Anti-Spyware 2010 virus

[Rummy]

(tl;dr at the end, go there if you feel like skipping)

 

So, my uncle rang me yesterday, told me he's got a virus on his computer. He brought it round earlier(an NC-10), and I spent a while trying to fix it. He had mcafee but it's in dutch(his son lives in holland) which was a bit unhelpful. I d/led avast! and ad-aware on my comp then usb'd it over, installed them hoping to pick up something. Shockingly, Ad-Aware(free) picked up NOTHING after I installed and ran it, and avast! sort of did in the bootup scan I scheduled, and somehow did something that made it impossible to access his user account(problem with explorer.exe). He's running XP btw.

 

Now, I found some instructions for manual removal, BUT they involved killing processes BIGGER BUTT is that somehow, task manager has been disabled. Cheeky fucker. So I am a bit lost for what to do(it was to be my first solution whilst ad-aware install downloaded at a snail's pace). I didn't try the entirety of the manual removal, cos I couldn't kill the processes I didn't know if there's any point. What I'm currently doing is using the Samsung Recovery thing(which I wanted to avoid, tho looking at his comp he has little to lose so I went and did it after wasting this numerous hours). Anyhow, my problem doesn't end here.

 

My sister has an NC-10, and I was curious about the samsung recovery tool, namely because it looks to be so good! I rang her to find out if she has it on her NC-10 or if her netbook was branded by like Acer or something, cos I presumed it was but didn't know. I guess thinking about it, that's a bit retarded, it's clearly Samsung branded, but I never think of them like that. Anyway, on point, she does have it, but she also has an old acer laptop. She tells me that it seems she got a virus on it last week(it's got both avast! and Ad-Aware free running on it). My brow furrowed, she described half a name I was dreading to hear. Fucking Anti-Spyware 2010! Apparently it's proper killed her system, though she's a bit technophobic so I doubt it's that bad, but I'm gonna have to look at it tomorrow and given the trouble I had with my uncle's one, I'm a bit fearing(tho I guess I can just factory restore eventually anyhow).

 

tl;dr:

My point? Well, it's been a bitch, and googling gives a bit too much information, I was wondering if any of you guys have had any encounters with this? I've got alot more faith in you than googling provides, so I was just wondering if anybody's got anything to offer, really. Also, keep your eyes peeled for it!

[Raining_again]

installing multiple virus scanners (without removing the first) isn't always the best idea because they can disagree with each other.

 

sounds like its picked up a file and wiped it when its system dependant (i.e a file you don't want to delete/quarantine/whatever) but then there's a lot of not very specific information to be able to tell...

[Ten10]

So is task manager disabled 100% can't get to it by ctrl alt del or right clicking the taskbar?

 

Secondly try super anti spywear if that doesn't find it and get rid of it then the cake is a lie.

 

So I had to google for more info and it turns out to be one of those rouge programs you download when you get one of those retarded popups. I'm feeling lucky recommends this guide which I think will help you rip out of the system: http://www.bleepingcomputer.com/virus-removal/remove-antivirus-2010

[Rummy]

Well I didn't have two antivirus, I uninstalled mcaffee, then installed avast! and ad-aware, which I thought would be fine considering one is antivirus and the other anti-spyware? My gruncle's laptop is sort of fine now, basically did a full restore to the one old restore point that wasn't inital, from august, so I've gotta fix up some shit but on the whole it should be fine. As for my sister's, I dunno how that'll be when I look at it tmw, but I was more curious than anything else to find a solution that wasn't a factory restore style thing.

 

Task manager IS 100% disabled, no right click on task bar, no CAD, no run dialog, no nothing I know to get into it.

[peterl0]

Ten10's link recommends Malwarebytes anti Malware program.

I have also used that to remove a similar virus from our home computer and it works a treat.

 

The problem is that the virus overwrites part of the registry that loads things like the security centre and task manager - so after I was uninfected I spent some time try to get those all back.

Edited October 12, 2009 by peterl0

[Rummy]

I see, I'll try that out on my sister's if I can get in then. What would be a handy thing to know, is what processes related to it I can kill in the msconfig, because as I said I can't get into task manager(never tried security center, but maybe not that either) but if I stop them from starting with windows maybe it'd be easier to take out whilst windows is running? I don't know the extent to which it burrows into the computer, but it does look deep

[Cube]

With MSConfig, disable absolutely everything except for things that are needed (antivirus, video card software). Don't boot up MSN, Skype, Steam at startup - it's much quicker to open them manually when you need them.

 

Anyway, for your situation if your anti-virus is compromised then stop that booting up, too.

[Ten10]

Ten10's link recommends Malwarebytes anti Malware program.

I have also used that to remove a similar virus from our home computer and it works a treat.

 

The problem is that the virus overwrites part of the registry that loads things like the security centre and task manager - so after I was uninfected I spent some time try to get those all back.

 

Fixed. Always having my credit assigned to someone else.

[Rummy]

Thanks for the suggestion of MBAM Ten10, seemed to clean it up better than anything else, and that is now the anti-spyware she shall have on her computer along with AVG instead of avast, seeing as the previous seemed to do shitall for her, though I'm still sticking with it personally. Anyhow, for now all is well, so thanks to everyone for their help.

[The Lillster]

Task manager IS 100% disabled, no right click on task bar, no CAD, no run dialog, no nothing I know to get into it.

 

I presume you have admin privledges?

 

Anyway, to enable the Task Manager, just open a new text file and paste this info into it:

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system]
"disabletaskmgr"=dword:00000000

 

Save the text file and then rename the file extention to .reg

 

Run it and it will ask if you want to add this to the registry, click yes and unless something else is disabled, task manager should now be enabled.