AV Antivirus Suite Survivor - My Experience and Solution

C:\Documents and Settings\Jim\Local Settings\Application Data\gyvlvakqu\fsmjwavtssd.exe

First of all, I'm a user of limited technical knowledge but I depend heavily on my computer. My computer got a very destructive, wicked virus similar to the one others describe as the "AV Antivirus" that wrecked my computer. I believe it is called the AV Anti-virus Suite because that is the name of the software it kept asking me if I wanted to download. It had installed a quick launch icon, from which it kept popping up warnings about my system. Clicking on the icon opened a fake web site window for the AV Antivirus Suite."

I got this malware by answering a short “survey” in order to watch a TV episode online. It was a weird, stupid quiz with 5-10 questions that showed a silhouette of the back of a shapely woman with a whip in her hand and a man lying down in a sexual position with a woman standing over him. After I answered the survey, it let me watch the episode, but it was so boring that I closed it within a few minutes. Then, the virus took over my computer, continuously popping up messages every few seconds, saying that my computer was infected and was being attacked, then opening the porn sites porn.com and porn.org, which showed a clip of a man and woman at a cafe, with a weird street noise in the background that, when I first heard it, made me wonder where that noise was coming from.

It was wicked in its blocking of my access to any tools to fix it, including all System tools, Task Manager, and it blocked me from any access to the Internet. I wasted a lot of time trying to call Norton. I found out that their service is terrible. After 3 service reps referred me to a different telephone number each time, finally the last number they referred me to was for the “Enterprise Group,” which served the product I have. However, the line was always busy and I never got through.

One thing I discovered about this virus is that it is a little slow to block access. By continuously clicking on the Norton quick launch, I was able to open it and run the scan, despite the virus’ trying to block me from it. However, Norton found nothing on my whole hard and external drives. The last service rep I talked to, a nice Asian lady, who said she could not help me because of the type of Norton product I had, said that she knew about the virus but the only thing she could tell me was to go to the Norton web site for virus removal tools, which, of course was useless advice because I had no Internet access. It turns out there is no such tool that removes the AV Suite virus on Norton’s web site.

I actually spent most of the day backing up my data files because I thought I was going to have to re-install Windows and all my software on my hard drive.

Finally, through a little luck and very basic PC knowledge, I was able to get rid of it and then was able to restore the system to a prior restore point. The first 3 restore points failed, but it finally worked the 4th time. I was so relieved!

Here's how I accomplished it. Although the virus blocked access to the Windows Task Manager, I had the AnVir Task Manager running, which allowed me to identify the Process causing the symptoms. The virus was located at C:\Documents and Settings\[User]\Local Settings\Application Data\gyvlvakqu\fsmjwavtssd.exe.

The file may be randomly named. The way I found it was to look at the description of each process, and look for one that had just been installed that day. This one showed that it had been installed on that same day. Where the Company name should have been listed, it was blank.

First, I "Killed" the process using the Anvir Task Manager right click command. This allowed me to access some things that I was not able to before, like my media player. The virus revived itself in only a couple minutes, so I only had a short time between killing it and doing things.

Anvir Task Manager Pro has an option to "Block" or permanently kill a process, but it would not let me because I don’t have the “Pro” version.

When I tried to delete the file at its source location, it gave me a system error message, saying I was not authorized to do that! Of course ... Instead, I renamed it and this seemed to largely de-activate it, transmuting it into a shell of its former self. It still gave the continuous pop ups but its effects were less virile.

I rebooted my machine and was able to rename the folder containing the file. It was only a 17 K file, but the virus program had written to my registry to generate the damaging effects.

Renaming the folder effectively stopped all the pop ups, but I still had no Internet access through Internet Explorer and that's the only browser I have on my computer. Outlook e-mail was also not working. It was unable to log in to my hotmail account.

Finally, after 3 tries, I was able to successfully restore my computer to a system checkpoint 3 days earlier using the System Tools/Restore function. Now everything appears to be back to normal, except that at least one of my programs is not present, the Google toolbar, but it can be easily restored. I keep getting a notice from Anvir of an attempt to install the Google Toolbar, but I'm deleting that, preferring to install it myself from the Google web site. I never know now whether a virus is playing a trick on me.

If you don't have an alternative task manager running as I did, it might be possible to keep trying to access System Tools, repeatedly requesting it until it works. As I said the virus is a little slow sometimes to respond and I got Norton to open by repeatedly clicking the quick launch icon. I suspect the same could be done with Task Manager, although it requires a combination of keys and selecting it, making it hard to bang. A post I read here describes using the Kill command, but I believe one has to know the name of the process to effectively kill it, though not sure. Task Manager can help you identify the culprit file.

 

Yes, one of the administrators (I presume) wrote back the following note after I posted:

"I'm very happy you solved your problem. However, Major Geeks has a very specific procedure we follow as far as helping those with malware. We have experts in the forum that are the only ones we allow to assist those asking for help. They are awesome at what they do. So while the thought is appreciated, we do require that people follow our removal procedures."

Of course everyone's situation is different and what worked for me may or may not work for others. I think most people have enough sense to get hints and helps wherever they can. My post was directed at the less technical because I think most people could replicate what I described myself doing.

As a matter of feedback, some of the steps this site instructs doing are for those with more technical experience and knowledge than I have. When I shared my post with another user support site, I entitled it "Dummies' Guide to Removal of the AV Antivirus Suite," as more appropriate.

I'm sure this site is full of helpful information, and a I'm glad it published my post.