 22, 2008 Posted June 22, 2008 Use Spybot Search & Destroy in Safe Mode. All instructions below. http://www.spybot.info/en/index.html Spybot Search & Destroy 1.5.2 is a very good, FREE Anti-Spyware Program. Download, install, update, and immunize your System with it. Then SCAN with it. Update it, and scan your System once a fortnight. Important re: Safe Mode If you happen to find a problem that you can’t uninstall / delete, reboot the computer, and go into Safe Mode. To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow key to get to Safe Mode, then hit ENTER. RESCAN your computer with Spybot S & D while in Safe Mode. -- Mick Murphy - Qld - Australia "RLund" wrote: <span style="color:blue"> > A few days ago, the Antivirus 2008 pop-up appeared on my friend's new > computer. It stated that he had 41 infections. HIs access to the internet > was blocked, as well. > In order to remove them, he had to pay for the service. > After a bit of research, I discovered that it was a scam and attempted to > remove it from his computer, via standard means (control panel, programs and > features, uninstall). It appeared that some files were removed, but some > were left behind. Those that remained still indicated that he had 41 > infections and blocked his access to the internet, by indicating that the > websites posed a threat. > I found this community and the instructions for removing Antivirus 2008, > through http://www.bleepingcomputer.com/malware-re.../antivirus-2008. I > carefully followed the instructions and ran the scan...to no avail. The > program didn't find the Antivirus 2008 or any infections, for that matter. > Unfortunately, the problem remains. > I thought that it might work to restore the computer to a time prior to the > arrival of the Antivirus 2008 pop-up and then follow the removal > instructions. When I restored it to a restore point from May, I could not > get on the internet (the error message indicated that we were not connected > to the internet. After an hour with the Roadrunner support people, we > determined that their signal to the computer was strong and that the modem > was working; but apparently the TCI/IP(?) was damaged by the restore and > needed to be re-installed). Out of desperation, I restored the computer back > to a restore point from yesterday. Now, he can connect to the internet > again, but the Antivirus still states that the websites (any of them) pose a > threat and prevents him from going any further. > Does anyone have any ideas on how I can thoroughly remove this malicious > program and restore his computer's functionality? > Thanks, in advance. > > -- > RLund</span> Quote
Guest Steve Thackery Posted June 22, 2008 Posted June 22, 2008 By far the best thing you can do is copy your data files to an external hard disk, and then reformat your hard disk and reinstall from scratch. It's not such a big deal - allow half a day. SteveT Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.