Windows Antivirus Live - a virus disguised as an antivirus

Last night i logged onto my computer i downloaded some stuff came back a bit later and there were loads of false looking virus messages. All programs had been disabled and it was very difficult to do anything. I run AVG free and this had also been disabled. The thing causing all these problems was a fake antivirus program which i must have picked up from a dodgy download.

The first thing i did was disconnect from the Internet and try and get rid of it. Eventually i went on another computer and downloaded a program called Revo Uninstaller which i used to disable the virus. The only way i could do it was to restart my computer can launch it quickly before the virus had tome to load up again. I used the hunter mode on this software to disable the virus and then i thought everything was OK.

Turns out that when i logged my computer on again today i had the same problem. The virus still managed to relaunch all i had done was close it - not stop it from auto running on start up. Again i could run that Revo program to disable it but this seems to only be a temporary solution. AVG is unable to detect it and in general it's just a pain in the arse.

There's a little summary of the virus here : http://www.2-viruses.com/remove-antivirus-live
There are some links to antivirus software that will remove it but i just wanted to see what the chaps at bit tech recommend.

 

This is a rouge avg program and can be a pain to remove. I had some variations of this before.
Reboot, start in safe mode (f8 at boot) and run Malwarebytes (malwarebytes.org) software, make sure you update it and run a full scan.

 

I can't actually get my computer to run in safe mode but i don't really need to. I'll try running that program now. It's not that my computer is screwed it's just that i have to disable the virus every time i start up. I'll try that program you suggested.

 

Backup and do a clean windows install. And dont download from dodgy sites.

 

When I Have Virus or Big Spyware, I remove them in Safe Mode and I load Spybot: Seach & Destroy 2 or 3 time. Forget AVG, install Avira.

Indeed

 

I've sorted the problem now. Why would reinstalling windows be necessary?

 

I see this variant every day at my shop. Usually going by
personal antivirus "year"
windows security "year"
and at least 5 other names.
At first combofix from bleepingcomputer's website along with malwarebytes took it off. But after approximately 10% of those customers coming back we began to offer re-install only.
If your having problem with not being able to run executables rename the extension of .exe to .pif the programs should run then.

 

Simple don't download dodgy things, i'm sure we all know what sort of dodgy downloads your on about, and the simple answer is don't download dodgy downloads! You wouldn't have any problems then if you stuck to legit downloads.

 

I'm confused by how you can't get windows into safe mode?? If the virus has got that deep into the system to disable safe mode then surely a reinstall is the only sure way of removing it?

 

If it's anything like antivirus 2009, you can disable it running by going to the startup tab in msconfig and unticking av2009.exe. Also, check in the registry under HKLM/Software/Microsoft/Windows/Current Version/Run and delete the key for av2009.

As mentioned above, Malwarebytes should get rid of it. Then get your antivirus up to date and do a full scan.

 

Just to clear things up - the 'dodgy download' was nothing illegal, I've really toned down my piracy practically to a stop.

When i hit F8 on start up to get to safe mode the only option available was to boot windows normally and there was no safe mode option. When i did click to boot it normally it just crashed. I'm fairly sure the virus had nothing to do with this but I haven't tried getting it into safe mode since getting rid of it.

Oh and a slightly off topic question, a problem I've had for ages. Hit ctrl alt + delete to get the task manager up and i appears but without a window bar or tool bar at the top. It's not a huge problem but it is an inconvenience, does anyone know if there are any settings i could have changed to make this happen or anything?

 

Double click the area above the word "Task" and "Status"

 

Ah thankyou

 

If it was a legal download could you let us all know which site bundled a virus? Then we can all avoid it. If it is indeed a legal one

 

I'm not actually sure what it came from my guess would be pr0ns

 

Ya own daft fault then lol, just go to an adult dvd store and buy one from there not much chance of getting a virus there, well maybe an STD (or a cold) lol

 

AVG > Avira

 

Avast = *BEEEEEEEEEERING!* VIRUS DATABASE HAS BEEN UPDATED! > everything.

 

Firstly AVG > Avira.

Secondly, I download tons of warez, music, movies and even some of teh pr0nz via torrent and I haven't had a moderate to serious infection in about 2 years. I do NOT run an antivirus program at all times, in fact, I never run one for protection. I do have AVG installed but the only reason it is installed is so I can right click the download or directory of downloads and hit "Scan with AVG." If there's anything detected, I Shift+Delete it and find a new torrent. End of story.

Thirdly, unless you're name is IOBits and you like to steal other's definitions, no two anti-malware apps are alike. They will all pick up different things, they all look for different things, they all look in different ways. The best method I've used and has continually given me results (about 95% success rate in restoring the pc pack to an acceptable level for use) is to cycle through 4 different fully updates scanners. #1 Spybot S&D, #2 MalwareBytes, #3 Super AntiSpyware, and finally, #4 AVG. I run them in that order and then again in that order in safe mode. (or the other way around if I was unable to install them in regular mode) After that, I run CCleaner and AML Registry Cleaner, edit msconfig and the computer should be good to go.

 

Trojan Remover by Simply Super Software, followed by Kaspersky Internet Security has fixed every infection for me, apart from the ones that had borked the operating system.