Tag Archives | c users

Removing AntiVir Solution Pro Fake Anti-virus

The only rogue I’ve been seeing this month (over and over again) is the AntiVir Solution Pro (a.k.a – Antivir Security Suite).  This rogue (fake) Anti-Virus installs itself instantly and then:

  • prevents the user from using the internet.
  • loads generic porn sites.
  • tells the user that a “key logger” may have been installed or their credit card information is being stolen or that they have dozens of viruses on their PC.
  • prevents any other .exe from opening saying that “.exe is infected”.
  • sets proxy server settings to 127.0.0.1 (localhost) and a random port which the rogue listens on.  This is so it can redirect you to a random porn site or to the rogue’s “buy me now” page.Antivir-Solution-Pro-Rogue
  • may or may not come with a “pack” of other infections such other downloaders or a rootkit (if this is a 32-bit  OS).  64-Bit OS’s may see an increase in downloaders in c:\Users\*

How To Remove AntiVir Solution Pro:

  1. Download Dr. Web’s Live CD and burn the ISO to disc.
  2. Boot from the Dr. Web Live CD.
  3. Scan the following directories (if they exist) – c:\users or c:\documents and settings and c:\windows\.  This may take about an hour to complete.  Dis-infect (cure) anything that it finds.
  4. Reboot into safemode with networking by tapping the F8 key.
  5. Now that you’re inside safemode with networking we need to turn off the proxy server settings.  Refer to this article on how to turn off proxy server settings.
  6. Download CCleaner.
  7. Run it and clean all the temporary data for the user logged on (you have to do this for each account on your computer).
  8. It’s time to load Malwarebytes.   Download the latest copy of Malwarebytes and update it.
  9. Run a Full scan with Malwarebytes (if you have the time, if not, quick scans are usually enough).  Remove anything Malwarebytes finds and reboot into normal mode.
  10. You should be all clean now.

Look for my next post which will show you how to block rogues like AntiVir Solution Pro.

Continue Reading · 26

Listing Newly Created Files in Any Directory

Here’s a very handy little command that will list files in any directory you choose by the latest date.

The example below creates a list of all the files in c:\Windows\System32 arranged by latest date (this example does not include sub-directories.  You can specify /S for recursive sub directory scanning/listing):

  1. Open a command prompt.
  2. Enter the following command – dir c:\windows\system32 /o:-d > c:\temp\new-files.txt
  3. Press Enter
  4. Open the text file in c:\temp to see the latest files created in system32.

While it’s not exactly easy to read a long list of files it does really allow you to narrow down suspicious files by seeing when they were created in the directory in question (which can then be uploaded to virus total for example).

Directories to run this command on:

C:\Windows

C:\Windows\System32

C:\Documents and Settings (must use /s switch)

C:\Users (must use /s switch)

Continue Reading · 4

Where Does Malware Hide

Malware hides in only a few spots (typically). The folders below should be manually scanned with an anti-virus (kaspersky or Windows OneCare) and an anti-malware application (malwarebytes’ anti-malware) on a daily basis.

In Windows XP:

C:\Documents and Settings\

C:\Windows

In Windows Vista:

C:\Users

C:\Windows

Most of the very malicious malware resides in C:\windows\system32

As a IT consultant I need to move from appointment to appointment. Scanning the folders above with manual scans allows me to clean up the infections quickly instead of waiting to scan the entire PC. Once the manual scans are complete and the malware from those folders has been neutralized I set their on-access scanners to clean and then quarantine anything left (if there is anything left…there usually isn’t).

Continue Reading · 0