Antivirus gold

hi

i have been infected with antivirus gold.

I have gone through the 4 steps suggested (previously hadnt) and now cannot get onto internet explorer at all.

help!

 

Did you try and do a system restore back to an earlier date? Some people that have been infected by Antivirus Gold have been able to restore back to a date a few days before they were infected and it was gone as simple as that. Before you get into any drastic measures try that.

If you don't know how...

*Before you open the System Restore console, you may want to save your work and close all programs since System Restore requires you to restart your computer.

There are two ways to access System Restore – through Help and Support or through your All Programs folder.

Through Help and Support:

1. Click Start, and then click Help and Support.

2. Under Pick a Task, click Undo changes to your computer with System Restore.

3. Follow the instructions on the wizard.


Through the All Programs menu:

1. Click Start.

2. Point to All Programs.

3. Point to Accessories.

4. Point to System Tools.

5. Click System Restore.

6. Follow the instructions on the wizard.


Creating a restore point can be useful any time you anticipate making changes to your computer that are risky or might make your computer unstable. If something goes wrong, you select the restore point you just created and Windows XP undoes any system changes made since that time.

 

After going through a system restore, there's another possible solution to this trojan. (NOTE: Antivirus Gold is a nasty trojan and many people completely reinstall xp to get rid of it).

This may or may not work as well. If you cannot access the internet you may not be able to attempt this fix. Unless you can use someone elses computer and either transfer the files to your computer via whatever means.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Right click on this link -> http://www.bleepingcomputer.com/files/reg/smitfraud.reg and save that file. Double click on it and click on Yes when it asks you if you want to merge it into the registry. Once that's done, right click on your Desktop and go to Properties. Next go to Desktop tab->Customize Desktop button->Web tab. Uncheck everything listed there. Then delete all the entries listed except for 'My Current Home Page'. Click OK and OK.

Go to Start->-Control Panel->Add or Remove Programs and remove/uninstall the following programs, if found:

Security iGuard
Virtual Maid
Search Maid
Antivirus Gold

Exit Add/Remove Programs.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked.

Download KillBox http://www.greyknight17.com/spy/KillBox.exe. Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy the below files and go back to KillBox. Go to File->Paste from Clipboard and then hit the button with red circle with a white X. Confirm to delete and when asked if you want to reboot now, say no:

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\system32\hhk.dll
C:\Windows\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\system32\msole32.exe
C:\Windows\system32\ole32vbs.exe

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Delete these folders if they exist:

C:\Program Files\Search Maid\
C:\Program Files\Virtual Maid\
C:\Windows\System32\Log Files\
C:\Program Files\Security iGuard\

Restart your computer.

1. Download Hoster http://www.greyknight17.com/spy/Hoster.exe and run it. Choose the 'Restore Original Hosts' button and press OK. Close the program.

2. Right click on this link -> http://mvps.org/winhelp2002/DelDomains.inf and select Save As to download WinHelp2002's DelDomains.inf. Save the file to the Desktop. To run the inf file, right click on it and select Install. Note: This will remove all entries in the 'Trusted Zone' and 'Ranges' also.

3. The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/Cleanup.exe ) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

4. Run an online scan at http://www.pandasoftware.com/activescan/ and save the results from the scan!

 

tried system restore before and it didnt work


i worked through the steps you said but it has not gone - although i can get on the internet now.

Didnt have security iguard, virtual maid or search maid installed so only uninstalled antivirus gold

I couldnt delete c:\windows\system32\hhk.dll

The folders that existed were virtual maid and system32\log files so i deleted both of them.

Ran hoster and also deldomains although i wasnt sure that it worked as nothing seemed to happen??!

The results from the scan are below


Incident Status Location

Virus:W32/Smitfraud.A Disinfected Operating system
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\System32\OLEADM.dll
Adware:Adware/Antivirus-gold No disinfected C:\WINDOWS\System32\hookdump.exe
Adware:Adware/Popuper No disinfected C:\Online Pharmacy.url
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\System32\wp.bmp
Virus:Trj/Downloader.DAI Disinfected C:\!Submit\msmsgs.exe
Possible Virus. No disinfected C:\!Submit\shnlog.exe
Adware:Adware/Popuper No disinfected C:\Documents and Settings\All Users\Desktop\Online Dating.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\All Users\Desktop\Remove Spyware.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\All Users\Start Menu\Online Casino.url
Adware:Adware/Popuper No disinfected C:\Online Pharmacy.url
Adware:Adware/Antivirus-gold No disinfected C:\WINDOWS\system32\hookdump.exe
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\system32\oleadm.dll
Virus:W32/Smitfraud.A Disinfected C:\WINDOWS\system32\wininet.dll
Adware:Adware/Smitfraud No disinfected C:\WINDOWS\system32\wp.bmp

Adware:Adware/Smitfraud No disinfected C:\WINDOWS\uninstIU.exe

whats next?!

 

I recommend doing the following in safe mode (I.E. restart your computer and hit F8 at the start screen. and make sure you choose safe mode with networking).

First I recommend downloading a squared and scanning for and removing the malware on your computer
http://majorgeeks.com/download172.html

then run housecall and let it clean up what it can
http://housecall.trendmicro.com/

Finally, I've found AntiVir Personal Edition to be VERY useful at finding and destroying viruses/trojans and worms.
http://majorgeeks.com/AntiVir_Perso...ition_d955.html

If that doesn't help, someone else will help you because I have to leave this morning on business and won't be back until next week Saturday. Best Regards.

 

thanks for your help but i called it a day yesterday and put in the restore disks.

I tried what they told me to do before but it just seemed to get worse - this is one nasty virus!

I will be sure to post a topic again as soon as i get a new virus (inevitable really)!

hannah

 

hi!

i know it is not really the best solution to put in the system restore disks but unfortunately it is something we have got used to. Despite being updated and having all the adaware etc you guys recommend we still seem to get regularly infected with very bad viruses. This computer seems to be susceptible??

The problem i had prior to restoring was that the antivirus gold was seeming to get worse.

As soon as i have a problem again i will be sure to call on you guys as you do an amazing job.

hannah