Any Computer Experts? 2009 Antivirus virus

[Banshee]

Some how got it a few days ago..

Ran 5 malware programs, 3 virus programs. No luck

Restored computer back 7 days, ran malware, no luck. Now I can't use system restore because there are no reference points.

Running in safe networking mode only.

Anyone know how to fix?

[Ject]

If Antivirus 2009 has been installed on your system some how without your permission or you are seeing a popup advertising on your desktop (taskbar?) or recommending that you use Antivirus 2009 to clean your system..... then you have the zlob trojan.

Follow the instructions below for FREE removal.

Please update this program before scanning.
http://www.malwarebytes.org/forums/i...showtopic=5178

Edit...Any problem removing in normal mode ....try scanning again in safe mode (without networking)
how to enter safe mode (for sh!ts and giggles): http://www.pchell.com/support/safemode.shtml




If the above doesn't work try Removing Antivirus 2009 (Manually): ONLY attempt this if you are familiar with Regedit. Pleas.. please.. please.. create a backup of your regedit before ever changing anything in it.

1. Press Ctrl + Alt + Del then find and End the following processes:
* av2009.exe
* AV2009Install.exe
* Antivirus2009.exe

2. Delete the following files from your PC:
* %UserProfile%\Desktop\Antivirus 2009.lnk
* %UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
* %UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll
* %UserProfile%\Start Menu\Antivirus 2009
* %UserProfile%\Start Menu\Antivirus 2009\Antivirus 2009.lnk
* %UserProfile%\Start Menu\Antivirus 2009\Uninstall Antivirus 2009.lnk
* c:\Program Files\Antivirus 2009
* c:\Program Files\Antivirus 2009\av2009.exe
* c:\WINDOWS\system32\ieupdates.exe
* c:\WINDOWS\system32\scui.cpl
* c:\WINDOWS\system32\winsrc.dll

3. Click Start > Run, type regedit, Find and delete the following registry entries:
* HKEY_CURRENT_USER\Software\
75319611769193918898704537500611
* HKEY_CLASSES_ROOT\CLSID\
{037C7B8A-151A-49E6-BAED-CC05FCB50328}
* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Explorer\Browser Helper Objects\
{037C7B8A-151A-49E6-BAED-CC05FCB50328}
* HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run "75319611769193918898704537500611"
* HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run "ieupdate"


If all goes well, this fake Antivirus 2009 software should now be removed from your computer.
Both Methods have effectively worked for me on customer PC's
Enjoy!

[Banshee]

I have tried using that link in safe mode. No luck.

Safe mode or safe mode with networking?

I have checked my processes, none of the 3 are running.

[Banshee]

Ah I see, without networking... BRB

[Banshee]

None of the three processes you posted were found.

I tried 3 times to use that malware link in safe mode only...Stopped working at 42, 45 and 49 seconds.

I did get the quick scan to work again in safe mode..no problems.

I have Windows Vista...

[Xanthos]

I got the Zlob trojan a while back and it proliferated so much that I eventually ended up having to completely wipe the drive to get rid of it. And I consider myself very computer literate (having worked in the IT field for a few years. I won't say I know everything, but I know a lot).

I wish you the best of luck in what will probably end up being a very extensive battle. My best tools against it were SAV Corp., Spybot S&D, and AdAware SE - using them I at least kept the computer usable, but I was never able to get rid of it all together. Hince the reformat.
- Xanthos

[manimsoblack]

Quote:

Originally Posted by XanthosV6

I got the Zlob trojan a while back and it proliferated so much that I eventually ended up having to completely wipe the drive to get rid of it. And I consider myself very computer literate (having worked in the IT field for a few years. I won't say I know everything, but I know a lot).

I wish you the best of luck in what will probably end up being a very extensive battle. My best tools against it were SAV Corp., Spybot S&D, and AdAware SE - using them I at least kept the computer usable, but I was never able to get rid of it all together. Hince the reformat.
- Xanthos

Same here. And then two weeks later my aunt got it and i figured it out.

Download AVG free onto a thumbdrive from another comp as it blocks you from visiting the site. Install it in safe mode. Run it. Copy and paste the paths of all the infected files it finds and manually delete them and empty your recycle bin. Restart and you should be good.

[Xanthos]

Quote:

Originally Posted by manimsoblack

Same here. And then two weeks later my aunt got it and i figured it out.

Download AVG free onto a thumbdrive from another comp as it blocks you from visiting the site. Install it in safe mode. Run it. Copy and paste the paths of all the infected files it finds and manually delete them and empty your recycle bin. Restart and you should be good.

I'll have to try this if it ever happens again.
- Xanthos

[Scott@Bjorn3D]

Also put Combofix on a thumb drive and run it: http://www.bleepingcomputer.com/comb...o-use-combofix

If you did have an real antivirus package it will say it is installed, tell it ok and keep running it.

I work at a computer shop and here is what we do.

Combofix first
Malawarebytes second
Spybot Search and Destroy third
Download free trail or Norton Internet Security 2009 and run it 4th

If machine starts running find after all that then buy the Norton trail to protect you in the future.

[manimsoblack]

Quote:

Originally Posted by Scott@Bjorn3D

Also put Combofix on a thumb drive and run it: http://www.bleepingcomputer.com/comb...o-use-combofix

If you did have an real antivirus package it will say it is installed, tell it ok and keep running it.

I work at a computer shop and here is what we do.

Combofix first
Malawarebytes second
Spybot Search and Destroy third
Download free trail or Norton Internet Security 2009 and run it 4th

If machine starts running find after all that then buy the Norton trail to protect you in the future.

I usually suggest McAfee over Norton, they give you basically the same product for the same price, and while both are resource hogs Norton can completely kill a slower computer with all the memory it sucks while scanning. McAfee will slow it down but not to the extent of norton.

[Supermans]

Quote:

Originally Posted by Scott@Bjorn3D

Also put Combofix on a thumb drive and run it: http://www.bleepingcomputer.com/comb...o-use-combofix

If you did have an real antivirus package it will say it is installed, tell it ok and keep running it.

I work at a computer shop and here is what we do.

Combofix first
Malawarebytes second
Spybot Search and Destroy third
Download free trail or Norton Internet Security 2009 and run it 4th

If machine starts running find after all that then buy the Norton trail to protect you in the future.

Can you post the links the these files websites? Thanks

[Scott@Bjorn3D]

http://www.bleepingcomputer.com/comb...o-use-combofix

http://download.cnet.com/Malwarebyte...-10804572.html

http://download.cnet.com/Spybot-Sear...html?tag=mncol

http://download.cnet.com/Norton-Inte...html?tag=mncol

There you go. And the new Norton is no resource hog and is much better than any competing product. I fix machines for my living and McAfee machines come in infected all the time.

[diddiyo]

step 1) sell windows computer
step 2) buy mac
step 3) ???
step 4) profit