1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

AntiVirus 2008 malware

Discussion in 'Software' started by itbookham, Jul 14, 2008.

  1. itbookham

    itbookham Nibble Poster

    94
    0
    11
    Hi,

    Has anyone found a foolproof way of removing AntiVirus 2008 malware. I have run Ad-Aware software but the problem still remains.

    Thanks,
    Mark
     
    WIP: A+
  2. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    is this nortons 2008 you are wanting to remove?
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  3. itbookham

    itbookham Nibble Poster

    94
    0
    11
  4. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    ah right, my brother had something similar.

    go to the trend micro website and run their full scan this should remove the issue. If not find a decent anti virus program like NOD32 (you have to pay for this) and that will work.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  5. NightWalker

    NightWalker Gigabyte Poster

    1,172
    25
    92
    Certifications: A+, Network+, MCP, MCSA:M 2003, ITIL v3 Foundation
  6. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    I missed that bit :oops:
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  7. NightWalker

    NightWalker Gigabyte Poster

    1,172
    25
    92
    How do people end up with a machine full of malware. I can't remember the last time my AV found something, I don't have some special security, just a NAT router and the usual AV and anti-spyware apps.
     
    Certifications: A+, Network+, MCP, MCSA:M 2003, ITIL v3 Foundation
  8. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    Me too.

    I think people are not aware of what malware actually is and they do not realise what could cause future problems for them like pop ups etc.

    I have fixed computers for a few people over the last two weeks, they all said they had AV progs installed the problem was none of them had kept up their payments or updating procedures so they were knackered.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  9. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    They download pr0n, lots of it! :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  10. NightWalker

    NightWalker Gigabyte Poster

    1,172
    25
    92
    I have spoken to folks before that think if they have antivirus installed its impossible for them to get a virus. It must all be down to bad surfing habits, and not keeping their software up to date. You get the scare mongers that put people off upgrading. There was a guy on another forum I post on asking if he should upgrade to firefox 3 as he heard it had some bugs, he was still running an old old 2.xxx version. The potential for problems with the latest version are low, the potential to have known exploits taken advantage of and the lack of current security in the old version made it a bit of a no brainer, get it upgraded!

    The scum bags! :) The first rule of downloading pr0n, scan it with your AV before you run the .exe...
     
    Certifications: A+, Network+, MCP, MCSA:M 2003, ITIL v3 Foundation
  11. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    it can be done carefully you know, not that I have ever done it :tune:twisted::D
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  12. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    FF 3 caused me no issues, better to upgrade than stay the same.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  13. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    Thats what I tell the users every day but they just dont listen. :biggrin
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  14. itbookham

    itbookham Nibble Poster

    94
    0
    11
    Hi,

    This method has not seemed to remove the malware? Has anyone else managed to remove ir successfully?
     
    WIP: A+
  15. NightWalker

    NightWalker Gigabyte Poster

    1,172
    25
    92
    All the files and reg keys are listed on that webpage at the bottom, if an automated app wont clear it out I would go in and delete all the bits manually.
     
    Certifications: A+, Network+, MCP, MCSA:M 2003, ITIL v3 Foundation
  16. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,283
    254
    329
    try the trend micro web site like I said above that should work.
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  17. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Kaspersky online scanner works well also, I usually use it when my AV can't detect the virus, most of the time Kaspersky online scan does...
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  18. neutralhills

    neutralhills Kilobyte Poster

    366
    28
    64
    Try SmitFraudFix:

    http://siri.geekstogo.com/

    ...it should be run in Safe Mode.

    Also, the newest 2008 variant messes with the Display Properties dialogue. You'll probably need to restore some missing tabs through the registry as it sets a malware file as your desktop in an attempt to keep your system infected. The tabs are removed to keep you from changing the desktop wallpaper away from the malicious file.

    Restore missing desktop tab:

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "NoDispBackgroundPage"=dword:00000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "NoDispBackgroundPage"=dword:00000000


    Restore missing screensaver tab:

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "NoDispScrSavPage"=dword:00000000

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "NoDispScrSavPage"=dword:00000000


    Hope this helps.
     
    Certifications: Lots.
    WIP: Upgrading MS certs
  19. itbookham

    itbookham Nibble Poster

    94
    0
    11
    Hi,

    Thanks for all the feedback. I did manage to clean the computer after a lot of effort and using different scanners. In the end I installed StopZilla on the customer's computer. Ad-Aware, SpyBot etc were not able to remove everything.

    It was the most heavily infected computer I have come across.

    Mark
     
    WIP: A+
  20. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    SmitFraud is awesomely clever - one of the best-executed malware scams ever - second only to the SpyAxe fake anti-malware frauds often served up via compromised banner ads. First time I saw it I was blown away by just how convincing it would seem to the average home user. Ever since then I've come to realise that most machines infected with it would be better off with a format and reinstall - and thats just what I recommend for any home jobs I end up doing nowadays. Unless they absolutely HAVE to keep everything installed - in which case I tell 'em that I'll do it, but bill 'em by the hour for my time (sometimes runs to four hours, amounting to about 250 quid).
     
    Certifications: A few
    WIP: None - f*** 'em

Share This Page

Loading...