Antivirus 2010 Taken Out But Still Have Problems

A friend's Computer stared with Antivirus 2010. SuperAntispyware and Malwarebytes started scans, but vanished from screen! After that they would not start! Will not run in safe mode either. In safe mode I was able to find and uninstall Antivirus 2010, and that got rid of the pop up windows. Still can not run either of the above programs. SuperAntispyware Portable runs, but gets knocked off screen after scanning about 4500 files. But since it runs again, I ran it till it found 10 trojans, paused, and dealt with those 10 trojans. Next Combofix and RootRepeal only run a short time and they dissappear. No logs can I find for any of the above.

Mgtools runs without errors, though! Attached are all the logs I have. Also when booting into safe mode there is an additional account called Administrator which I did not think was ever on this computer before.

This is my first time posting, but I have greatly appreciated MajorGeeks. I have successfully disinfected about five other computers using your forums.

 

Finished online scan by eset.com. Here is log. Also RootRepeal log I found on her crowded desktop. I wonder if I can remove this infected ndis.sys file that eset could not deal with by using my Bitdefender linux boot disk. I will try tomorrow if I do not get other instructions from MajorGeeks before I can get back to this. I will report back.

Thanks so much, Ed

 

Thanks Tim. I was able to get mbam.exe to run again using the cacls command that you gave. The mbam scan only lasted 6 seconds, and the mbam screen dissappeared again. After that mbam would not start. Then I booted with the BitDefender Linux boot cd and deleted the ndiswan.sys file in Win\Sys32\drivers that the above eset scan identified as infected but could not get rid of. Then I rebooted into Windows, used cacls, tried mbam another time, and it still dissappeared after only 6 seconds of scan.

Wondering what to try next. Thanks, Ed

 

Thanks, Tim.

Did BitDefender online scan. Log is attached. Could not updated virus signatures, though. Tried twice. When it got to 33% it started over. 2nd time it made it to 40%. I am trying updating again, but I thought I would do the scan and get the log to you. It found lots of bad stuff.

Thanks again, Ed

 

Hi Tim,

Issues still can not run mbam.exe nor superantispyware. I can run cacl and then they will run one time, but only scan a few seconds. I tried uninstalling each and then reinstalling not in Program Files but in their own directory in C:\, but same symptom -- each runs one time and only scans a few seconds.

Also, in Safe Mode there is this Admin account I have no password for and mbam and Superantispyware will not run in the user account.

Ran TDSSKiller.exe without having to change its name. It found only one suspicissous service -- vbma55c9 in Sys32\drivers. Log attached.

Thanks Ed

 

Hi Tim,

I ran Avenger and MGTools\Getlogs without problem. Avenger log and MGTools logs attached. I could find no Combofix.txt in C:\ or anywhere else, evn though I ran ComboFix again.

Still can not scan with mbam nor SAS. I uninstalled both from where I had last installed in C:\ and reinstall both in their normal place in Program Files. MBAM installed and ran one time scanning for 11 seconds this time. SAS will not install right. SAS portable scans to about 4500 files and dissappears again.

I think the user does not want me to spend a lot more time on this, and I do not want to take up much more of your time.....She may get a new computer, and I think I can salvage her personal files off this. Unless you now see something in these latest log that appears promining, I will go that route. Please give me a response to this.

I appreciate what I have learned. Thank you so much -- Ed