Go Back   Tech Support Forum > Microsoft Support > Windows XP Support

Strange Anti virus has installed on my PC without my knowledge! *problems!*

This is a discussion on Strange Anti virus has installed on my PC without my knowledge! *problems!* within the Windows XP Support forums, part of the Tech Support Forum category. Hello, Well basically my computer started lagging alot and hanging when i closed applications, and suddenly my pc jus restarted


Closed Thread
 
Thread Tools Search this Thread
Old 11-15-2008, 03:10 PM   #1
Registered Member
 
Join Date: May 2008
Posts: 144
OS: oo

My System

Mistake

Hello,

Well basically my computer started lagging alot and hanging when i closed applications, and suddenly my pc jus restarted itself without my concent (it didnt switch off due to overheatin etc cause my temperature was average) But soon when i loged back into windows Norton Internet Security started havin major errors and un-installed itself, then i looked into the activity tray (bottom right of windows XP) and i had a programme installed called "Anti-Virus pro 2009" and i didnt even install it!! nobody uses my PC as i'm the only one that has access to it. But im confused on how it installed without me knowing (thinking thats why my PC randomly restarted)

So i tried deleting it and un-installing it, but it keeps coming back, and now one of my sticks of RAM became corrupted. I looked up information to see what this "anti virus programme" really was, and alot of them say its a self installing virus that apparently gets through legit internet security's.

So im wondering if you know how i could possibly get this un-installed and tell me a good internet security software is, i dont want any damage happening to this pc.

*note* I also tried installing the newst version of AVG anti virus, but the "Anti- Virus Pro 2009" keeps self deleting it sayin its containing trojans etc.

Attatched screenshot of the Unknown anti virus software, and it doesnt appear on the "Add Or Remove Programmes" Option.

**Also the RED "X" icon on the bottom right corner used to be Norton Internet security 2006, but its still there and not functioning since that random anti virus software had been installed.

Thanks for your time, any more information i will provide.

Ollie
Attached Thumbnails
Click image for larger version

Name:	Anti virus.JPG
Views:	20
Size:	184.1 KB
ID:	36520  

__________________
Ollieboy is offline  
Old 11-15-2008, 03:40 PM   #2
Registered Member
 
Join Date: Nov 2008
Posts: 25
OS: Windows 7 Ultimate 64-bit



This happened to me a few days ago. Were you on IRC when your computer restarted and this installed?

If you googled Antivirus 2009, you'll learn that it's a self-cloning anti-virus (upgraded from its previous version, Antivirus 2008) that installs itself and bugs you incessantly to buy the full program.

This program automatically uninstalls your other anti-viruses. For me it also deleted my mIRC.exe file (though it left the rest of mIRC alone, which I was grateful for.)

This zip file is part of a multidisk zip file. Please insert the last disk of the set.

This is what I did. I downloaded AVG 8.0, which is a good antivirus. When it finished installing, I chose not to restart my computer (because it will be deleted if you do). Run an AVG scan and let it finish, then clean up the files it found.

This uninstalled both Antivirus 2009 and got rid of the red X in the corner.

(Also please note that even after I got rid of it, my computer ran very, very slowly. It even caused FireFox to take a full 2 minutes or more to start up. I had to reformat my computer to get rid of all the problems it caused.)

__________________
GuyFaux is offline  
Old 11-15-2008, 03:47 PM   #3
Registered Member
 
Join Date: May 2008
Posts: 144
OS: oo

My System


Yeah i got that AVG but see when im installing it, the Anti virus 2009 automatically blocks it at the end of installing it, cause the AVG to "Fail Installation" il get the error code again when i attempt to re-install it. Now im getting paranoid lol, on some posted articles etc, they say that "Anti Virus 2009" also found a keylogger in one of their installation files, ive searched absoloutly everywhere in my programme files, and even search for the anti virus programme, but nothing has been found!!!

Its as if the programme doesnt exist :S!
__________________
Ollieboy is offline  
Old 11-15-2008, 03:54 PM   #4
Registered Member
 
Join Date: Nov 2008
Posts: 25
OS: Windows 7 Ultimate 64-bit



It's not in C:\Program Files\Antivirus 2009?

If you're talking about how you can't find the keylogger, forget about it. Don't believe anything Antivirus 2009 says.

If the antivirus 2009 folder there, boot your computer in safe mode (in XP, I think you hold down or tap F8 on the startup screen before windows boots.

Choose Safemode without networking, just in case. This will bar you from using the internet, but you won't need it.

The Anti-Virus 2009 uninstall file is a hilarious little window that says "It's already installed!" So obviously you can't do that. Instead, delete the entire program folder for Anti-virus 2009. Make sure it's really deleted, and not still sitting in your recycle bin.

Then go into Start> Run > regedit. Search all keys and values for Antivirus 2009 and delete or erase them.

Restart in normal mode, and the program should be gone. You'll be relieved to find a "Cannot find Antivirus2009.exe!" or whatever, because the computer is set to run the program at startup, but the program is not there. :) But you'll still have the red X. Fortunately, Antivirus 2009 can no longer prevent you from installing AVG.
__________________
GuyFaux is offline  
Old 11-15-2008, 04:18 PM   #5
Registered Member
 
Join Date: May 2008
Posts: 144
OS: oo

My System


haha, had to go on laptop now, my internet is now timing out, okay i turned on my computer and now im getting literally about 9 pop ups saying stuff like "cannot open "run.dll" and lots more,

Also if i delete this from safe mode, will it not re-download back onto my PC.

I really need a good internet security, bexcaue this PC used to be a OEM from Compaq, but ive replaced mobo, HDD, RAM, PSU, Gfx Crad, literally everything from it. the only thing that is basically from the old setup is the windows XP operating system, but that came with a free Norton internet for 80 days, (i know this could perhaps be classed as illegal) but is there anyway to re-activate the Norton internet security? because i am not really keen about doing full system restore, even tho that will clear out everything and basically make the PC brand new again. But just the thought of installing all the programmes i have is daunting!!


Thanks for the replies =]
__________________
Ollieboy is offline  
Old 11-15-2008, 04:36 PM   #6
Registered Member
 
Join Date: Nov 2008
Posts: 25
OS: Windows 7 Ultimate 64-bit



Windows XP has a lot of security problems involving force downloads. It's something they addressed in Vista, which is much more secure, but I'm too cheap and too skeptical to upgrade as of yet and I'm perfectly satisfied with XP.

Anti Virus 2009 only installs if you click the bubble that pops up from the X on the bottom bar. So don't click it, even to X it out. Just try to ignore it.

Have you tried going into Safemode to delete AV2009?
__________________
GuyFaux is offline  
Old 11-15-2008, 04:58 PM   #7
Hardware Tech Team
 
makinu1der2's Avatar
 
Join Date: Jan 2008
Location: Florida
Posts: 14,884
OS: Win7,Win XP,PC LinuxOS

My System


Hello ollieboy,

To get expert help with malware removal see the link below. Follow the steps

http://www.techsupportforum.com/secu...oval-help.html

After completing the steps you will be advised to post a log for one of the experts to examine. Please Please use the link provided to post the log not back here.

Be patient and it may take some time for someone to assist you as that is a busy forum.
__________________
makinu1der2 is offline  
Old 11-15-2008, 05:18 PM   #8
Registered Member
 
Join Date: May 2008
Posts: 144
OS: oo

My System


........... omg.

Right went into safe mode, deleted it, deleted all my %temp% and prefetch aswel, done a search to find any trace of it, didnt find a thing. deleted all the files etc that associated with Anti Virus Pro 2009 and deleted it from my recycle bin. Tried installing AVG 8.0 failed (6 failed because i was in safe mode... DUUUH :D)

So restarted PC in normal mode, but guess what happened...

It started re-installing itself, and would let me stop it! now my PC is lagging so bloody badly its getting really frustrating, and i dont want to hold open portsd with no security !!!! :(

i hate the creator of virus's , sheer jealousy!
Attached Thumbnails
Click image for larger version

Name:	OMFG22.jpg
Views:	34
Size:	828.3 KB
ID:	36534   Click image for larger version

Name:	failed-2.jpg
Views:	18
Size:	291.2 KB
ID:	36535  
__________________
Ollieboy is offline  
Old 11-15-2008, 06:04 PM   #9
TSF Enthusiast
 
Dracia's Avatar
 
Join Date: Mar 2008
Location: London, UK
Posts: 526
OS: Windows Vista Home Premium SP2 and Windows 7

My System

Send a message via AIM to Dracia Send a message via MSN to Dracia

Please follow makinu1der2's instructions to rid yourself of this annoying program.
__________________
I will only offer help in the forum, not through personal methods of contact.
Dracia is offline  
Old 11-15-2008, 06:12 PM   #10
elf
TSF Team Emeritus
Microsoft Support
 
elf's Avatar
 
Join Date: Jul 2002
Location: Knoxville, TN or Austin, TX depending
Posts: 7,196
OS: WinXP Pro SP3 and Windows 7

My System

Send a message via AIM to elf

Quote:
Originally Posted by makinu1der2 View Post
Hello ollieboy,

To get expert help with malware removal see the link below. Follow the steps

http://www.techsupportforum.com/secu...oval-help.html

After completing the steps you will be advised to post a log for one of the experts to examine. Please Please use the link provided to post the log not back here.

Be patient and it may take some time for someone to assist you as that is a busy forum.
This is what you need to do. Our security team can help you remove this nasty program.
__________________

If TSF has helped you, Tell us about it! or Donate to help keep the site up!
I do not subscribe to threads, so if I stop replying, PM me with a link to your thread so I can find it again.
elf is offline  
Old 11-15-2008, 07:40 PM   #11
Registered Member
 
Join Date: May 2008
Posts: 144
OS: oo

My System


Ok i done DDS thing, but GMER.EXE doesnt work whatsoever, i think its being stopped by theeanti virus thing.

what do you think i should do, i keep getting notifications sounds continously played over and over..

i appreciate all the help you guys are giving me considering the situation
Attached Files
File Type: txt DDS.txt (17.7 KB, 15 views)
__________________
Ollieboy is offline  
Old 11-15-2008, 08:02 PM   #12
elf
TSF Team Emeritus
Microsoft Support
 
elf's Avatar
 
Join Date: Jul 2002
Location: Knoxville, TN or Austin, TX depending
Posts: 7,196
OS: WinXP Pro SP3 and Windows 7

My System

Send a message via AIM to elf

Post those logs in a new thread over at the HijackThis Log Help section and let them know that gmer won't work. They will tell you what to do from there.

Quote:
Click here to post the following logs in the HijackThis Forum


DDS.txt - copy/pasted directly into Reply box
Attach.txt - attached to post
gmer.txt - attached to post
__________________

If TSF has helped you, Tell us about it! or Donate to help keep the site up!
I do not subscribe to threads, so if I stop replying, PM me with a link to your thread so I can find it again.
elf is offline  
Old 11-16-2008, 03:37 PM   #13
Registered Member
 
Join Date: May 2008
Posts: 144
OS: oo

My System


okay just did it, hopefully someone can help me with this soon :(

thanks for your help guys =]
__________________
Ollieboy is offline  
Old 11-16-2008, 06:10 PM   #14
Registered Member
 
Join Date: May 2008
Posts: 144
OS: oo

My System


**Update**

Well ive tracked down the actual virus thing, and its also running behind a process called wini10894.exe, which is found at the system32 folder. there are also 3 .dll files that were definitly not there before. Now internet explorer downt load up or anything, but firefox is fine. I am getting really concerned about this, should i do a clean installation of windows using my recovery disks, because its becoming out of hand and i dont know how patient io can get with waiting as its getting worse evryday :(
__________________
Ollieboy is offline  
Old 11-16-2008, 07:08 PM   #15
Registered Member
 
Join Date: Nov 2008
Posts: 2
OS: xp sp3



ollieboy: check if norton has manual removal information for this one. If there are multiple mutations antivirus software cannot keep up with them, but if manual removal instructions are available they can provide direction for a solution. File names will be different but similar, and folder and registry locations will likely be the same. Tedious, but may be the only way.
__________________
opencase is offline  
Old 11-16-2008, 08:06 PM   #16
Registered Member
 
Join Date: May 2008
Posts: 144
OS: oo

My System


well my norton came built in my PC so the instructions were inside the PC which i found (even tho i had to un-install) but when i clicked on "Manual Text" document, my PC shut down due to "blue screen error" loaded back windows tried it again, and my pc refused to start up 2 times, then i double clicked on the file it done the blue screen error yet again..... something is not right,
i also have a feelin i may have keylogger, i have itunes and now its suddenly installed on 2 computers even tho im the only one that owns this pc and the only user, and i havent given out ANY details that im an itunes user........ really need that info from "high jack this" people :(:(:(:(:(
__________________
Ollieboy is offline  
Old 11-16-2008, 08:32 PM   #17
Registered Member
 
Join Date: Mar 2007
Posts: 4
OS: XP



If you don't want to format and reinstall, try to install your HDD as slave on another clean system and scan/clean with all latest and best possible antimalware, free ones being avast, AVG, Avira, SuperAntiSpywaer, Spybot, Comodo Internet Security, etc. Or, if you have space (4-6 GB), boot from CD and create a new partition, then install a new O/S (Win2K and above), thus making your system dual-boot. Then boot into new/clean system, install avast, schedule a thorough boot-time scan of all disks. One by one, uninstall and install all antimalware you can get and clean your system. You may want to investigate and try this: Returnil Virtual System Personal 2008.

Hope this can put some peace into your mind.

__________________
IDmyZE5Mitq is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 03:09 AM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts