Windows antivirus 2008
This spyware is the most irratating thing I have ever seen. It disables your AV and takes over your PC.
I couldnt do anything.
Well I just ran the smithfraud fix in safe mode and booted back into normal mode. However the PC keeps restarting on login. It allows guest login though.
Most irratating - what else can I do?
Check for these reg keys:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Antivirus" = "%ProgramFiles%\Antivirus 2008\Antvrs.exe"
If they are there, delete them.
Yeah checked for those, didnt find anything.
Well took out the HDD, plugged it into my pc, ran a scan. I will attach the findings. Rename to txt.
However the PC restarts automatically apon login in normal mode. XP home.
No chance to do a shutdown -a. I dont get a message or anything.
I chenged some restarting options in safe mode so I check the blue screen. Yip get one straight after I log in. Raving about a device driver.
I found the WAV2008 under one of the users there when logging into her profile. However it rebooted before i could delete it. I will go into safe mode and navigate to to her profile and delete the folder.
Any other suggestions?
Ok little update -
Getting a BSOD now.
Blue screen "A driver has overrun a stack-based buffer"
This refers to a virus though. What else can I do? I cant log into normal mode only under safe mode? In normal mode it will log in and 5 mins later it will BSOD.
Do you have any linux or bsd live cds around? Try booting up a live cd and access your windows files from there without having to worry about your computer restarting. You can also access the internet and use a malware-scan from the live cd. Live cd's are very useful things to have around.
I recommend puppy linux for this, bc it is only ~80 mb download and full-featured, and it is very fast
Hi there C:\Saw
Can you explain to me how these Cd's would work? Would I boot from it, get into the puppydog OS and then run an online scanner or how does it work?
Well, I don't know what C:\Saw is talking about: don't know what online scanners work under linux.
I usually use linux to access the drive to remove files/folders or edit them when windows tells me I can't.
If you can log in in safe mode then why not run Ad-Aware and AVG in safe mode?
( if you don't have them, start safe-mode with networking and get them )
Have a friend who just had Windows Antivirus 2008 and Antispywarecheck ( both apparently loaded by Zlob ) amongst other things, and was restricted from booting into safe mode. Ad-Aware and AVG in safe-mode got rid of most and now he is in normal mode running an on-line scanner
( http://housecall.trendmicro.com )
Getting back to booting a CD:
You can use a bootable linux to modify the boot.ini file to boot into safe mode.
Assuming this is XP, The last lines of the file should look something like this:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
add to the end of the last line so it looks like:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /safeboot:minimal
( or /safeboot:network for networking enabled )
Just remember to change it back or you will never boot to normal mode again!
( he was also locked out of C:\Windows\pchealth\helpctr\binaries\msconfig.exe
you can use that to start or stop safe mode boot, edit the boot.ini file, etc. You must be an administrator to use that tool. )
One might also consider downloading SP3 and manually reinstalling it if the computer was really FUBARed.
Hope this helps.
Knoppix and other linux live CDS are great, but you can also use a windows live CD with BartPE - http://www.nu2.nu/pebuilder/
You can find plenty of plugins for BartPE, including antivirus and spyware programs you can run directly from the windows live cd. If that fails, you can always recover your files with the liveCD and start from scratch.
There should be adaware and an av on those...