Beaten down by "Antivirus 2008"

A friend said his computer had problems. They had gotten the pop-ups/trojan "antivirus 2008", and his girlfriend didn't know it was really trojan/malware, and downloaded it, and paid (w/credit card) for premium edition. After a few days they saw me, and I went and looked at it, and saw that the whole thing was a scam, trojan, and that the toolbar, everything was infested with it. Computer--Dell--running way too slow, and all kinds of junk in "QuickStart" and Toolbar hijacked and couldn't go to Avira or Norton, and junk everywhere.

I proceed to do what I knew, which was go to install/remove programs, and removed "antivirus 2008." I also did System Restore to a day or two before the date they had paid for this. Had them call credit card agency, and the CC's were good about reimbursing the money (Around a hundred bucks). I quickly realized I wasn't making any headway against this entrenched foe, and began searching online for help, much of which was just new scams, trying to make more money of these people, but eventually arrived here, and read Malware instructions, and here I am...up until now have done this:

1) Uninstalled "antivirus 2008" from Programs.
2) At first computer wouldn't let me, but today--finally--was able to make sure msconfig was set to "normal" startup mode.
3) Cleaned trash, quarantines, anything else obvious I could think of.
4) Downloaded and ran CCCleaner, as instructed.
5) Set file permissions so we could view all of them.
6) Went to Windows XP Cleanup Instructions, and here is how that went:
a) SuperAnti-Spyware found several instances of this virus, and other
tuff, which we deleted.
b) Ran updated Spybot. I had tried earlier to get and download updates, and I could not reach site: It also seemed blocked on google searchbar: could not go to Norton, or Spybot, or Avira. But now we are able to update and run Spybot.
c) Malwarebytes: I cannot finish installing Malwarebytes. In the middle of installation, it stops, and sends message: This application has failed to start because MSVBVM60.dll wasn't found. This also happened in "Safe Mode."

d) Combofix ran.

e) MGTools ran. Both Combofix and MGtools balked a bit, and stalled, and I reran both of them until I think I got it right, in regular--not "safe" mode. Hijackthis, tho, which would *not* run, when I tried earlier, also seemed to disappear from the text files: I don't know why this is, but this is what I got, so I'm sending them...

Anyway, this is enough, their computer has no *obvious* malware, but still runs *very* slow, and I know something is wrong...I cannot tell you how grateful I am to finally find a site that can help us...I hope you can. I know I probably did something wrong, or left something out. I will send this, and continue to try to get MGTools to get HIjack this again, but I think the malware blocks it or something.....And of course, any suggestion on how to make malwarebytes run...I did rename it to mb.exe, after download...but it seems this system has been corrupted bigtime...

Thankyou!

geff aka duckfeet

 

I reread the instructions, and felt that if I downloaded MSVBVM60.dll, that maybe I could get the other two files: (the hijackthis log was missing from MGlogs yesterday) and also Malwarebytes wouldn't run...

Well, that *was* the case, and both programs ran, now I have both files, but I *also* read the post on not "bumping" original posts so I didn't know which would get me in more trouble, posting these two files, or waiting, so I guess I'll post them, since maybe you are waiting for that? I'm trying to fix a young friend's computer, and we're trying hard to follow the rules on here, but anyway, I'll go ahead and add the other two files now, and hope I keep my place in line, but either way: you are my last real hope of fixing this computer....


EDIT: I have other two files, but maybe they didn't upload--I tried adding them....
Thankyou!

geff

 

Hi Tim:

I ran Hijackthis, and removed those two you suggested. I do believe the final piece of this puzzle was running Malwarebytes, as up until then, it was still slow as molasses, but like you guys always say, "do them *all*, then see, because since then, then it's been running good.

I guess I've been wrong so many times this last week, thinking I had fixed it, only to have this malware return in worse ways, that I wasn't sure...but anyway, I've certainly been humbled by this whole ordeal: only last week I was thinking--and saying--that we had to reformat, and buy an OS since they had bought this computer used, w/no disk...so you have my gratitude and respect, and I sincerely thankyou...we'll call it good, then, and leave you to help others. I guess I should do that final page you guys always suggest, right?...I put the free version of Avira on here, and we'll keep spybot, and anything else you suggest....

y'all are my heroes today....

geff

 

Will do, Tim: and thankyou for the help!

geff