Antivirus-Pro got into my system

[Raider]

Don't know how it happened, but the Family computer my kids go on, was infected with the Antivirus pro 2008 virus, and we have Eset installed on the system.

I used Malwarebytes Anti-Malware to remove and it was successful, but the Virus keeps coming back for some reason, not immediate, perhaps after 12 hours or when my kids get back on it.... The software is nasty, it constantly takes you to a porn site and brings up windows to purchase antivirus software to remove it, You cant even access your add/remove programs, it corrupts files that prevent the user from trying to remove it.

Has anyone had this? and how did you get rid of it?

Also, shouldn't Eset of prevented this intrusion in the first place?

Thanks.

 

[fab]

I had the same problem. Don't remember how I solved it though, will try to help though.

 

[draggar]

Two options:

Format and reinstall windows

Google the pseudo-virus / scareware for a manual clean. Be sure to disable it in your browser's add-ons at least.

 

[Raider]

Two options:

Format and reinstall windows

I've done this quite a few times, it's really hard to teach your kids what not to click on... Right now I have over 18GB of photos on the PC, luckily not much else of real importance, So what I might do is buy a external hard drive, transfer the pics and then perform the format.

The Virus has not come back yet and I just upgraded to Windows 8, So I'll see how it goes first, If it comes back again then I'll do the format.

Thanks Ed

 

[Johnn]

Windows 8? I thought Windows 7 did not come out yet until the 22nd?

Did you try to restore the system from an earlier date check point?

 

[DomainsInc]

perhaps try spybot? it worked on a virus i had that other programs couldn't remove.

 

[Theo]

Here's a link that lists a removal process:
http://iamthegeek.com/?p=17

 

[Raider]

Windows 8? I thought Windows 7 did not come out yet until the 22nd?

Sorry John, I meant IE 8....

Did you try to restore the system from an earlier date check point?

I've done this twice before in the past and never got rid of the virus, so I didn't try.

Here's a link that lists a removal process:
http://iamthegeek.com/?p=17

Thanks Theo, I didn't seen this one.... I was going to buy Spyware Doctor but every time I buy one of these anti-virus cleaners, another virus comes along that's immune to it and I have to buy another cleaner for that specific virus... I've been told that no one cleaner fits all.

Thanks again for the link.

 

[south]

Also check for rootkits with panda antirootkit
and/or gmer
If that doesn't do it - try combofix

I fix 10-20 of these each week. The problem is when you have one, you usually have plenty more, many of which have to be removed manually from command prompt, or better yet a bartpe or knoppix cd. Also you should consider changing your email / banking /dnf / etc passwords asap, as these rootkits often have keyloggers attached.

Edit: I have never tried these programs on Win7, your mileage may vary.

 

[snicksnack]

install linux and you never have to deal with this problems again.

 

[stock_post]

I had that problem before.
Spybot search and destroy works on these for me.
I have another one at work, I will post it in the next two hours.

SUPERAntiSpyware is another one that I used.

formating the computer did not help in my case.

 

[PeterMan]

Do you know much about editing your registry?

Here are some steps to follow if you do:

Internet Antivirus Pro manual removal:
Kill processes:
iv.exe InternetAntivirus.exe IAUpdater.exe IAvir.exe unins000.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run "iv"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "Internet Antivirus"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "3P_UDEC_IA"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Antivirus_is1
HELP:
how to remove registry entries

Delete files:
InternetAntivirus.exe activate.ico cookies.log Explorer.ico IAUpdater.exe IAvir.exe Scanner.log unins000.dat uninstall.ico working.log config.cfg DBInfo.ver ia080614.db Internet Antivirus.lnk Internet Antivirus Home Page.lnk Internet Antivirus.lnk Purchase License.lnk settings.ini uill.ini unins000.exe Uninstall Internet Antivirus.lnk iv.exe
HELP:
how to remove harmful files

Delete directories:
c:\Program Files\IA
c:\Program Files\Internet Antivirus
c:\Program Files\Internet Antivirus\db
c:\Program Files\Internet Antivirus\Languages
c:\Documents and Settings\All Users\Start Menu\Programs\Internet Antivirus
%UserProfile%\Application Data\Internet Antivirus

 

[draggar]

I've done this quite a few times, it's really hard to teach your kids what not to click on... Right now I have over 18GB of photos on the PC, luckily not much else of real importance, So what I might do is buy a external hard drive, transfer the pics and then perform the format.

The Virus has not come back yet and I just upgraded to Windows 8, So I'll see how it goes first, If it comes back again then I'll do the format.

Thanks Ed

My system has a 160GB drive as the primary (OS, programs etc..) and a 1 TB drive as the secondary - downloads, uninstall program installers, documents, photos, videos, etc..

IMO the best easy, that way you can format the primary and don't have to worry about losing anything. The only pain is reinstalling what you use,

perhaps try spybot? it worked on a virus i had that other programs couldn't remove.

For some odd reason SpyBot, Ad-Aware, AVG, even Housecall won't pick up on pseudo-viruses because they're not real viruses, just a pain in the ass scare.

install linux and you never have to deal with this problems again.

k: I ran Linux on one of my boxes (Ubuntu) it was nice and ran a lot but not many Windows programs have Linux equivalents.

Do you know much about editing your registry?s

That's always fun. Searching though hundreds of thousands of folders. :smilewinkgrin: Before you do anything there - BACK UP YOUR REGISTRY!!!

But - it is required for a good and thorough cleanup.

 

[Raider]

Here's an update, The virus came back as soon as my daughter went on Friendster....

I ran Malwarebytes again which gets rid of it momentarily, Then I googled Spybot like some suggested and came upon a Cnet review, This is where they showed the # of downloads for Spybot, But topping the list was "Ad-Aware" and it was free, So I gave that one a try first, After a full scan, it found the Trojan and wiped it out, It also found some other files Malwarebytes missed and cleaned those out too.

I haven't had a problem in the last 14 hours, so it appears to be gone for good.

Nice program that Ad-Aware is, and the best thing of all; it was Free.

Thanks guys for all your help, I greatly appreciate it.

My system has a 160GB drive as the primary (OS, programs etc..) and a 1 TB drive as the secondary - downloads, uninstall program installers, documents, photos, videos, etc..

Our primary computer has the same and this is what we do, but the Kids computer only has 1 drive.. So were thinking of getting a 1.5TB external drive instead, to store their images on that, This way we can easily copy them to other PC's in the house.

I'm looking at the Seagate FreeAgent, Costco is selling them for only $139..

 

[fab]

I used spyware doctor, but it came back, then I removed the files manually, and since then hasn't come back.