13 replies to this topic

[manateemike]

First may i say what a helpful site this appears to be. I have done some research about the "antivirus 2009", and have d/l MBAM. I found i could not start the program, Various popups seemed to prevent proper installation, anyway i found a previous post saying


Click on Start, click Run, and then type devmgmt.msc and click OK
On the View menu click on Show hidden devices
Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys
Highlight that driver and right click on it and select DISABLE
Now RESTART your computer.
Download a copy of Malwarebytes but DO NOT run it yet.
Rename the downloaded installer file to any generic name such as your own name but keep the .EXE extension on the file and run it.
Once the program is installed go to the UPDATE tab and try to update the program if you can.
Then go to the SCANNER tab and run a Quick Scan and allow MBAM to fix anything found.


Well having restarted my pc into safe mode when i entered into the "devmgmt.msc" screen and clicked "show hidden devices" there was nothing in the open window.

Thinking (bad for me) that it was a safe mode issue i started pc in normal mode, now i can only get to the select users screen and pc appears to not respond. Mouse still moves but nothing happens.

Background info XP sp3 mcafee,spybot,adware, all installed but none will run. I do not have HiJackThis installed, and cant now that i cant log on.

Thank you for taking the time to read this, i hope somebody can help.

[manateemike]

Just incase things prove too difficult, i am thinking of purchasing a new pc anyway, however if and when i can get into my infected pc will it be safe to transfer photo's and music to a new disc drive without transfering the virus/trojan (if attempts to clear it fail). Photo's have been backed up onto disc, music hasn't.

[AdvancedSetup]

If you have access to a work computer or a friends computer where you can burn a disk please follow these instructions.
Once the PC is up and running well enough then post a new post as shown below.


Requires access to a working computer with a CD/DVD burner to create a bootable CD.
[indent]Avira AntiVir Rescue System - download[/indent]

Avira AntiVir Rescue System
Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to:
[indent]

• repair a damaged system,
  
  
• rescue data,
  
  
• scan the system for virus infections.[/indent]
  Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.
  The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.

Then hopefully your system will be cleaned enough to get back into it and install / run MBAM. If so please follow these instructions.




Please read and follow the instructions provided here: Pre- HJT Post Instructions
When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

[manateemike]

Thank you for your prompt response.

I have managed to start pc and follow instructions regarding disable of TDSSserv.sys. and have managed to run and update MBAM.

Will update later, maybe morning (depending on scan length) , work nights so leave for work at 5.30pm and back 6.30am.

[manateemike]

Ok i have managed to run MBAM, it removed 39 infections.

Will post HijackThis at the weekend.

Thank you once again for your help, my blood pressure has gone down a bit.

[t42]

Hello-

I also have been afflicted by AntiVirus 2009 w/ similar issues to the person that started this thread. I burned an Avira AntiVir Rescue System boot disc on another computer that I think may well also have this virus, but disc burn appeared successful.

I was able to boot the really badly afflicted computer with the Avira AntiVir Rescue System disc, but cant select anything but German for language, and so have no idea what i'm selcting after i hit SCAN. Why am I unable to select English? I can move the blue highlight bar up and down to highlight either English or Deutsch, but can't move the (X) to select English.....what am i missing here or is this damn av2009 locking me out of even that selection, similar to the way it wont let me safe mode boot or do a system restore.....?

Thanks!

[exile360]

t42, on Nov 25 2008, 09:40 PM, said:

Hello-

I also have been afflicted by AntiVirus 2009 w/ similar issues to the person that started this thread. I burned an Avira AntiVir Rescue System boot disc on another computer that I think may well also have this virus, but disc burn appeared successful.

I was able to boot the really badly afflicted computer with the Avira AntiVir Rescue System disc, but cant select anything but German for language, and so have no idea what i'm selcting after i hit SCAN. Why am I unable to select English? I can move the blue highlight bar up and down to highlight either English or Deutsch, but can't move the (X) to select English.....what am i missing here or is this damn av2009 locking me out of even that selection, similar to the way it wont let me safe mode boot or do a system restore.....?

Thanks!

When selecting english, hit the space bar and it should select it, then press enter.

[jimnall]

AdvancedSetup, on Nov 24 2008, 03:07 AM, said:

If you have access to a work computer or a friends computer where you can burn a disk please follow these instructions.
Once the PC is up and running well enough then post a new post as shown below.


Requires access to a working computer with a CD/DVD burner to create a bootable CD.
[indent]Avira AntiVir Rescue System - download[/indent]

Avira AntiVir Rescue System
Avira AntiVir Rescue System is a Linux-based application that allows accessing computers that cannot be booted anymore. Thus it is possible to:
[indent]

• repair a damaged system,
  
  
• rescue data,
  
  
• scan the system for virus infections.[/indent]
  Just double-click on the rescue system package to burn it to a CD/DVD. You can then use this CD/DVD to boot your computer.
  The Avira AntiVir Rescue System is updated several times a day so that the most recent security updates are always available.

Then hopefully your system will be cleaned enough to get back into it and install / run MBAM. If so please follow these instructions.




Please read and follow the instructions provided here: Pre- HJT Post Instructions
When ready please post your logs here: Malware Removal - HijackThis Logs

Someone will be happy to assist you further with cleaning your system.

During this scan and cleanup process you should not install any other software unless requested to do so.

I've also had luck with BART PE bootable version of windows to allow running MBAM

[daa967]

Hello all! New to site and you guys are amazing! So very helpful! I am in the midst of booting the rescue CD....I boot it from the CD-ROM and it goes perfect! UNTIL...it comes up in German! LOL Any help?

Thanks

Dara!

[daa967]

daa967, on Dec 17 2008, 04:54 PM, said:

Hello all! New to site and you guys are amazing! So very helpful! I am in the midst of booting the rescue CD....I boot it from the CD-ROM and it goes perfect! UNTIL...it comes up in German! LOL Any help?

Thanks

Dara!

I should clarify...I keep reading that all you have to do is select English, my problem is I am never prompted to select a language. It seems to me that Im not getting the full screen...its cut off at the bottom! Im sooo confused! Please help save the life of a teenager by helping me LOL It is my stepsons comp that I am trying to fix and he is a syllable away from getting duct taped

[phttraveler]

I was also infected with Antivirus 2009. I had McAfee updated and running, it did not stop it. With the malware running, McAfee was running but crippled, MSFT autoupdate was disabled, regedit was disabled. I did get Ad-Aware running, but it did no good. Spybotsd, Combofix, mbam all would not run. I tried Avira Rescue System CD, but that did not work for me. Finally I dowloaded a copy of Spyhunter as was suggested on a different site, and transferred it to the infected system via flash drive. Spyhunter did run and detected a root tool kit, disabled it, and rebooted my PC. After that, I was able to run mbam, spybot, and will probably run Superantispyware (suggested by the same post that suggested Spyhunter). Note the free version of Spyhunter would only detect, but not correct. But it did disable the root tool kit for me to be able to run mbam and spybotsd.

[GT500]

Note: Renaming mbam.exe often confuses the malware, and allows it to launch.

[renichms]

GT500, on Dec 19 2008, 03:10 PM, said:

Note: Renaming mbam.exe often confuses the malware, and allows it to launch.

I realize this is an old post but I thought I should comment. I have tried renaming both Malwarebytes and its installer dozens of times and not once has that ever tricked malware into letting it run. Avira is far more reliable when it comes to a preliminary scan to get Malwarebytes running to remove it all.

I also noticed someone above mention their Avira rescue disc seemed cut off. I have now encountered that twice and extensive searching has yielded no solution so far. Is there a solution or do I have to just recommend the users that can't run Avira or Malwarebytes just reinstall the OS and everything else on the computer?

RN

[GT500]

In those ever-growing cases where renaming does not help, here are a couple of tutorials on how to get MBAM to run:

CLB Driver(TDSS/GAOPDX/Seneka/UAC)
http://www.malwareby...showtopic=12709

av360
http://www.malwareby...showtopic=12713