« previous next »
Pages: [1]

Author Topic: Infected by Antivirus Live  (Read 1153 times)

Offline wisdom_of_trees

  • Newbie
  • *
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Infected by Antivirus Live
« on: December 10, 2009, 02:25:43 AM »
I'm trying to help a friend with his computer. He's been infected by something called Antivirus Live and I've never seen anything like it.

I can't give you a HijackThis log, because the Trojan won't let me run it.
I can't run Malware-Bytes for the same reason. In fact I can't run anything.
Also, I can't access the registry from RUN.

Using the internet on the infected machine is high near impossible. I always have to TOOLS>INTERNET OPTIONS>LAN SETTINGS and disable the Proxy Server so that I can even get to seeing any webpage other than the one that takes me to where the Trojan wants me to purchase the software that can take the virus off the machine. And then I have to do that, over and over because it resets it.

I'm getting really frustrated and I'm not sure what to do. Any help is always appreciated of course.

Thanks!
Logged

Offline wisdom_of_trees

  • Newbie
  • *
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Infected by Antivirus Live
« Reply #1 on: December 10, 2009, 09:31:51 AM »
[quote name=\'wisdom_of_trees\' post=\'466785\' date=\'Dec 10 2009, 12:25 AM\']I'm trying to help a friend with his computer. He's been infected by something called Antivirus Live and I've never seen anything like it.

I can't give you a HijackThis log, because the Trojan won't let me run it.
I can't run Malware-Bytes for the same reason. In fact I can't run anything.
Also, I can't access the registry from RUN.

Using the internet on the infected machine is high near impossible. I always have to TOOLS>INTERNET OPTIONS>LAN SETTINGS and disable the Proxy Server so that I can even get to seeing any webpage other than the one that takes me to where the Trojan wants me to purchase the software that can take the virus off the machine. And then I have to do that, over and over because it resets it.

I'm getting really frustrated and I'm not sure what to do. Any help is always appreciated of course.

Thanks![/quote]

UPDATE

I've managed to access the Windows Task Manager and the Registry Editor; however, I still cannot open or use Hijack This or any other files.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Infected by Antivirus Live
« Reply #2 on: December 10, 2009, 09:54:52 AM »
I'm just on my way to work
In the meantime, can you try the following
Open Task Manager and end process on the following if found

mkfusysguard.exe>>Look for a process similiar, it should have sysguard.exe as the last
mkfusy may be different

If that is successful
Try the following
Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color]
[color=\"#0000FF\"]Link 2[/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

      --------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline wisdom_of_trees

  • Newbie
  • *
  • Posts: 38
  • Karma: +0/-0
    • View Profile
Infected by Antivirus Live
« Reply #3 on: December 10, 2009, 10:58:16 AM »
Hey Guestolo! As always good to see that you're still here helping us out. I just found out that my friend's computer is a work computer and that he doesn't have admin rights to it. So...no downloading any software. (The idiot)

As always, thanks for getting back to me so promptly, you've always been incredibly helpful and I always pay a little towards your malware fight donations...but the holidays is making things a little tight at the moment...so I'll be sure to give some next year. ;p

Thanks again for everything! And take care!
Logged
Pages: [1]
« previous next »