Virus Rage!

Seil · 01-28-2010, 10:04 PM

So there's this program called "Antivirus Live" which is a real kick in the pants. It won't let me get rid of it. It's a little bit of a pain.

Eltargrim · 01-28-2010, 10:26 PM

Try this, good sir. Report back if it's ineffective. Good luck.

Seil · 01-28-2010, 11:04 PM

I think it's gone. I booted in safe mode and ran Malwarebyte's Anti Malware. It wasn't a particular nasty virus, but man it was annoying.

I guess Bob did have a virus:

Quote:

Originally Posted by Bob The Mercenary

and Nikose' instructions would not work because I couldn't get past the first step:

Quote:

Originally Posted by Nikose

1. Click Start, right-click My Computer, and then click Properties.

The nature of the virus is that it installs and opens a program called "Antivirus Live," which pretty much blocks everything that would make it go away - you can't open Windows Task Manager because an alert pops up saying it's infected, Add/Remove Programs is infected the "Properties" of My Computer are infected.

It not only remains open, you can't minimize it either. It pops up with these "Such and such has tried to blah, blah, blah." alerts, and gives you the option to block or not block it - if you click on the alert, your browser pops up with the Viagra home page. Or "porn.com" Or some erectile dysfunction thing. It wasn't too bad of a virus in that it didn't up and delete my hard drive, but it started to spam alerts at me, and Windows started to spam alerts at me stating that it couldn't use the anti-virus software because according to Antivirus Live, hey, the antivirus software is infected with a virus.

Nikose Tyris · 01-28-2010, 11:21 PM

As always, my additional information via PM solved the problem.

[/Ego boost.]

Preturbed · 01-31-2010, 08:29 PM

I know you've solved it but for future readers, always Safe Mode and run Malwarebytes. If MBAM doesn't want to run, change the filename. If it still doesn't want to run, change the .exe to .bat. Same goes for the install file. If the virus is killing the process after the program starts, you're probably better off to format and restore. Just back up all your music, pictures, and video, then go get your windows disk.

The Artist Formerly Known as Hawk · 01-31-2010, 08:43 PM

Quote:

Originally Posted by Seil

The nature of the virus is that it installs and opens a program called "Antivirus Live," which pretty much blocks everything that would make it go away - you can't open Windows Task Manager because an alert pops up saying it's infected, Add/Remove Programs is infected the "Properties" of My Computer are infected.

Oh man I had this shit a while ago. Couldn't open any program or file that might get rid of it. It blocked avg from working, blocked IE, blocked My Computer, blocked my entire programs list, even the restart and shutdown options were off limits.

Had to turn the pc off at the wall, and then race to open up system restore as soon as everything loaded up again, because the virus seemed a little slow right after starting up and wouldn't stop stuff from working immediately. Luckily I got there in time on my second try and just reset to 24 hours earlier.

Horrible thing though, I was worried it would be the end of my pc because nothing would work on it.

Seil · 01-31-2010, 09:04 PM

The worst thing was having the AL window pop up, because it looks like an actual anti virus program. I was like "I don't remember downloading that," but I sifted through it and found that hey, I was infected with 37 different "threats" and blah, blah, blah.

The only real inkling that the program wasn't what it said it was was that it came up with different results for the search every time. Also, I didn't download it, I couldn't close it, and it was marking things on my computer as "infected," when I knew they weren't. I could see how someone could fall for this, because it all seems very legit in the beginning - but even if you're semi-computer literate, you begin to realize that something's up.

Anyways, I found the best way is to just boot your 'puter up in Safe Mode. Pretty much anything goes wrong - and it's Windows, so something will go wrong - I reboot in Safe Mode and fix it via altering settings/deleting/adding/system restore.

PyrosNine · 02-01-2010, 12:19 AM

I gave advice for fixing that in Bob's thread, because it fuxed up my sister's computer and I'd dealt with it before.

It's amazingly weak to Alt Ctrl Delete if you're as savvy as yours truly at knowing all computer processes. It even has a fake blue screen of death program that can be escaped by alt ctrl delete, and from there simply destroying it with hijack this or deleting the file from the computer.

It's a wicked set up, by installing a hoax virus scan (Sister: Pyros, my virus scan keeps pulling up viruses and then my computer shuts down! Me: What? When did you install a virus scan? Sister: Umm....) that registers itself as a real virus scan to fool windows, and the actual program is this thin program not even bothered to be put in a fake program files folder, but in a randomly named file somewhere in C: or temporary documents.

It will always detect non-existent viruses and make a fake crash, and a big clue of it's fakeness is that in task manager, it's less that 2,000k in memory, whereas real virus scans are much more than that. It puts itself into the registry to auto turn on if it's turned off, this is a part of Window's security features to check if virus scan is working and turn it back on.

But it's not much of a threat, and once you install a proper virus scan, it fixes everything. Remember kids, if you don't remember installing a virus scan, it's probably not good.

I fixed it without even going in to safe mode! Also, Firefox with all the safety features, and Comodo free internet security suite is your friend.

Preturbed · 02-01-2010, 02:12 AM

Pyros, there are a TON of fake virus scanners out there, many of which are not as weak to task manager as the one you describe. None of them are ever terribly threatening to your data, but they vary hugely in removal processes.

bluestarultor · 02-01-2010, 08:18 PM

I can't fathom how people can be online with no protection. At the very least you should have anti-virus like AVG. It's even better to have a hardware firewall on top of it, and if you're getting a wireless router, it's not that much more to make sure you have one.

But at the very least, some software.

01-28-2010, 10:04 PM	#1
Seil Super stressed! Join Date: Feb 2007 Location: British Columbia Posts: 8,081	Virus Rage! So there's this program called "Antivirus Live" which is a real kick in the pants. It won't let me get rid of it. It's a little bit of a pain.

01-28-2010, 10:26 PM	#2
Eltargrim Fifty-Talents Haversham Join Date: Mar 2006 Location: FABULOUS Posts: 1,904	Try this, good sir. Report back if it's ineffective. Good luck. __________________ <Insert witticism here; get credit; ???; profit!>

01-31-2010, 08:29 PM	#5
Preturbed betrayal! Join Date: Feb 2006 Posts: 1,092	I know you've solved it but for future readers, always Safe Mode and run Malwarebytes. If MBAM doesn't want to run, change the filename. If it still doesn't want to run, change the .exe to .bat. Same goes for the install file. If the virus is killing the process after the program starts, you're probably better off to format and restore. Just back up all your music, pictures, and video, then go get your windows disk. __________________ sudden but inevitable

02-01-2010, 12:19 AM	#8
PyrosNine Zettai Hero Join Date: Mar 2005 Location: A figment of my own imagination Posts: 6,103	I gave advice for fixing that in Bob's thread, because it fuxed up my sister's computer and I'd dealt with it before. It's amazingly weak to Alt Ctrl Delete if you're as savvy as yours truly at knowing all computer processes. It even has a fake blue screen of death program that can be escaped by alt ctrl delete, and from there simply destroying it with hijack this or deleting the file from the computer. It's a wicked set up, by installing a hoax virus scan (Sister: Pyros, my virus scan keeps pulling up viruses and then my computer shuts down! Me: What? When did you install a virus scan? Sister: Umm....) that registers itself as a real virus scan to fool windows, and the actual program is this thin program not even bothered to be put in a fake program files folder, but in a randomly named file somewhere in C: or temporary documents. It will always detect non-existent viruses and make a fake crash, and a big clue of it's fakeness is that in task manager, it's less that 2,000k in memory, whereas real virus scans are much more than that. It puts itself into the registry to auto turn on if it's turned off, this is a part of Window's security features to check if virus scan is working and turn it back on. But it's not much of a threat, and once you install a proper virus scan, it fixes everything. Remember kids, if you don't remember installing a virus scan, it's probably not good. I fixed it without even going in to safe mode! Also, Firefox with all the safety features, and Comodo free internet security suite is your friend. __________________ Pyrosnine.blogspot.com: An experimental blog of writing. Updated possibly daily. Possibly. A fair chance. Current Works for reading: War Between them, Karma Police. PyrosNine: Weirdo Magnet Extraordinaire!

02-01-2010, 02:12 AM	#9
Preturbed betrayal! Join Date: Feb 2006 Posts: 1,092	Pyros, there are a TON of fake virus scanners out there, many of which are not as weak to task manager as the one you describe. None of them are ever terribly threatening to your data, but they vary hugely in removal processes. __________________ sudden but inevitable

01-31-2010, 09:04 PM	#7
Seil Super stressed! Join Date: Feb 2007 Location: British Columbia Posts: 8,081	The worst thing was having the AL window pop up, because it looks like an actual anti virus program. I was like "I don't remember downloading that," but I sifted through it and found that hey, I was infected with 37 different "threats" and blah, blah, blah. The only real inkling that the program wasn't what it said it was was that it came up with different results for the search every time. Also, I didn't download it, I couldn't close it, and it was marking things on my computer as "infected," when I knew they weren't. I could see how someone could fall for this, because it all seems very legit in the beginning - but even if you're semi-computer literate, you begin to realize that something's up. Anyways, I found the best way is to just boot your 'puter up in Safe Mode. Pretty much anything goes wrong - and it's Windows, so something will go wrong - I reboot in Safe Mode and fix it via altering settings/deleting/adding/system restore.