AV.exe virus - all PC windows users beware

[KenB]

List

A cautionary tale.

There is a relatively new virus going around that masquerades as legitimate XP Internet Security.

It's a worm that you catch if you visit certain antivirus sites.  It's main cause for nuisance is that it pops up about every 30 seconds or so with bogus security  threat warnings and then tries to redirect you to a website that tries to get you to reveal your XP product licence.

It appears in the processes as av.exe.  Whilst you can stop it briefly, it keeps relaunching.

If you get it - DO NOT try to delete av.exe  It has a means of altering the registry so you cannot run any .exe files without doing a SYSTEM RESTORE or manually editing the registry to get rid of the infected entries.

In short it is a major pain in the ass.


It also disables McAffee - making life even more awkward.


If you want to learn more - search on "av.exe removal" and see all the problems other XP users have had with this one.


I'm still trying to get McAffee  to re-install in safe mode.


Please pass this information onto anyone who's time is too precious to waste time  (hours) trying to get their computers to run again.

(Linux/MAC  users - stop sniggering now please ;-)



Ken

[martin]

He heard me, from 50 miles away........

[Greenbeast]

try using malwarebyte's Antimalware

[dinitro]

Ken,

Enable system restore.  If you get a problem in the future you can restore to the previous best configuration.

dinitro

[paul-n]

HI all

I got something REALLY nasty      on my Win XP machine and could not even find it never mind get rid of it.

It acted like the Zeus/Zbot malware and hijacked any attempt to logon to my bank accounts and asked for all the security words/codes.

After a week with the security team at one High Street bank trying everything we could find on the Internet and having no sucess they admitted other customers had reported similar problems and they had not found the cure [ I think they hoped me being a bit computer literate I may stumble upon the answer  ]

I gave up and loaded Ubuntu [ Linux ] been 2 weeks now without Windoze and so far no regrets , it is just different thats all.

Even running some Windoze stuff under Wine.

regards Paul

[renewablejohn]

Ken

What a poor excuse just so you can have a Mac   

[Stuart]

i usually use Winternals ERD Commander, boots off a cd and allows me to play with the XP OS and delete sys files, restore etc..
sure you can download it.

Have unbuntu on a laptop, its fine for firefox.

found backing up my Hard disk regularly was easier than changing OS

[paul-n]

Ken,

Enable system restore.  If you get a problem in the future you can restore to the previous best configuration.

dinitro

Dintro

This did not work for me , one of the things Zeus/Zbot did was delete all restore points ! that sort of was the last nail in the coffin of XP for me.

http://thepcsecurity.com/latest-security-software-cannot-detect-zeus-virus


http://www.computerworld.com/s/article/9141092/UK_police_reveal_arrests_over_Zeus_banking_malware

If you do Internet banking I also suggest you ensure you get paper statements , some malware was reported to divert your bank pages and so show you more money in the account than was actually there so money could be removed longer before it was detected.

When I was moving money from my old bank account to the new I was pleased to find that my bank froze all large movements of money until I had confirmed the transaction was genuine , so although they had no answer to the Zeus problem my money was safe.  

regards Paul

[grevls]

I had this virus.

To get rid of it you need to shut down and restart. It takes a few seconds to start the virus once windows launches. Before it can do so you need to run MSCONFIG and block it from launching on start up.

Do this and restart again.

You will then be able to run all .exe programs and use your anti-virus and/or add/remove programs to get rid of it.

[KenB]

Guys,

After an otherwise  non-productive afternoon I finally got rid of it and its aftermath.

Paul - what high street bank did you have  online security issues with.



Ken

[Ivan]

System Restore is a problem in itself - Many viruses hide in the system restore files, and simply resurrect themselves a few moments after you've removed them. Anti-virus advise often suggests that you disable system restore.

[paul-n]

Guys,

Paul - what high street bank did you have  online security issues with.

Ken

Ken

The Issues were with my PC NOT the banks.

http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid185_gci1376286,00.html

Still can't find a site that tells you what to look for and how to remove it so I gave up.

PM'ed you with more details.

I do still have the infected drive and could boot from it and try again , but I prefer my banking secure it is a pain trying to get secure names/numbers for one bank never mind 2 !

regards Paul