trying to remove antivirus soft malware

[dmehling]

I'm trying to remove a malware program for my mother's computer called antivirus soft. Nearly every webpage I found explaining how to remove it says the same thing but it has not helped. I have tried running Malwarebytes and it found one file that was deemed malicious, but that did not remove antivirus soft. I tried to do an update on Malwarebytes but I get an error message when I try to do that. I then downloaded a program called Security 360 by IOBits which found 25 threats but they were all cookies. Removing those did not help either. Can anyone suggest what else to do at this point?

 

[FunnelWeb]

will this help at all

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft

 

[johnb35]

I'm trying to remove a malware program for my mother's computer called antivirus soft. Nearly every webpage I found explaining how to remove it says the same thing but it has not helped. I have tried running Malwarebytes and it found one file that was deemed malicious, but that did not remove antivirus soft. I tried to do an update on Malwarebytes but I get an error message when I try to do that. I then downloaded a program called Security 360 by IOBits which found 25 threats but they were all cookies. Removing those did not help either. Can anyone suggest what else to do at this point?

Follow this procedure.

Please download Malwarebytes' Anti-Malware from here, here, here or here and save it to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to
  • Update Malwarebytes' Anti-Malware
  • and Launch Malwarebytes' Anti-Malware
• then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform quick scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If you continue to experience problems after doing this, please post a HijackThis log by doing the following:

Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log

will this help at all

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft

Funnelweb, you do not need to enclose links in code tags, just copy and paste the website in a reply.

 

[dmehling]

As I said in my message already, I tried Malwarebytes. I cannot update it. It gives me an error message. I went ahead and did a full scan and it found nothing. Any idea why it would not update? It is a Windows XP computer.

 

[johnb35]

Post a hijackthis log please. The reason why it won't update is because the infection has stopped malwarebytes from updating to remove the infection. What database version do you have malwarebytes? Can you post the log from it so I can see what version you have? Post hijackthis as well.

 

[dmehling]

log files

Here are the log files

 

[johnb35]

I do not see anything bad in the logs. But go ahead and download and run combofix and we'll see if anything is hiding.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.

• Download this file here :
  
  http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  
  
• Then double click combofix.exe & follow the prompts.
• When finished, it shall produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

In your next reply please post:

• The ComboFix log
• A fresh HiJackThis log
• An update on how your computer is running

 

[voyagerfan99]

Post a hijackthis log please. The reason why it won't update is because the infection has stopped malwarebytes from updating to remove the infection. What database version do you have malwarebytes? Can you post the log from it so I can see what version you have? Post hijackthis as well.

Safe mode with networking sometimes allows malwarebytes to update. Once it's updated he could then just reboot into windows normally and run malwarebytes.

But since you said combofix already, I suspect that'll do the trick.

 

[OverClocker]

Viruses are getting more ridiculous and malicious everyday.

 

[FunnelWeb]

Funnelweb, you do not need to enclose links in code tags, just copy and paste the website in a reply.

oh thanks for that johnb35, i think i got used to the fact from differant forums that i had to use the code tag, but will just post the link from now on.

 

[dmehling]

problem solved

I ran combofix and as far as I can tell, the malware is gone. Thank you so much for your help. I have attached the latest log files.

 

[johnb35]

Now run malwarebytes and try to update it and then run a quick scan.