postjack Posted June 12, 2010 Report Posted June 12, 2010 hey guys- being attacked by a malware program called AV Suite. no idea where it came from. I can't run firefox for more then 10 seconds, can't open my regedit for more then one second, can't open taskmgr at all. I'm think I gotta format. any words of advice? thanks.
agile_one Posted June 12, 2010 Report Posted June 12, 2010 Get a mac? Sorry, Jack, had to say it. I've been there, and it's not fun. Assuming you have decent backup, then, yes, format and reinstall from scratch. Any idea how/where AV Suite came from? What AVP do you use?
postjack Posted June 12, 2010 Author Report Posted June 12, 2010 haha I was just thinking "get a mac mini". I use a free av scanner called Avira. I'm typically pretty savvy about this kind of stuff, but I guess I must have clicked something that let it through. most of my stuff is already backed up, and I still have enough access to grab the few files I need off my main drive. I've been googling for answers on my iPhone, buy they all recommend editing registry, end processes, open task manager etc, all stuff I can't do. I'll probably just format this evening.
morphsci Posted June 12, 2010 Report Posted June 12, 2010 Spyware doctor with antivirus was the only software that finally cleaned out my XP workstation. Malwarebytes and superantispyware also were useful on my netbook. Haven't had any problems once I upgraded to Win 7. It appears to have much better defenses against malware, adware, Trojans and viruses than XP.
postjack Posted June 12, 2010 Author Report Posted June 12, 2010 I'm using windows 7. I might try to get spyware dr on my parents' machine.
morphsci Posted June 12, 2010 Report Posted June 12, 2010 I'm using windows 7. I might try to get spyware dr on my parents' machine. Ooooh. That sounds like it may be pretty nasty then.
Deadneddz Posted June 12, 2010 Report Posted June 12, 2010 When you restart the computer, does the malware boot up right away? If not, restart your computer, and before the malware boots up, open the task manager quickly, then terminate the program when it appears, so that you can open the programs you need to restore your computer. Then open up the control panel and click system, and do a system restore to a previous malware free state. If you don't have a good restore point, then at least you can download the programs needed without the malware shutting everything down. Hopefully this helps you. Edit: Postjack, you don't need to go through the hassle of reinstalling your entire computer. A rogue virus is not a huge deal. If you cannot find a good system restore point, then at least open task manager quickly before the virus boots up and after you terminate it you can open up a browser to use software like this: http://www.malwarebytes.org/ to scan and remove the rogue virus from your computer.
postjack Posted June 12, 2010 Author Report Posted June 12, 2010 thanks! at cracker barrel now, will try later.
tkam Posted June 12, 2010 Report Posted June 12, 2010 instead of trying to stop it before it opens at boot, just boot into safe mode to download the malwarebytes software.
Iron_Dreamer Posted June 12, 2010 Report Posted June 12, 2010 Yep, run Spybot and/or Malwarebytes in safe mode, might as well run an Avira scan as well while you're at it. Keep re-running the scans until they show up as clean. Reboot the system, and re-run the scans again to confirm that they are clean. If you can't keep the crap from re-generating, it's time to reinstall. But at least Win7 reinstalls much faster than XP or Vista, and no service packs to deal with.
Deadneddz Posted June 12, 2010 Report Posted June 12, 2010 These are great suggestions, but try to do a system restore through the control panel first running windows in normal mode. If you have a clean restore point, its as simple as pressing a button to go back to a virus free state. Opening up task manager quickly before the virus boots was only so that you can terminate it and access the system restore option(since the virus is shutting down your programs automatically), since you need to be running as admin. Good luck.
postjack Posted June 12, 2010 Author Report Posted June 12, 2010 thank you all for your help, I really really appreciate it. I really don't get upset over a lot of things, but when my computer starts messing up I get frustrated and upset easily. First, I have no system restore point. I probably should set that up. Second, I was apparently having trouble hitting F8 at the right time to enter the Advanced Boot Screen, so I went with the "shut down as many processes as quickly as possible" method. It worked, so I downloaded Malware Bytes and ran it, it detected and quarantined five items, all of them related to AV Suite. Upon reboot everything appears cool. I am rerunning Malware Bytes and am downloading Spybot as well (I don't know why I didn't have Spybot on this new machine to begin with, I've run it for several years on other machines). So I'm tentatively saying it looks like everything is cool. No pop-ups, no programs shutting down. Problem solved more easily then I thought it would be. so thanks again! looking forward to the mac mini refresh.
Beefy Posted June 12, 2010 Report Posted June 12, 2010 Doesn't really help your existing problem..... but a virus scanner is something that I no longer rely on free versions for. Kaspersky Internet Security has served me and family/friend computers I oversee very well for the past few years.
Nebby Posted June 12, 2010 Report Posted June 12, 2010 Microsoft Security Essentials is quite decent for the price of free Glad you got it all fixed with a minimum of hassle, postjack.
Deadneddz Posted June 12, 2010 Report Posted June 12, 2010 ^this is win. So I'm tentatively saying it looks like everything is cool. No pop-ups, no programs shutting down. Problem solved more easily then I thought it would be. Yay!
Augsburger Posted June 17, 2010 Report Posted June 17, 2010 Ok, well I am pretty sure I have the AV malware on the home pc since somewhere in one of the malware tools I saw a detection note mentioning a "AV." root infection or something. Well initially I tried Spybot and MalwareBytes which seemed to have caught some bits but did not fully clean up the troubling malware. I tried reboot clean, reboot clean three or four times but I am still getting the annoying ie redirects. I then tried Avira and Spyware Doctor which claim that they "found harmful malware" but require me to purchase their products to clean out the malware. I am happy to do this if I am sure they will work, but since the Malwarebytes program does not seem to be able to fully handle this nasty bit of malware I am a little hesitant to purchase. As of last night I am having difficulty doing Google searches, once I initiate the Google search the system momentarily freezes then returns to the Google prompt. So, am I hosed? Should I purchase one of the programs and risk buying a software package that will solve a problem I don't currently have? Punt? A system reinstall is not an option at this point since I seem to have misplaced the XP, MS Office and driver CDs
tkam Posted June 17, 2010 Report Posted June 17, 2010 have you tried running malwarebytes in safe mode yet?
Augsburger Posted June 17, 2010 Report Posted June 17, 2010 Great suggestions, I had already turned off the proxy server but will try running MWB in safe mode later today, thanks!
Augsburger Posted June 18, 2010 Report Posted June 18, 2010 Well did the safe mode scan with MWB then two reboots with no success. Any other suggestions?
TonyDudley Posted June 18, 2010 Report Posted June 18, 2010 currently fighting this on a work PC, again no idea where it came from or how it got on there. the exe file is resident here: - C:\Documents and Settings\[user]\Local Settings\Application Data\ you will need to open 'my computer' manually type the directory in the top bar, is this program hides itself. there is a folder with some weird name like VU....... inside that folder is a file : - fyujedb.exe alternatively serach for that file name and in advanced setting set it to search hidden folders. delete the file and folder. restart PC. That will stop it operating enough to allow you to get rid of rest of it. It also changes all proxy settings in IE and firefox, so you'll need to reset those before getting on the net. Still not fully rid but getting there. still something running, as it still re-hides the 'local' settings' folder. some sort of macro thing goes on when I do show hidden folders that re-hides them again Tony
TonyDudley Posted June 18, 2010 Report Posted June 18, 2010 Found other reference to this malware, that say the folder and exe file are just random. Manually deleted all references to avsuite from the registry. then did the dreaded system restore. which said it wasn't successful, but seems to have gotten rid of most of the issues. Slow running etc. Still doing the re-hiding hidden folders though. Can't figure that one out. one last go with the AVG and spybot, then done. Tony.
morphsci Posted June 18, 2010 Report Posted June 18, 2010 Well did the safe mode scan with MWB then two reboots with no success. Any other suggestions? I've purchased spyware doctor and it worked well getting rid of some nasty crap earlier in the year. Malwarebytes could not handle it even in safe mode but Spyware Doctor nuked it completely.
Augsburger Posted June 18, 2010 Report Posted June 18, 2010 currently fighting this on a work PC, again no idea where it came from or how it got on there. the exe file is resident here: - C:\Documents and Settings\[user]\Local Settings\Application Data\ you will need to open 'my computer' manually type the directory in the top bar, is this program hides itself. there is a folder with some weird name like VU....... inside that folder is a file : - fyujedb.exe alternatively serach for that file name and in advanced setting set it to search hidden folders. delete the file and folder. restart PC. That will stop it operating enough to allow you to get rid of rest of it. It also changes all proxy settings in IE and firefox, so you'll need to reset those before getting on the net. Still not fully rid but getting there. still something running, as it still re-hides the 'local' settings' folder. some sort of macro thing goes on when I do show hidden folders that re-hides them again Tony Yep, what I could find was in my user docs/appsettings, with a vu folder. I guess it is spyware doctor and I will keep my fingers crossed. Thanks Tony and Jim.
Dusty Chalk Posted June 18, 2010 Report Posted June 18, 2010 Would it be possible to put the drive in an external enclosure, attach to a different computer, delete the appropriate executables, and then try cleaning it? Just thinking outside the box, might be useless suggestion. (In my case, I'd just boot to my linux partition, mount the windows partition, and work on it that way.)
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now