Results 1 to 8 of 8

Thread: Windows antivirus 2008

  1. #1
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683

    Windows antivirus 2008

    This spyware is the most irratating thing I have ever seen. It disables your AV and takes over your PC.

    I couldnt do anything.

    Well I just ran the smithfraud fix in safe mode and booted back into normal mode. However the PC keeps restarting on login. It allows guest login though.

    Most irratating - what else can I do?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Check for these reg keys:

    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"Antivirus" = "%ProgramFiles%\Antivirus 2008\Antvrs.exe"
    • HKEY_CURRENT_USER\Software\Antivirus
    • HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus
    If they are there, delete them.

    Cheers:
    DjM

  3. #3
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Yeah checked for those, didnt find anything.

    Well took out the HDD, plugged it into my pc, ran a scan. I will attach the findings. Rename to txt.

    However the PC restarts automatically apon login in normal mode. XP home.

    No chance to do a shutdown -a. I dont get a message or anything.

    I chenged some restarting options in safe mode so I check the blue screen. Yip get one straight after I log in. Raving about a device driver.

    I found the WAV2008 under one of the users there when logging into her profile. However it rebooted before i could delete it. I will go into safe mode and navigate to to her profile and delete the folder.

    Any other suggestions?
    Last edited by Cider; August 7th, 2008 at 09:49 AM.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  4. #4
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Ok little update -

    Getting a BSOD now.

    Blue screen "A driver has overrun a stack-based buffer"

    This refers to a virus though. What else can I do? I cant log into normal mode only under safe mode? In normal mode it will log in and 5 mins later it will BSOD.
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  5. #5
    Senior Member C:\Saw's Avatar
    Join Date
    Jan 2008
    Posts
    125
    Do you have any linux or bsd live cds around? Try booting up a live cd and access your windows files from there without having to worry about your computer restarting. You can also access the internet and use a malware-scan from the live cd. Live cd's are very useful things to have around.

    http://www.mandriva.com/
    http://www.knoppix.org/

    http://www.puppylinux.org/

    I recommend puppy linux for this, bc it is only ~80 mb download and full-featured, and it is very fast
    Last edited by C:\Saw; June 20th, 2008 at 08:05 AM.
    "...to give correctly is to give them what they need from us, for it would not be skillful to bring gifts to anyone that are in no way needed."
    --Socrates

    *Einstein Would Be Proud*

  6. #6
    Only african to own a PC! Cider's Avatar
    Join Date
    Jun 2003
    Location
    Israel
    Posts
    1,683
    Hi there C:\Saw

    Can you explain to me how these Cd's would work? Would I boot from it, get into the puppydog OS and then run an online scanner or how does it work?
    The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
    Albert Einstein

  7. #7
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    Well, I don't know what C:\Saw is talking about: don't know what online scanners work under linux.

    I usually use linux to access the drive to remove files/folders or edit them when windows tells me I can't.

    If you can log in in safe mode then why not run Ad-Aware and AVG in safe mode?

    ( if you don't have them, start safe-mode with networking and get them )

    Have a friend who just had Windows Antivirus 2008 and Antispywarecheck ( both apparently loaded by Zlob ) amongst other things, and was restricted from booting into safe mode. Ad-Aware and AVG in safe-mode got rid of most and now he is in normal mode running an on-line scanner
    ( http://housecall.trendmicro.com )

    Getting back to booting a CD:
    You can use a bootable linux to modify the boot.ini file to boot into safe mode.
    Assuming this is XP, The last lines of the file should look something like this:
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn


    add to the end of the last line so it looks like:
    [operating systems]
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn /safeboot:minimal

    ( or /safeboot:network for networking enabled )

    Just remember to change it back or you will never boot to normal mode again!

    ( he was also locked out of C:\Windows\pchealth\helpctr\binaries\msconfig.exe
    you can use that to start or stop safe mode boot, edit the boot.ini file, etc. You must be an administrator to use that tool. )

    One might also consider downloading SP3 and manually reinstalling it if the computer was really FUBARed.

    Hope this helps.
    Last edited by IKnowNot; June 20th, 2008 at 05:18 PM.
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  8. #8

    Live CD

    Knoppix and other linux live CDS are great, but you can also use a windows live CD with BartPE - http://www.nu2.nu/pebuilder/

    You can find plenty of plugins for BartPE, including antivirus and spyware programs you can run directly from the windows live cd. If that fails, you can always recover your files with the liveCD and start from scratch.

    Plugins:
    http://www.smithii.com/files/plugins/
    http://www.paraglidernc.com/plugins/plugins.htm

    There should be adaware and an av on those...

Similar Threads

  1. August security hotfixes
    By mohaughn in forum Microsoft Security Discussions
    Replies: 1
    Last Post: August 9th, 2005, 07:37 PM
  2. Replies: 6
    Last Post: October 5th, 2004, 08:26 AM
  3. Learning to program from a security point of view
    By hellforgedangel in forum Newbie Security Questions
    Replies: 13
    Last Post: April 29th, 2004, 10:58 PM
  4. Windows Tweaks II
    By DeadAddict in forum Other Tutorials Forum
    Replies: 3
    Last Post: November 18th, 2003, 01:20 PM
  5. OS History and other info.
    By Remote_Access_ in forum Security Archives
    Replies: 9
    Last Post: January 12th, 2002, 03:02 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •