Solution to clearing fake antivirus "Antivirus Solution Pro' program.

[--mom--]

The malware/spyware/virus (whatever it was) seemed to center around a fake antivirus solution program called “Antivirus Solution Pro”. There was a small green ‘security’ icon which planted itself in my lower toolbar and the ‘Antivirus Solution Pro program’ was constantly ‘scanning’ my computer…supposedly finding all sorts of spyware, Trojans, etc while ‘Security Warnings’ were popping up everywhere. There was a running ‘Antivirus software alert’ running in the lower right corner of my screen which was giving ‘Details’ of IP addresses and ports from which my computer was being attacked, “Attacked Ports”, and ‘Threat’ names. This information was changing rapidly, making me think that my computer was being bombarded with new threats every second. When I tried to start AVG or IS360, I would simply get another ‘Security Warning’ that “Application cannot be executed. The file is360.exe is infected.” Internet Explorer had a warning on the screen, but I couldn’t connect to anything via IE anyway. The address in the address bar would change automatically to restricted sites (porn, viagara) but none of them were opening. Everything was being controlled by the virus. Add/Remove Programs in the Control Panel was ‘infected’ and couldn’t be opened. It was a nightmare.

 

Mongoose, one of the forum members (and a genius, I must add) worked with me all day via the forum until the fake anti-virus and all its components were cleared from my computer. We did a lot of things throughout the course of the day (and I hope I don’t forget any of the steps), but here is a list of what was done:

 

On another computer, I downloaded a ‘Remove Fake Antivirus’ program onto a disk which I ran in safe mode on the infected computer. After that had run, I tried running my cleaner programs still in Safe Mode. CCleaner ran. IS360 ran a ‘full scan’ and found zero threats. AVG would not open or run. I rebooted the computer. The ‘Antivirus Solution Pro’ immediately started running and the ‘Security Warnings’ all began popping up (“Security Warning. Application cannot be executed. The file is360.exe is infected. Do you want to activate your antivirus software now? _ yes __ no”) …. (Strangely, is360 had just completed a full scan in safe mode and, once again, had found no threats!)

 

I rebooted the computer and ran the ‘Remove Fake Antivirus’ cd again in safe mode and then the CCleaner (also in safe mode) but, this time another window opened: "Command Line Composer" which said "You can use AVG8.0 Anti-Virus command line scanner only in Windows Safe Mode. Right now you can create parameters for Command line scan. ..." Leaving everything checked exactly as it was, I clicked on 'Scan now' and it ran to completion.

 

On another computer, I downloaded ComboFix onto a cd, put the cd into the infected computer and ran it in safe mode following the instructions.

 

When the computer rebooted, the ‘Antivirus Solution Pro’ program, toolbar icon and all the ‘Security Warnings’, ‘Antivirus software alerts’ and ‘Antivir Solution Pro Details’ were gone!

 

Hope this helps anyone who might unfortunately acquire this debilitating fake antivirus program.

[So_sad]

Hi there Mom :wink:

 

I'm glad you got that "thing" sorted. Sorry for this late reply, but there's no emergency since you've gotten rid of it. Twice, if I read the other topics correctly, although quickly.

 

A few things :

 

First and foremost... is how you got infected in the first place (?). That's what you need to focus on. Make sure it doesn't happen again 8-)

 

Second : although you've had success using a powerful tool like ComboFix, you must know that supervision is needed when using tools like that one. The risks of messing up a machine are real, some tools won't run on some systems, etc... so we can't just tell anyone to run this tool and you'll be clean type of thing.

 

And finally : these rogue programs are everywhere and there are plenty of variations. You nail one today, but the new one that comes out tomorrow will be harder/different to remove ; it's been like this for years with these pests. They generate a lot of $$ so they are updated constantly to avoid early detection.

 

=======

 

You've asked in another topic here whether your machine is clean or not, following your second battle with a rogue. Well, the most simple way to determine that is by observing ; if there are no more fake alerts, no browser redirects or search redirects, if your antivirus works and updates itself, then I'd say you can rest easy.

There are diagnostics tools you could run to make sure, but that would be a lenghty and, in my opinion, an unnecessary process.

 

Hoping all is well with the machine..

 

===