# HELP! Anti-Virus 2010 Virus



## TheMailMan78 (Sep 4, 2009)

Well a buddy of mine works in my companies IT department and got a laptop in today with an epic virus. I've personally never seen one like this. The user downloaded "Anti-Virus 2010" thinking it was an anti-virus but its in fact a virus.

Malware, Onecare, Spybot have not only been unsuccessful but were in fact deleted from the OS the second they were launched by the virus. Its also deleted all past restore points. Does anyone have ANY idea how to beat this thing without doing a clean install?


----------



## choppy (Sep 4, 2009)

i had a virus that wouldnt let me run malwarebytes or spybot - the trick is to rename the files and they will launch. 
the most powerful cure i know of is called Combofix - where spybot and the rest fail, combofix does the job.


----------



## Steevo (Sep 4, 2009)

Boot to a linux distro live on CD, delete the files and the backups of them, and then disconnect from the network and finish the cleanup in windows.


----------



## Sir_Real (Sep 4, 2009)

Some viruses cannot be totally removed. They get so deep into system & registy files that you could use every antivirus or malware cleaner on the market & you'll still have system file damage & strings left. 

Sometimes a format & reinstall of windows is the only way. Then make sure it dont infected again.


----------



## mcloughj (Sep 4, 2009)

Go into safe mode and try to install Spybot. Make sure you have the update for it available on flash drive or similar. If you get it setup and it runs in safemode then run the scan.

 If you can't run the scan in safe mode then run msconfig and disable all the startup items and non microsoft services then re boot as normal. Run scan and you should be in the clear.

This is the third instance of win anti virus I've come across this week. Looks like they are pushing extra hard to make people's lives miserable. The bastards.


----------



## 95Viper (Sep 4, 2009)

Read here:http://www.superantispyware.com/blog/
Try this:http://www.superantispyware.com/download.html
Then, get this here:http://www.avira.com/en/support/kbdetails.php?id=230
And follow instructions, here:http://www.avira.com/en/support/kbdetails.php?id=267

If this don't do it. Reformat and do a fresh install.

Goodluck


----------



## kenkickr (Sep 4, 2009)

I would try disabling System restore then install Avast in Safe Mode and then running a Boot-Time scan.


----------



## Solaris17 (Sep 4, 2009)

i use to have to fix this in GS

boot the system in safe mod.

delete everything in the temp/prefetch folders.

do a disk cleanup.

install avast and schedule a boot time virus scan.

tell it to delete everything it finds.

then run malwarebytes

and a reg cleaner.


----------



## mrhuggles (Sep 4, 2009)

or you could use my policy, do a fresh format/install and then pretend you didn't, that way you can feel good about yourself and not have to work so hard 

can always image the drive in case any important files need to be recovered later

EDIT: i don't mean lieing to clients i just mean to yourself is all


----------



## Metropolis (Sep 5, 2009)

Just wipe it, backup the stuff thats needed and that format because you will get left overs in the system, any reason why your saying you cant clean install?


----------



## JATownes (Sep 5, 2009)

I had a client get this...believe it or not Windows Defender found and removed it when nothing else would...I was shocked!!!


----------



## BroBQ (Sep 5, 2009)

You can run this tool: http://siri.geekstogo.com/SmitfraudFix.php

Which will remove it. But its also a good idea to run this as well: http://www.combofix.org/

After you run both of these utilities, run super anti spyware

I've removed anti-virus 2010 from a few PCs with both of these utils. They do work. 

Smitfraudfix is a great program that i've been using for a few years to remove hijackers.


----------



## kenkickr (Sep 5, 2009)

If Windows Defender can find it then way not just go here and run the complete scan.  The downer is it requires IE but much more detailed than Win Defender.


----------



## osirus99 (Sep 5, 2009)

TheMailMan78 said:


> Well a buddy of mine works in my companies IT department and got a laptop in today with an epic virus. I've personally never seen one like this. The user downloaded "Anti-Virus 2010" thinking it was an anti-virus but its in fact a virus.
> 
> Malware, Onecare, Spybot have not only been unsuccessful but were in fact deleted from the OS the second they were launched by the virus. Its also deleted all past restore points. Does anyone have ANY idea how to beat this thing without doing a clean install?



Ok...

Let me guess.  BraviaX was the initial trojan loader and you got it from a banner ad?  Am I close?  We've had several boxes recently infected and this is how we removed it.  Malwarebytes won't get rid of it but it kills the portion that will prevent you from running other proggies like SUPERANTISPYWARE.

We were finally able to get Malwarebytes to work on all the machines with a little bit of effort...let it find and clean as much as it can.  Once finished DO NOT REBOOT (and just kill all the mini-pops you see with task mgr).  Then install and run SuperAntiSpyware and clean the system with that.  Finally let it reboot and run it one last time.  Your bug should be gone.  We've successfully removed it from several machines with this.


----------

