Jump to content

av suite malware attack


Recommended Posts

hey guys-

being attacked by a malware program called AV Suite. no idea where it came from. I can't run firefox for more then 10 seconds, can't open my regedit for more then one second, can't open taskmgr at all. I'm think I gotta format. any words of advice?

thanks.

Link to comment
Share on other sites

haha I was just thinking "get a mac mini". :)

I use a free av scanner called Avira. I'm typically pretty savvy about this kind of stuff, but I guess I must have clicked something that let it through. most of my stuff is already backed up, and I still have enough access to grab the few files I need off my main drive.

I've been googling for answers on my iPhone, buy they all recommend editing registry, end processes, open task manager etc, all stuff I can't do. I'll probably just format this evening.

Link to comment
Share on other sites

Spyware doctor with antivirus was the only software that finally cleaned out my XP workstation. Malwarebytes and superantispyware also were useful on my netbook. Haven't had any problems once I upgraded to Win 7. It appears to have much better defenses against malware, adware, Trojans and viruses than XP.

Link to comment
Share on other sites

When you restart the computer, does the malware boot up right away? If not, restart your computer, and before the malware boots up, open the task manager quickly, then terminate the program when it appears, so that you can open the programs you need to restore your computer. Then open up the control panel and click system, and do a system restore to a previous malware free state. If you don't have a good restore point, then at least you can download the programs needed without the malware shutting everything down. Hopefully this helps you.

Edit: Postjack, you don't need to go through the hassle of reinstalling your entire computer. A rogue virus is not a huge deal. If you cannot find a good system restore point, then at least open task manager quickly before the virus boots up and after you terminate it you can open up a browser to use software like this: http://www.malwarebytes.org/ to scan and remove the rogue virus from your computer.

Link to comment
Share on other sites

Yep, run Spybot and/or Malwarebytes in safe mode, might as well run an Avira scan as well while you're at it. Keep re-running the scans until they show up as clean. Reboot the system, and re-run the scans again to confirm that they are clean. If you can't keep the crap from re-generating, it's time to reinstall. But at least Win7 reinstalls much faster than XP or Vista, and no service packs to deal with.

Link to comment
Share on other sites

These are great suggestions, but try to do a system restore through the control panel first running windows in normal mode. If you have a clean restore point, its as simple as pressing a button to go back to a virus free state. Opening up task manager quickly before the virus boots was only so that you can terminate it and access the system restore option(since the virus is shutting down your programs automatically), since you need to be running as admin. Good luck.

Link to comment
Share on other sites

thank you all for your help, I really really appreciate it. I really don't get upset over a lot of things, but when my computer starts messing up I get frustrated and upset easily.

First, I have no system restore point. I probably should set that up. :palm:

Second, I was apparently having trouble hitting F8 at the right time to enter the Advanced Boot Screen, so I went with the "shut down as many processes as quickly as possible" method. It worked, so I downloaded Malware Bytes and ran it, it detected and quarantined five items, all of them related to AV Suite. Upon reboot everything appears cool. I am rerunning Malware Bytes and am downloading Spybot as well (I don't know why I didn't have Spybot on this new machine to begin with, I've run it for several years on other machines).

So I'm tentatively saying it looks like everything is cool. No pop-ups, no programs shutting down. Problem solved more easily then I thought it would be.

so thanks again! looking forward to the mac mini refresh. :D

Link to comment
Share on other sites

Ok, well I am pretty sure I have the AV malware on the home pc since somewhere in one of the malware tools I saw a detection note mentioning a "AV." root infection or something. Well initially I tried Spybot and MalwareBytes which seemed to have caught some bits but did not fully clean up the troubling malware. I tried reboot clean, reboot clean three or four times but I am still getting the annoying ie redirects. I then tried Avira and Spyware Doctor which claim that they "found harmful malware" but require me to purchase their products to clean out the malware. I am happy to do this if I am sure they will work, but since the Malwarebytes program does not seem to be able to fully handle this nasty bit of malware I am a little hesitant to purchase. As of last night I am having difficulty doing Google searches, once I initiate the Google search the system momentarily freezes then returns to the Google prompt.

So, am I hosed? Should I purchase one of the programs and risk buying a software package that will solve a problem I don't currently have? Punt? A system reinstall is not an option at this point since I seem to have misplaced the XP, MS Office and driver CDs :palm:

Link to comment
Share on other sites

currently fighting this on a work PC, again no idea where it came from or how it got on there.

the exe file is resident here: -

C:\Documents and Settings\[user]\Local Settings\Application Data\

you will need to open 'my computer' manually type the directory in the top bar, is this program hides itself.

there is a folder with some weird name like VU.......

inside that folder is a file : - fyujedb.exe

alternatively serach for that file name and in advanced setting set it to search hidden folders.

delete the file and folder. restart PC. That will stop it operating enough to allow you to get rid of rest of it.

It also changes all proxy settings in IE and firefox, so you'll need to reset those before getting on the net. Still not fully rid but getting there.

still something running, as it still re-hides the 'local' settings' folder. some sort of macro thing goes on when I do show hidden folders that re-hides them again

Tony

Link to comment
Share on other sites

Found other reference to this malware, that say the folder and exe file are just random.

Manually deleted all references to avsuite from the registry. then did the dreaded system restore. which said it wasn't successful, but seems to have gotten rid of most of the issues. Slow running etc.

Still doing the re-hiding hidden folders though. Can't figure that one out.

one last go with the AVG and spybot, then done.

Tony.

Link to comment
Share on other sites

Well did the safe mode scan with MWB then two reboots with no success. Any other suggestions?

I've purchased spyware doctor and it worked well getting rid of some nasty crap earlier in the year. Malwarebytes could not handle it even in safe mode but Spyware Doctor nuked it completely.

Link to comment
Share on other sites

currently fighting this on a work PC, again no idea where it came from or how it got on there.

the exe file is resident here: -

C:\Documents and Settings\[user]\Local Settings\Application Data\

you will need to open 'my computer' manually type the directory in the top bar, is this program hides itself.

there is a folder with some weird name like VU.......

inside that folder is a file : - fyujedb.exe

alternatively serach for that file name and in advanced setting set it to search hidden folders.

delete the file and folder. restart PC. That will stop it operating enough to allow you to get rid of rest of it.

It also changes all proxy settings in IE and firefox, so you'll need to reset those before getting on the net. Still not fully rid but getting there.

still something running, as it still re-hides the 'local' settings' folder. some sort of macro thing goes on when I do show hidden folders that re-hides them again

Tony

Yep, what I could find was in my user docs/appsettings, with a vu folder. I guess it is spyware doctor and I will keep my fingers crossed. Thanks Tony and Jim. :(

Link to comment
Share on other sites

Would it be possible to put the drive in an external enclosure, attach to a different computer, delete the appropriate executables, and then try cleaning it? Just thinking outside the box, might be useless suggestion. (In my case, I'd just boot to my linux partition, mount the windows partition, and work on it that way.)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.