How to remove Antivirus Soft?

I’ve tried Spyware Doctor with the latest upgrades and it did not remove Antivirus Soft. I’ve also tried Windows Defender, after a 3 hour scan it did not recognise the rogue Antivirus Soft, neither did Malwarebytes and neither did my installed and automatically updated Avast! software. I’m at a loss as to how to get rid of this obnoxious software – can anyone else offer help?

Howard: do a full scan. By default these tools are set to do a quick scan, not full. Also, update it before scanning and try scanning in safe mode.
There is a small chance that there is a new version of antivirus soft in the wild that is not (yet) recognized

I just removed Antivirus soft manually, because neither the Malwarebytes program nor spyware doctor found the infected files. I’m pretty sure this is a new version, as only last week I had to remove this program 3 times in our college helpdesk.

You would do a huge favour by sending the samples to PC Tools , Aaron. As long as you did a full scan

I have downloaded several anti spyware programmes now, they seem to download and install fine, however when i got to open them (with the pc in safe mode with browsing) they fail to open. i will double click and nothing happens i have waited for 15 mins with no result, these annoying pop-ups are really slowing my work down and i have a deadline looming. Any suggestions? Thanks

David: Check the registry if there is something fishy related to launching .exe files.
Alternatively, go to directory you have installed Spyware doctor, make sure you see file extensions. Make a copy of spyware doctor executable, Then rename it to smth.pif. Launch it, update, do a full scan.

I too have a problem with this spy-ware as well. I did a complete format and reinstalled everything form disks and reinstalled software saves on a PC that is not infected. The only thing I brought over was a back up of my documents folder, and a html back up of my bookmarks. Now I have it back on that computer and I do not have anything different on it then this one that I am using now with the exception of anti-virus software. I have been using AVG and SpyBot on the infected PC and just McAfee on this one that is not infected.

As for what I do different on that computer the only thing is I play Oblivion. That is its main function however, I still do the same email and my space and face book stuff and lots of research as well.

Can this software hide in the documents folder or in a link some how?

David A: in document folder itself – rarely. In some cases similar viruses hide in Users application information folder. ( AppData), which is one level above the document folder. So you should be safe (if there are no executable downloads in your documents).
On itself, AVG Free has no rootkit protection. So some parasites manage to infect machines running AVG free. Spybot was quite good product (for a free one), but I am quite disappointed with its update frequency on 0 day infections last time I checked. I would recommend AVAST free or NOD32 (running it myself). Also, Spyware Doctor Not so happy with Macafee too – it made my new laptop really sluggish.

I have windows xp professional and just recently got this antivirus soft virus. I followed instructions off of another website first (bleedingcomputer) and downloaded the Malwarebytes version they had posted. It seemed like the program had deleted the virus, but after I restarted the computer in regular mode, the computer froze, like everything loaded and I was ready to start an application, but as soon I clicked somewhere, nothing would respond. I already have McAfee on my computer, but the weird thing is when I restarted the computer, it gave a message that “not all components were properly started or installed.” This has gone on over many restarts. I looked back at the files that Malwarebytes deleted, and they do not really correspond with the ones listed above. I went ahead and looked through the registry myself and found that most of them (not all of them) were still there, so I deleted them as well as the corresponding documents in the Application Data folder. But still the same thing has happened, even though it seems like the virus is gone. I’m wondering if I should ask Malwarebytes to restore whatever files there were that don’t match up to ones listed above, or will that just start the whole process over again? My computer can only run in safe mode right now, as in regular mode, everything freezes, even the task manager. Is there anything I can do or is my PC fried?

I got rid of antivirus soft by doing system restore to day before.Perfect.

hello there, i was wondering if anyone could possibly tell me how to remove the antivirus soft, it is really messing up my laptop and i do not know how to take it off. please help.

thank you

alieah

I am having a lot of trouble with this malware. I have Malwarebytes and a couple of others (Stopzilla, Avast) But AntivrusSoft isn’t allowing any programs of any kind to be opened and i can’t access the registry to attempt to manually uninstall it. Any suggestions?

Well i restarted my computer and it seems to have done the trick, unless AntivirusSoft is being extra tricky and completely hiding out of sight, no popups or security alerts.

I started getting the Antivirus Soft popups/notifications starting around mid-day yesterday, 02/17/10. After realizing that the warnings were likely a fake (due to the broken English/poor wording on some of them – made me very suspicious), I searched for a fix and downloaded the rkill and Malwarebytes anti-malware links bleepingcomputer – did a full system scan with Malwarebytes, but nothing was detected, so on the suggestion of “sid” above, I did a system restore this morning (02/18/10) back to the date of 02/12/10 (I had one from 02/15/10, but decided on the earlier date, just to be extra safe) and haven’t had any problems as of yet. For those unfamiliar with how to do a system restore (I didn’t know either until I looked for it), here’s how to get there in Vista: Open Control Panel -> Administrative Tools -> System Configuration -> Tools tab -> System Restore (the 4th option on the list). Hope this helps other users out there. I consider myself a relatively savvy PC user, but I’m astonished at how aggressive this program was. I was suspicious about the notifications because I am very careful about not downloading from sources I do not trust, but somehow this one can be transmitted through PDFs, and I do download PDF documents all the time. Lame! One more reason to use a Mac!

I had a similar experience to Aaron Ender in that spyware doctor didn’t find antivirus soft.

I followed your directions in safe mode. I noticed a couple of differences.

The proxyOverride registry was not “”, it was “”.
The final registry directory was not “avscan”, it was “avsoft”.
There was no sysguard.exe, only sftav.exe

Hello,

Tonight I was browsing at work and this dreaded AntiVirus Soft program attacked the work computer. I tried to get online to find a good spyware/adware remover, but the AV Soft wouldn’t let me go to any other website, so I’d have to take care of it offline. it won’t let me open up any .exe programs either, saying that they’re infected and I have the option of either buying the “full” version of AVS or dismissing the warning. I haven’t tried the manual removal instructions yet but I will try it tomorrow when I go back to work. I know where to find all of the listed registries and files, but should I risk it or just call a technician in?

the only thing i have figured out to do is close antivirus soft before it starts by opening task manager as soon as my desktop comes up. I use Avast Free and spybot got some stuff but didnt do the trick.

update: the process that i deleted is named as hkwmsftav.exe

also in regedit the entries i have found are

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run (xlmnpuow)

I am unsure of these two though , do i delete them or?
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run (igfxhkcmd)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run (igfxpers)

update: i deleted the entries listed above and antvirus soft did not pop up however the above files that are supposed to exist in the application data do not exist or i am seeing something wrong , there are files there but they dont seem to be connected due to dates of creation and description

another update: what is supposed to be found in the application data folder is a folder not individual files what i found was a name folder (accooorrre) or something like that, deleted it and all other necessary things (registry) thanks for the help

SOLUTION:
1. Start in Networking safe mode
2. Download CCleaner(http://www.ccleaner.com/) – save to desktop
3. Open CCleaner Go to: Tools-Startup then look for suspicious program names such as hgdksl or fhdjxk. REMOVE these programs.
4. Exit ccleaner after removing anything suspicious.
5. Restart your computer like normal (Don’t let it load in safe mode)
6. You should now be able to open everything like normal.
7. run an Anti-Malware program such as MBAM(Malware Bytes Anti Malware)
8. Remove anything left infected and restart if prompted
9. ????
10. Profit

Hope this helps anyone that needs it. CCleaner is an awesome program.

I have Anitvirus Soft on my computer, but it won’t let me open anything. I don’t know how to fix it if everytime I open it the Antivirus soft says it’s infected and then closes it automatically. Help, please?

okk so im guessing bleeper isnt a good reference..umm can anybody help me? but im glad to know that i dont have any real threats on my computer..ill try doing what sid said but what if that doesnt work? then what would i do?

Just got hit today with this, after trying to purchase a replacement TV Remote control online. Ick. This program is nasty – it reconfigured my McAfee: it turned off Firewall, Virus Checking.

Thank for the advice! I’ve got a project obn my hands…

Hi,
TOday I got this virus known as “Antivirus Soft”.Its not letting me open any .exe in my system.I have Microsoft forefront installed and scanning now….can anyone help me here please..how to remove this????

The solution i s actually really simple, once you identify you have the malware infection, turn off your computer and restart in safe mode.
Once in safe mode, do a system restore (directions above from sarah) and the infection will be gone.
I have windows vista basic.

I have been infected with antivirus live and I am not able to use my computer at all!

How can I install these removal programs if it will not allow me to use it?

@Aaron Ender
how did you remove it, i have tried malware and a couple others

One of my co-workers had this on her computer today. I had successfully removed it from her system by running “Super AntiSpyware” on her computer… ran it both in Safe Mode and regular mode.

The trick with this is when you reboot the computer… as the computer opens up and starts its processes, double click on Super AntiSpyware program before the processes of Antivirus Soft processes start to run. It is imperative to quickly get that program (Super AntiSpyware) on your desktop so you can run the scan. Once Super AntiSpyware program opens before the malware processes begins again, you can do the scan and allow it to delete what it finds. Just ignore the pop ups from this malware… if you have to, move the super antispyware program box over to the side so you can still see the scan and to be able to tell it to delete what it finds.

In addition to running the Super AntiSpyware software in both Safe Mode and Regular Mode, you have to, unfortunately, also delete the registry entries manually…. just as it tells you all the way on top of this site… which are as follows:

To Stop the Antivirus Soft Processes:
[random characters]sysguard.exe
[random characters]sftav.exe

To Remove the Antivirus Soft Registry Entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[random charaters]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[random characters]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments “SaveZoneInformation” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyServer” = “http=127.0.0.1:5555″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations “LowRiskFileTypes” = “.exe”
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download “RunInvalidSignatures” = “1″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings “ProxyOverride” = “”
HKEY_CURRENT_USER\Software\AvScan

To Remove the Antivirus Soft Files:

Windows XP:
%UserProfile%\Local Settings\Application Data\[random characters]\
%UserProfile%\Local Settings\Application Data\[random characters]\[random characters]sysguard.exe
%UserProfile%\Local Settings\Application Data\[random characters]\[random characters]sftav.exe

Windows 7:
%UserProfile%\AppData\Local\[random characters]\
%UserProfile%\AppData\Local\[random characters]\[random characters]sysguard.exe
%UserProfile%\AppData\Local\[random characters]\[random characters]sftav.exe

********************************
You also have to go into Control Panel>Add or Remove Programs and uninstall some other spyware software that will still be embedded on your system…. such as “avstracking.exe”… which is what I had found on her computer after doing everything I mentioned above.
********************
Once I did everything above, I restarted her machine in regular mode and found no instance of this malware.

Hope this helps all of you.

I was infected with Antivirus Soft and I can’t do anything at all.
I have tried to restart it in Safe mode. Couldn’t do it either.
The same story as I had before – can’t do anything. When I do any action a box popping up ” Application cannot be executed…………….’

restart your computer, tap f8 before windows starts up, then start your computer in “safe mode with networking”. download malwarebytes (it found mine), run the scan, remove what it fonds and restart

@sarah

Did your system restore actually REMOVE this annoying program? Or did it just supress it? My dad’s business computer just got hit with it today due to some careless browsing and downloading on his part and I’ve been working for almost 2 hours trying to get rid of the stupid thing. MalwareBytes didn’t detect it the first scan I did, so I updated it and am now scanning again. Hopefully this works. But did the system scan REMOVE Antivirus Soft?

UPDATE: I finally got it removed after 2 hours of work. I found out that when I had originally downloaded MalwareBytes, the update had failed. So essentially, I performed the first scan with the out dated version of MalwareBytes. When it hadn’t found anything, I clicked the “Updates” tab and clicked the “Check For Updates” button. It installed the updated version of MalwareBytes which ultimately detected and REMOVED Antivirus Soft. Thank God! Hopefully this helps. To everyone who looks at this comment, here are the steps you need to follow:

-Restart your computer. When it gets to the reboot screen repeatedly press the F8 key until you get a prompt asking you how you’d like to start windows. Start Windows in SAFE MODE WITH NETWORKING.

-If it asks if you’d like to continue in Safe Mode, select “YES”.

-If using Internet Explorer, open it. Click on the “Tools” menu on the menu bar. Select “Internet Options”. Select “Connections”. Click the button “LAN Settings”. On the bottom half of the box UNCHECK the box next to “Use a proxy server for your LAN”. (If this is checked, it will prevent you from accessing any websites).

-Download the MalwareBytes software. Make SURE that your software updates upon installation. If you get an error saying “Update Failed” with a message, simply try to update it again by clicking on the “Updates” tap and clicking the “Check For Updates” button. (I don’t believe Antivirus Soft can be detected by the old version of MalwareBytes. An update is absolutely necessary).

-Make sure you perform a FULL system scan. “Perform quick scan” is the default box checked. This will most likely not detect Antivirus Soft if performed. Perform the Full Scan. This will take a long time to perform (depending on how many files are on the computer). Once it’s finished, it should have things detected which have things such as “Trojan.fake” and variations, etc. in the name. A big thing to look for is the “HKEY_” in the file. Remove these files and restart your computer.

-By this time, you should be able to log in using normal Windows and Antivirus Soft should be removed.

Hope this helps!
Good luck to all!

I just got this too. Appears to have been in a PDF. Exteemely aggressive pop ups and then of course it blocks the web browser and forces evetything thru its own proxy server. Impossible to bypass without entering safemode. So far Malware is finding nothing. I found a gibberish entry it put in the registry. It also poped up a porn site and a viagra site. This is an extremely nasty virus and these clowns are obviously traceable …. makes you wonder how they get away with it. Can trace them via their own proxy servers and the cra they advertise. They take credit cards – where are the so called law enforcement?

Update: I removed one registry entry manually and running malwarebytes in safemode appears to have worked. However running it again show traces still exist and its trying to make a comeback.

Yes… When your computer starts up, be sure to get right into the START>RUN>REGEDIT…. OR your Anti Spyware program, etc. The trick is to begin getting into these immediately as soon as your desktop displays on your screen. It takes about a minute or less for this annoying thing’s processes to start running on your computer.

So, the trick is to be quick with it. I recommend that when you boot in Safe Mode, and the screen opens up (unfortunately, this thing will still start to run), go into your web browser quick and download whatever file you need (to download an antispyware program, etc. if you don’t already have it). If you start your web browser before the processes start running, you’re in the clear. You just have to ignore the boxes that come up from this thing once it starts running. Don’t click on anything really… just make like it isn’t there and get straight away to doing what you need to do.

You will see that any of these anti-spyware programs won’t get rid of all of it, but they will get rid of a good amount. Once the anti-spyware program completes and you get rid of all the crap it found, reboot… once your desktop displays on the screen, IMMEDIATELY go to START>RUN>REGEDIT to delete the above-mentioned registry entries. You will find that as you start deleting stuff, it will slow down the processes and eventually this thing stops because there’s nothing left of it to run.

REBOOT again and it shouldn’t really be there at all. But, when you reboot, go to CONTROL PANEL>ADD OR REMOVE PROGRAMS. Check the software you have listed and make sure you remove any and all weird software mentioned on the list. In my case, I found something called “avstracking”.

I was able to remove antivirus soft program but I am not able to connect to the internet. Can anyone help

I have found Malwarebytes to be an effective way to get rid of Antivirus Soft IF you get the program up and running before the rogue takes root. I was able to get the Malwarebytes up and running and DID A FULL scan. It took over 2hr 30 min to complete and found 4 Trojans. It was able to get rid of them and so far there has been no repeats.

Something that I noted is that when Antivirus Soft was infecting my PC…It would try to load up porn sites using Internet Explorer. Has anyone else experienced this when their machines where affected?

I’ve had this virus for weeks and it even caused my Windows XP SP3 to get multiple blue screens stating memory/cache/bios overload or something like that. Some processes were hogging all my. I wasn’t able to update MalwareBytes, SpyBot, etc, even in safe mode with networking. I finally found this thread and read all the comments. I did a manual removal (found most registry entries but not all of them as listed), also it was avsoft on my machine. After manual regedit in safe mode, finally got MalwareBytes to update, also updated SUPERAntiSpyware and SpyBot. Running htem all now and still finding stuff. This virus must be a new version. I found some processes running that had zero Google results, one was pplosftav.exe

James : Antivirus Soft uses random file names, like antivirus live did. I would guess process names end in sftav.exe now typically, though there might be other version still active. Thus scanners that are based on file name recognition does not work that well against latest parasites and humans can detect malicious processes. Full scans (which check files against database) should find these infections in most of the cases. I would recommend scanning with Spyware Doctor as well – it has better database than Spybot for example.

I just found out i got this virus from the massive pop ups and it wont let me do anything! it wont let me even do a system restore, i have a windows vista. and i went into safe mode with networking and it wont connect to the internet…any sujections now?

oh yes, and on my normal networking without safe mode it wont let me get onto the internet to download anything to get rid of the program.

Someone above mentioned it already, but I’ll say it again since it worked VERY well for me. Go into safe mode with networking to connect to internet via LAN (wireless does NOT work). Download CCleaner, go into “Tools” and then “Startup.” Look for a bizarre named file like “hdjkpp” and “Disable” it. Restart in normal mode and if you can access files normally, you’re half way there. Point here is to kill the startup process that prevents you from accessing anything else. Once that’s taken care of, you’re free to hunt down the contaminated files at leisure though you should do everything before rebooting.

Now download Malwarebytes Anti-Malware and/or Super Antispyware or w/e. Update to latest version either automatically or manually.
I had to do the latter. Run and clean and you should be good to go.

@Eric
You probably have AntiVirus Soft processes still running in the background.

Do another search through RegEdit and delete weird looking entries. These entries look like something like this: aefsdfsdflj or similar

After removing all those entries, reboot…. your internet connection should be fine. If not, then you should go back into RegEdit and skim through to see what you may have missed.

@A. Sanchez
Yes. It did that in all of the infected computers I fixed.

Wow… I have been battling this for 4 days now.
I have used Malwarebytes, Avast!, and Rkill. I noticed I show no signs of any pop-ups anymore, but like Joe #9 above, my computer is CREEPING…

I just tried to do a system restore, and for some odd reason, I cannot open system restore. This is a bugger!

I am starting to lose hope! (I will try Spyware Doctor next)
stay tuned…

If your system allows a “System Restore” feature to return your computer to an earlier operating state, then this is an easy fix. This worked for me. Just choose an earlier date than the date you got this annoying virus and follow the instructions and you’re done. You may have to select this feature from safe mode because in regular mode this virus won’t let you get there. But in safe mode you can do a system restore. To get to safe mode keep tapping F8 as your computer is starting up. Click the Start button then All Programs, then Accessories, then System Tools, then System Restore then Restore my computer to an earlier time and click Next … typically the restore dates are in bold on the calendar that pops up, so choose one and click next. The Restoration Complete screen appears after System Restore finishes collecting data and then the computer restarts, click OK and you are GOOD!!! To whoever came up with this virus, may I say to you — you are scum!

I too, did a system restore to the day before and everything is running perfect.
Tap f8 while you’re rebooting, restart in Safe Mode and When prompted to do a System Restore or not click “Yes” and restore to the day before. Done.

just performed restore and so far so good…thanks!

Got this cute little F@cker while watching tv online, saw an old version of acrobat open up and knew what was going to happen. Havent dared manually remove it yet, hopefully an automated one will get it. Its quite annoying, it even had the guts to tell me solitare was infected!

* to the people that cant connect to the internet – i read somewhere that it changes you to a proxy server and you have to manually turn that off and then you should be good to go.

Thanks to everyone who mentioned the system restore option. It was the only thing that worked and it saved me a huge headache.

If these scam artists are ever caught, we should be allowed to each give them one punch in the teeth for wasting our time.

Do I need to go back and change the LAN setting after completion?

And my thanks to everyone; I successfully used the system restore option. This site was a HUGE help and headache saver. I was searching for something this morning and remember clicking on a .pdf file; wonder if that was the source of the Antivirus Soft? After restoring the system, I updated and re-ran Spybot; nothing found; Downloaded and ran Malwarebytes; that found 1 item on my c:drive and 5 items on my back-up hard drive! Note, I ran the full scan (5+hours). I also downloaded, installed and ran the CCleaner tool. Not sure of any bad files found, but it did clean 2.5 Gigs of files off my system. Good luck to all who are unfortunate enough to find this Antivirus Soft malware.

PSL : No. These lan settings were created by antivirus soft and are malicious.

Chris: Yes, PDF files can spread the infections if you have unpatched Adobe reader and/or no real time protection from viruses AND malware. I would recommend downloading latest adobe reader from adobe and getting some antivirus (AVAST, ESET, etc) and antimalware (Spyware doctor or superantispyware, malwarebytes) with real-time protection.

Here goes! Thanks all 4 info! Gonna start with the system restore!

i am trying the safe restore in XP on my netbook. it keeps telling me that i cant not run restore in safe maode and that i have to go to normal and run it. do you think the little B@$%tards that made this evil thing are catching on to this fix?

Sid, Sarah, Garrett….Just got this nasty thing this am…..almost called Norton and almost paid $99 to have them remove this….your advice…worked!!! Thanks for the help

I did all you said but now it keeps shutting down with a blue screen that says “a kernel thread terminated while holding a mutex”. Any ideas??? Thank you so much for your time

i got lucky and had just bought a new laptop and moved my music and pics onto it. i did a full destructive restore on my computer. it fixed it. destructive restore should be a last resort. it will completely restore your system to factory settings. everything is erased, and you start out with exactly what was on the computer when they rolled it outta the factory. it is in the advanced options of system restore after pressing F10 during startup.

PSL : it is likely that you got a rootkit in your system (old version) that got only partly removed. You might need to reinstall PC if you can’t boot. If you can boot, do a scans with spyware doctor and see if everything got removed manually.

I got the virus, and performed a system restore for a month earlier (I wanted to make sure I was safe – I get kind of nervous about these things). Seems to have fixed the problem. I had to do the system restore in safe mode with networking, because the Antivirus Soft wouldn’t let me get into any of my add/remove programs or even do a system restore while in normal mode.

I did the system restore, I went back about two weeks. The trick at least with mine, was to get the restore screen open before all the pop-ups.
I would like to beat the crap out the buttlick that made this!

I couldn’t turn on system restore in the safe mode. It says: “system restore has been turned off and cannot be turned on in safe mode. To turn on system restore, restart in normal mode and then run system restore again”. But in normal mode, the “antivirus soft” will not allow to run system restore. How can I do? please somebody help me.

i used Nates method…Ccleaner worked perfectly…i simply booted windows in safe mode with networking, downloaded ccleaner, once in ccleaner i clicked tools on the left hand side and then clicked startup, it will then give you a list of your starting processes, i wasnt sure what .exe were the virus so at first i disabled until i located which one…it will most likely be something like xidexe or hgdksl…once you have figured out which one it is you can delete it through ccleaner and then you will be good 2 go

I’ve been up the whole night trying to get this thing off my computer. I first tried to find it and disable it. Didn’t work, then I jumped on another computer to try and find some answer. I’m so upset at how aggressive this thing is, I wasn’t even on any website I’d never been on before. Facebook for crying out loud! Have just done a restore and it still hasn’t worked. I think I may have to bite the bullet and call a professional.

Hi – like the others, I’ve got it … nasty bug…

Yesterday I was able to remove it manually – I thought. Today PC booted ok and after a hour or so started acting funny and I lost internet access. Symantec anti virus reported stopping the virus (along with two other files, probably related). Everything seems back to normal, malwarebytes and symantec report nothing. BUT I still have no internet access. Even a quick manual search turned up nothing suspecious. Other PC’s on home net work fine. I tried installing a fresh copy of FireFox, no go …. any ideas on where to look for the problem ?

Hi – like the others, I’ve got it … nasty bug…

Yesterday I was able to remove it manually – I thought. Today PC booted ok and after a hour or so started acting funny and I lost internet access. Symantec anti virus reported stopping the virus (along with two other files, probably related). Everything seems back to normal, malwarebytes and symantec report nothing. BUT I still have no internet access. Even a quick manual search turned up nothing suspecious. Other PC’s on home net work fine. I tried installing a fresh copy of FireFox, no go …. any ideas on where to look for the problem ?

A couple of other bits that may help to know. As far as I can tell, Skype does work. IM and browsers are dead. I have tried several system restore points, but in each case, after reboot it comes back to say that nothing was changed because the system cannot be restored to that point. Everything else seems to work fine. I am assuming that during the second round of the trojan installation – something was changed and the anti malware doesn’t fix that.

The three fils that Symantec caught were njjwsftav.exe VtAA.exe and cvWJ.exe

Hi everyone. I need some help with this problem. I did do scan on MBAM(malware bytes anti-malware)and found like 2 infextions. after i I restarted and did the scan again. the virus did leave but it screwed my wireless. Beacuse whenever I try Safe Mode with Networking and the wireless works but when I work the windows normally it does not grant me complete access. One more thing to add, wheenever I open my windows normally I get this installation request which comes twice which is the antivirus soft request. Please help me with this problem. I have to get my PC to its natural state. Please anyone ….
Thankyou

Wow this virus really sucked I sealed with it for 3 days. I know little about computers but figured i could find something on the internet to help me and this website was the answer.I read all the post and used the safe mode and restored my system and that fixed the problem then to be on the safe side I downloaded the malwarebytes and got rid of this anti virus soft. Thanks everyone who posted

My wife’s computer got this yesterday. I was able to restore the system and it seemed to be working fine for a while, but she reports more problems today, including frequent blue screens. She’s able to get on the Web, but is having trouble running a full virus scan. I downloaded malwarebytes on a thumb drive and will run that tonight, but did we miss something with the system restore?

I should clarify. I did the system restore back to Friday, two days before the virus started. But is it possible it was lurking in there before then even though it had not started the pop-ups? I’m just trying to get the computer running for her reliably until I can fully remove the virus.

I would like to first thank the Good Fellas @ http://www.2-viruses.com for this article as well as all of you who commented here. With the help of this article, Sid, Sarah, Garret and Dawn’s comments to use restore, I was able to get rid of this virus under 10 minutes as easy as it gets. I much appreciate all your time you spent here to share a solution. Keep up the good work. Be Happy!

Jim : Sometimes restore points are infected or virus resides in user space and is not affected with system restore. The best way to make sure is to do a scan with couple good anti-spyware/malware programs, and keep up-to-date anti-virus and anti-malware with real time protection.

This one is really bad. I initially right clicked on the popups and determined where the file was originating. Once I did that, it went into full force protection to not allow me access to the folder. I couldn’t even access in the safe mode. It hid all my files in my user/admin account when it was active. I restarted the computer and started task manager as quickly as possible to disable the exe before it blocked me from everything. Once I did that, I was able to unhide the files, find it and delete it. This is one of the worst I’ve seen. Windows defender or Norton didn’t pick it up, even with the full scan.

These bastards nailed me yesterday.
Virtually crippled my computer in a matter of seconds.
I immediately ran my free home version of avast and it caught 2 trojans.
Internet would not work so I found this website on my G1 phone.

Safe mode.
Deleted all suspicious registry entries I could find as instructed by rsarrock.
Then I decided to try sid’s advice and while still in safe mode, I did a system restore to 2 days earlier.
Then I rebooted and everything seemed fine but I ran spybot anyway and then avast one more time.
I finished by running ccleaner. Computer is running like new! Thanks so much guys!

Wow, this one is tough. It totally prevents my computer from going on the internet (hence I can’t download antivirus software). It’s also blocking some microsoft XP functionality. Does anyone know if Antivirus Soft prevents your PC using Windows XP from doing a system restore? I can’t find any System restore points or system restore radio buttons to push on my infected PC.

Thanks for the help, looking good so far. Doing a few final clean up scans.

Should note I tried the manual removal method, could not restore. And Malwarebytes I could not update, lan locked out even in safe mode. Prehaps it was the proxy I removed manually latter.

Going to bed, hopefully the scan won’t find anything else now, and my wifes laptop will be clean. Seemed fine though when I restarted in normal mode.

Thanks Again.

If it helps anyone, the newest version installs as gxxistav. The locations are all roughly the same, just be on the lookout for this new iteration of the .exe and reg entries.

I just picked up this nasty virus today while on my own Facebook page. It is definitely a pain.. It did mess with my IE, but I was able to use my Firefox fine with it. I tried to do a system restore, was my initial idea, but this virus wasn’t allowing me to access the system restore files.. a pop-up would appear stating that it could not execute the file because it was infected. Highly annoying. I decided to browse the internet and try to find a solution, hopefully someone has had this problem before, which is how I found this site. I, also, was getting pop-ups from IE that was trying to take me to pornography sites. After my Avast! did not pick up the virus during a quick scan (thorough takes a lot longer, more than I’d like to keep the virus on my system) I decided to restart my computer and go into Windows Recovery (F11). I restored my computer to my last Windows update which was yesterday, and as of right now I have no problems. It seems that the virus has been wiped.
I suggest doing a system restore before doing anything else to see if it will take care of your problem. If you cannot access it the usual way (through system tools), then just restart your computer and go into the Windows Recovery to restart it from there. Hope this helps!

@David A
It seems to be user specific on one of my client computers, and I’ve found some of the files in the users local settings, so yes, if you copy their my documents folder you will also copy the virus.

Having the same problems as you all but I can’t get into ANY SAFE MODES. I can logon normally but cant open IE, Safari or Google Chrome, cant sopen any files or perform any action s further than looking at the desktop and bogus infection messages. PLEASE HELP!