Infected with Antivirus Action, need help removing

[strep3241]

My dad's computer just got infected with Antivirus Action. Neither of us has clicked yes for anything because I knew it was a virus. How do I go about getting rid of it? Right now I am scanning with Malware Antibytes in safe mode.

On a side note, I don't know why but my dad's computer keeps getting infected with these types of viruses. He is using AVG free version right now, is AVG not very good any more? I used to use AVG for a while and never had a problem with viruses. Why would he have so much more trouble than me when we are on the same network? After I get the virus removed, I am going to install Bitdefender. This is what I am using right now and have not had any problems.

 

[balloonshark]

These guys usually have good removal procedures. Have a look here. http://www.bleepingcomputer.com/virus-removal/remove-antivirus-action

It's really important to keep Windows and your other programs up to date. Java, Flash, Adobe Reader, etc. are constantly being updated/patched to fix vulnerabilities. After you clean his computer do a online scan and update any programs that the scanner finds. It's a good idea to run the scan at least once a month and fix any issues. http://secunia.com/vulnerability_scanning/

The Secunia link or site may be down at the moment as I can't get there.

 

[strep3241]

I found that site you mentioned and it worked or so it seems. I will try out that Secunia program. He is having a problem connecting to the internet through Internet Explorer. I have tried Google Chrome and Safari. The only thing that will allow him to browse the internet is Mozilla Firefox. I keep trying to tell him to use Firefox but he will not listen.

I don't what it is but he keeps getting these types of viruses, ones that look like a program. I don't know if programs are not updated or what. I do know that AVG expired and did not get around to updating it yet. Could AVG not being updated to a newer version be the cause?

I unistalled AVG and installed Bitdefender, the paid version. Maybe he will have better luck with this one. I am assuming the Bitdefender firewall is better than the Windows firewall?

Thanks for the help.

 

[ModestGamer]

Combo Fix is good at removing this thing.

 

[ModestGamer]

These guys usually have good removal procedures. Have a look here. http://www.bleepingcomputer.com/virus-removal/remove-antivirus-action

It's really important to keep Windows and your other programs up to date. Java, Flash, Adobe Reader, etc. are constantly being updated/patched to fix vulnerabilities. After you clean his computer do a online scan and update any programs that the scanner finds. It's a good idea to run the scan at least once a month and fix any issues. http://secunia.com/vulnerability_scanning/

The Secunia link or site may be down at the moment as I can't get there.

Disabling remote registry closes some 95% of the windows security holes.

 

[mechBgon]

I found that site you mentioned and it worked or so it seems. I will try out that Secunia program. He is having a problem connecting to the internet through Internet Explorer. I have tried Google Chrome and Safari. The only thing that will allow him to browse the internet is Mozilla Firefox. I keep trying to tell him to use Firefox but he will not listen.

I don't what it is but he keeps getting these types of viruses, ones that look like a program. I don't know if programs are not updated or what. I do know that AVG expired and did not get around to updating it yet. Could AVG not being updated to a newer version be the cause?

I unistalled AVG and installed Bitdefender, the paid version. Maybe he will have better luck with this one. I am assuming the Bitdefender firewall is better than the Windows firewall?

Thanks for the help.

Stop placing your hopes in antivirus software, memoryram. It's a good practice to have it, but it's not a good primary line of defense.

Definitely use the Secunia checkup utility every couple weeks and follow through on the stuff it says needs patching. Here's some further "hardening" you can do for free: http://www.mechbgon.com/security


In the big picture, if my computer were messed up to the point that it didn't want to reach teh Intarwebs, I'd disconnect all the HDDs except the boot drive, nuke it with DBAN, and reinstall Windows from the top, making sure to secure it this time. If you want to do some further work on it before getting that drastic, download and install the free version of SuperAntispyware, update it and run a complete scan. It'll take a while, so make sure you have snacks lined up

 

[balloonshark]

Stop placing your hopes in antivirus software, memoryram. It's a good practice to have it, but it's not a good primary line of defense.

I agree with this. Unfortunately it took me a long time to believe as we are told that an anti-virus or suite will protect us.

If it's possible set your father up with a limited user account that he can use daily. Windows Vista and Windows 7 make this much easier.

If a LUA is not possible a sandbox type program like Sandboxie or DefenseWall may help. I set my mother up with a slightly tweaked sandbox via Sandboxie for browsing with Firefox and Avast free as a backup. She's a total noob and has not been infected. I also keep her up to date with the occasional Secunia scan.

 

[strep3241]

Stop placing your hopes in antivirus software, memoryram. It's a good practice to have it, but it's not a good primary line of defense.

Definitely use the Secunia checkup utility every couple weeks and follow through on the stuff it says needs patching. Here's some further "hardening" you can do for free: http://www.mechbgon.com/security


In the big picture, if my computer were messed up to the point that it didn't want to reach teh Intarwebs, I'd disconnect all the HDDs except the boot drive, nuke it with DBAN, and reinstall Windows from the top, making sure to secure it this time. If you want to do some further work on it before getting that drastic, download and install the free version of SuperAntispyware, update it and run a complete scan. It'll take a while, so make sure you have snacks lined up

I will definitely do those things. He really is not ready to reinstall Windows just yet, not everything backed up, most stuff is backed up, just not everything. Before I do anything else, I will run that SuperAntispyware program.

The internet is still working, just will not work through Internet Explorer. Has to use Firefox. I realize that means there could still be a problem.

 

[RebateMonger]

Once you get your PC working correctly (one way or another), consider learning how to make image backups of your computer on a second hard drive. There's both paid and free software for making full system image backups that will let you restore the entire PC to its last full backup.

It's not hard to do this and is FAR faster and safer than trying to remove malware that you may or may not be able to fully remove in the end.

 

[mechBgon]

I've had good results with Acronis TrueImage backup/recovery software. In fact, I used to use a super-vulnerable Win2000 system to hunt malware with, and when I was done infecting it and collecting malware samples, I'd just reboot and use the Acronis recovery console to go back to a clean image. Never failed. And on 15000rpm SCSI drives, it was usually done in about 90 seconds :sneaky: TrueImage Home is about $35ish.

Another idea, if you guys have several computers, is to scrape together an old PC and get Windows Home Server on it. WHS can automatically back up the other computers on the network daily, and recover them using a bootable CD or DVD. I have a Win7 Ultimate rig with Office, Photoshop Elements, Premiere Elements, WinXP Mode and quite a bit of other stuff installed, and I re-imaged it onto a blank new HDD over the network from my WHS server in about 30 minutes total (on a gigabit network connection).

If you do set up WHS, go through the motions of a recovery to make sure it has the drivers it needs for the computer's network port. If it doesn't, you may be able to get them and put them on a USB stick. Anyway, if you're planning on WHS recovery as your ace in the hole, make sure of the drivers scenario in advance.


All that being said, if malware manages to get his CC number, or his eBay log-in, or other sensitive info, disinfecting the computer doesn't bring that stuff back from the hands of the bad guys once they've got it, so he really needs a security makeover.

 

[strep3241]

I am going to go ahead and reinstall Windows. We have everything backed up. I have tried some of those programs and still can not connect through explorer.

I am trying to use Dban to completely wipe the drive but I am having problems. I can boot from the cd fine but after I go through all the options and press f10 to start, I get an error screen and have to shut down.

I think I may have screwed up big time. I never could get dban to work using the interactive mode. So I tried the auto option. That may have been a big mistake. I did not realize that dban automatically starts formatting any drives that are hooked up. There is two hooked up, one with Windows and the other with all the files. As soon as I seen it formatting both drives, I immediately shut down the pc. I turned the machine back on and took the cd out and of course it would not boot. I am not worried about the Windows drive. I am really worried about the backup drive. Did I just lose everything on that drive? I mean dban barely had a chance to do anything before I shut it down. Please tell me that I did not lose everything on the backup drive, please. If I did, my dad is going to be so mad.

I am so mad at myself right now. This is not good at all.

 

[lxskllr]

No point in wondering. Keep going on the drive you want to clean, install Windows, and see what you've got. Personally, I think Dban is paranoid overkill. I'd just do a full format and install.

 

[RebateMonger]

If you do set up WHS, go through the motions of a recovery to make sure it has the drivers it needs for the computer's network port. If it doesn't, you may be able to get them and put them on a USB stick. Anyway, if you're planning on WHS recovery as your ace in the hole, make sure of the drivers scenario in advance.

WHS keeps track of each PCs network and disk drivers (the drivers that are critical to do a recovery across a network) and stores them in the WHS backups for each PC.

Since the recovery routines in WHS are from Vista, you can load the network and disk controller drivers onto a USB flash drive and load them when requested by the WHS recovery routine. No need for a floppy drive even when recovering an XP client.

The other "non-critical" drivers (video, sound, chipset, etc.) come along as part of the full system restore image, so no need to reload those drivers after the restore is completed.

 

[strep3241]

I went ahead and installed Windows on the first drive. It is not looking good. The second drive does not show up at all. So I turn off the computer, take out the drive and hook it up to a usb to sata adapter cable that has an ide connector and still does not show up. When I first plugged it in, it installed the drivers for it and makes that sound when you plug new hardware in but does not show up, the drivers installed successfully. I also tried hooking up to a different computer and still nothing.

I am really mad at myself for letting this happen. When I first started having trouble using dban, I thought about unhooking the second drive, maybe that was causing the problem, but didn't. Now I wish I would have.

I am going to take it to some computer repair shops and see if they can get anything off of it or tell me how.

 

[lxskllr]

Don't know why it isn't recognized at all. It's a PATA drive? Try some different cables. They can flake out, and even a cable that previously worked can be bad.

 

[strep3241]

It is an IDE drive. Not showing up at all is what is worrying me. I am almost certain the cable isn't bad because the first drive is on the same cable.

Right now I am running a program called Recuva to try and recover the files but I have a feeling it will not work since it does not recognize the drive.

 

[lxskllr]

What exactly do you mean by "not recognize"? Does it show up in the drive listing, but perhaps as unformatted, or is it completely AWOL, and Windows doesn't even know it's there?

 

[strep3241]

The drive not show up under my computer under the drive listing.

Maybe some good news, the drive does show up under disk management as unallocated space showing 111gb's.

 

[lxskllr]

Try booting to a Linux live CD(Ubuntu), and see if you can do anything with that.

 

[classy]

Microsoft's free security essentials is really good. Better than AVG or Bit.

 

[strep3241]

I might give linux a try later but I might need help with that. But first I am going to see what happens with Recuva. I am hoping it will find the files or at least some of them. I have a good feeling about Recuva. When I first started scanning with Recuva, I stopped it with only 3 percent and it already found over a 1000 files, I guessing mostly system files. So I am hoping Recuva will recover the lost files.

Back on the problem with the virus, tell me if this is normal. As soon as I finished installing Windows XP and before I did anything else, I was already connected to the internet. Every time we reinstall Windows, the internet is already working before setting anything up. Should that be like that? I am just wondering if that doesn't have something to do with him getting infected all the time.

 

[lxskllr]

Back on the problem with the virus, tell me if this is normal. As soon as I finished installing Windows XP and before I did anything else, I was already connected to the internet. Every time we reinstall Windows, the internet is already working before setting anything up. Should that be like that? I am just wondering if that doesn't have something to do with him getting infected all the time.

That's normal, and I have heard of fresh Windows getting pwned before patches are applied, but I haven't experienced that myself.

 

[strep3241]

Help me understand this. On my computer which is connected wireless to the net, whenever I reinstall Windows, I have to install the network card before I can get the internet.

On his machine, he is directly connected to the router. Why doesn't he have to install the router before the internet will work?

 

[RebateMonger]

I don't recall if you said you are running XP or another OS.

When installing Windows, disconnect your network cable. Theoretically, if installing XP, it'd be best to have at least SP2 downloaded as an .EXE file that you can copy it to the new PC and patch XP to SP2 without any network connection. Once Vista or Win7 are installed, you should be able to safely reconnect them to your network and access the Internet to get updates.

 

[lxskllr]

Help me understand this. On my computer which is connected wireless to the net, whenever I reinstall Windows, I have to install the network card before I can get the internet.

On his machine, he is directly connected to the router. Why doesn't he have to install the router before the internet will work?

The built in generic drivers work for his NIC. Wireless you generally need the drivers from the manufacturer.