Remove Antivirus Soft
Scareware of the day: Antivirus Soft.
FIRST STEP: Open Internet Explorer, go to internet options, connections, then click on LAN settings and uncheck "Use a proxy server for your LAN"
The usual virus steps follow. If you can't run any programs, either
a) in XP, sign in as the Administrator account or in Vista, "run as administrator" by right clicking on program
b) download Superantispyware portable (see link on side) on another computer. Boot into safe mode (F8 at startup) and transfer the file over to the infected machine and do a full scan. Then see if you can run any applications
Hopefully at this point you can download Malwarebytes, Spybot, and Superantispyware (if you haven't done so already) in normal mode, update all of them (SAS portable doesn't need an update), then go back into safe mode and do full scans with all 3.
Antivirus scans aren't perfect, so they may miss a few things. Here are files and registry entries placed on your computer by Antivirus Soft you should remove manually if you find them:
Associated Antivirus Soft Files:
Windows XP:
%UserProfile%\Local Settings\Application Data\
%UserProfile%\Local Settings\Application Data\
%UserProfile%\Local Settings\Application Data\
%UserProfile%\Local Settings\Application Data\
Windows Vista and Windows 7:
%UserProfile%\AppData\Local\
%UserProfile%\AppData\Local\
%UserProfile%\AppData\Local\
Associated Antivirus Soft Windows Registry Information:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\avsoft
Check for HKEY-CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = no
- Make sure to change it to YES.
Images taken from:
http://img.bleepingcomputer.com/swr-guides/tools/proxy/uncheck-proxy.jpg
http://www.precisesecurity.com/wp-content/uploads/2010/01/antivirus-soft.jpg
http://img.bleepingcomputer.com/swr-guides/tools/proxy/connections.jpg
Sources: www.bleepingcomputer.com and www.trendmicro.com
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home