Antivirus8 remnants linger on computer, how do I kill them?

Yeekim

Yeekim

Moderator
Moderator
Joined
Sep 13, 2006
Messages
11,921
Location
Estonia
Today I managed to get my comp infected with Antivirus 8 somehow.
Instantly realizing it is a scam, I tried to get rid of it ASAP.

F-Secure I initially used didn't identify it, so I first installed PC Tools Spyware Doctor and then Malwarebytes. Both reportedly found the offender and cleaned it - and true enough, damn av8.exe is gone from the task manager, nor do I get fake security threats any more. Still, about 60% of time I attempt to open a webpage, I get redirected to fake page which says:
Attention! Your web page request has been cancelled.

This web site refused your connection as it was reported as a malicious request. This can be caused by Viruses, Trojans or Malware found on your computer.

In order to resend your request to the website, press Resend request (please note, this action may cause a permanent block of your computer by the requested website)

To activate your security software, please press Fix Now (recommended)
Click to expand...
I tried running FF in safe mode and setting everything back to default, but no gain.
How do I kill this pest?!? :mad:
 
Thanks, but the HOSTS file is clear. :mad:
I also used SUPERAntiSpyware to scan the system once more and then RegistryBooster to repair any potential errors in registry...after I failed to find any malignant entires mentioned at http://www.spywarevoid.com/remove-av8-antivirus-8-removal-help.html manually. (Probably one of the previous scans got these...)

Still...No... Use.
This thing is driving me nuts!
I originally used FF, but this appears in IE as well... so I guess simply reinstalling browsers wouldn't help?
 
No, it seems more like a problem with the operating system network than anything, not a browser-specific issue.

Open command prompt, type ipconfig and note the address under "DNS Servers." Some viruses can change the DNS which may cause all the redirects. If you know how to change the DNS try 8.8.8.8. If not just google "change dns <your OS>" and follow the directions and change it to 8.8.8.8. Thats Googles public DNS. If that doesnt work, check the ipconfig again as some viruses can change it back to the rogue server.

(by the way, DNS is what changes the web addresses into IP addresses that your computer can understand. If its a rogue one it can redirect everything to the IP address of that fake page.)
 
Hmm..not sure I follow you... the ipconfig only lists

Connection-Specific DNS Suffix,
IP Address,
Subnet Mask and
Default Gateway.

Anyway, I changed the default DNS to 8.8.8.8... still no good.:sad:
 
Oops. Try ipconfig/all. You might have to scroll up a bit because it shows a buncha stuff.

This is where mine shows up:
 
Yeah, DNS 8.8.8.8 is nicely there - hasnt been changed back. :crazyeye:

BTW, I also tried ReImage, which reported "no malicious/ spyware on system"... :mad:
 
aimeeandbeatles said:
So that rules out the DNS.

Take a look at this:
http://technofriends.in/2009/01/18/how-to-stop-automatic-redirects-to-other-websites-with-firefox-3/

It'll tell you if its trying to redirect. Hopefully. Unless its something else.
Click to expand...
Again - thanks for your time and effort.
But no change. I still get turned to this accursed Stopmalwaresite.com.

Also, Norton Power Eraser didn't find anything. That was the last suggested program I got from googling this fake alert message. I guess thats how Napoleon must've felt when he saw his Old Guard beaten at Waterloo. That thing is one hell of a birthday present!

Since it is 5:13 down here, I consider just getting some sleep. Maybe I'll get some updated results in few days...:scan:
 
Hmm. Im stumped. Maybe someone else around these parts could help. Hopefully.
 
This might seem a very careless replay as similar as "its not my problem," but this is the best solution, I assure you.

Format your hard drive, install clean new OS.

If you have never done it before, ask a friend who does.

Viruses and mal-ware are very hard to remove.(as you already know)

And they are so much different in every case that there is no uniform source of reliable information about them. For example, you could make your problem much worse by trying something you found on google.

If you have a virus problem, and like after 2~3 times AV-software scans, and still have the problem, then better to just format your computer. Depends on how organized you are ;), it will take only 30 minutes to maybe 2 hours, including installing programs, upgrading OS etc.(And learn what to do to reduce that time next time) I'm pretty sure the time you already invested into this matter exceeds 2 hours.
 
Thanks, lovexylitol...I had started to consider it myself.
But another search on a local forum suggested using Kaspersky TDSSKiller.

And this one finally managed to slay this damn parasite!
[party]:band::high5:
 
another one Ive used to clean that out is ComboFix. its not for the weak of heart...and do a back up of important files first, because ive seen many a person delete things they shouldnt.
 
Turn off system restore, reboot in safe mode, full system anti-virus scan (I use AVG free edition), reboot, and turn on system restore. Of course you lose all your save points, but a virus can get in your system restore files.
 
Back up any files you need, then format the drive and reinstall the OS.

Once you have your OS reinstalled, the first thing you should do is install MS Security Essentials (or any other program you prefer, but we've had very good experiences w/ the MS-SE package).

Then attach your back up file drive and use the fresh install + Antivirus to scan the backed up files.

There is no other way to be 100% sure you've gotten a root kit off your PC, and you do not want to worry about any 99% effective measures when ID theft is a possibility.
 
You must log in or register to reply here.

Similar threads

S
  • Sticky
v44 Tech Quote Winners Thread
Replies
2
Views
3K
Somebody613
S
Blake00
Civ2 MGE & ToT Scenario/Mod Preservation Project Log (378 Processed + 7 Super Collections)
2 3
Replies
40
Views
20K
Blake00
Blake00
iammaxhailme
How do I put my city on food focus with a controller? Also use links in civlopedia?
Replies
13
Views
3K
hkeus2616
H
45°38'N-13°47'E
Loading times - how to make them very short
Replies
2
Views
2K
45°38'N-13°47'E
45°38'N-13°47'E
ArneHD
"How to hack an election", Election manipulation in South and Latin America
Replies
10
Views
2K
Valka D'Ur
Valka D'Ur
Top Bottom