Antivirus system pro But with no Safe Mode  | | 
October 26th, 2009, 05:30 PM
|
#1 (permalink)
| | Ultimate Member
Join Date: May 2002 Location: California, USA
Posts: 2,385
| Antivirus system pro But with no Safe Mode
A friend of mine got infected with the NASTY antivirus system pro virus. Every site I visit with info on how to remove it says to run an antivirus/anti spyware software but that is impossible. I cant even ctrl-alt-delte because this virus stops every process from running. (Can't even run the command prompt, it terminates it as soon as it starts).
Well of course the next option is to run safe mode but when I do that the computer reboots. I don't know if this is directly because of the virus or not.
Anyway, does anyone have advice for removing this virus without safe mode?
I was thinking of getting Avast's Bart CD and running that since it runs in it's own OS.
I ran Kaspersky from and old Hiren's boot CD but it found nothing. Probably too old.
__________________
Abit AW9D-Max | E6300 | XP-120 | Panaflow 120mm | 2x 1GB G.Skill DDR2-800 | BFG 8800GT | Tagan 480w
| 
|  | |
November 2nd, 2009, 08:35 AM
|
#2 (permalink)
| | Junior Member
Join Date: Oct 2009
Posts: 8
|
if you want to remove the virus without going safe mode, then you should try bestantivirusreviewed.it provide the advisable for fighting against innumerable internet threats | |
| | |
November 3rd, 2009, 07:38 AM
|
#3 (permalink)
| | Thaumaturge Member
Join Date: Oct 2001 Location: West Haven, Utah
Posts: 15,310
| Quote:
Originally Posted by joker_927  A friend of mine got infected with the NASTY antivirus system pro virus. Every site I visit with info on how to remove it says to run an antivirus/anti spyware software but that is impossible. I cant even ctrl-alt-delte because this virus stops every process from running. (Can't even run the command prompt, it terminates it as soon as it starts).
Well of course the next option is to run safe mode but when I do that the computer reboots. I don't know if this is directly because of the virus or not.
Anyway, does anyone have advice for removing this virus without safe mode?
I was thinking of getting Avast's Bart CD and running that since it runs in it's own OS.
I ran Kaspersky from and old Hiren's boot CD but it found nothing. Probably too old. | My son managed to infect one of our computers with this. It disabled the antivirus and antimalware programs and, just as you described, would reboot if I tried to go into safe mode. ComboFix removed a rootkit and got the system back to where I could run Malwarebytes and antivirus software, which removed the rest. | |
| | |
November 4th, 2009, 05:09 PM
|
#4 (permalink)
| | Junior Member
Join Date: Nov 2009
Posts: 1
|
I'm having a similar problem. I can't start in Safe Mode and I can't even get Combofix to run. The program isn't letting me run any exe program. I can't even start task manager.
Help! Please!!! | |
| | |
November 4th, 2009, 06:21 PM
|
#5 (permalink)
| | Ultimate Member
Join Date: May 2002 Location: California, USA
Posts: 2,385
|
BWFoster, I was in the same boat as you and I found a fix although its not for the weary. I also could not run any exe and I dont exactly know which process was causing it but this is what I did and hopefully it can point you in the right direction.
I used a boot-up disk that allowed me to edit the registry as well as delete files WITHOUT booting into windows. A friend of mine had a copy of Avast's BART CD (a non-free version of the free BARTpe mini-xp environment).
I searched the internet and found out exactly what files these automated programs were removing and compiled a list to remove myself. Here is the list I made:
Files to search for and delete:
Antivirussystempro.exe
sysguard.exe
%ProgramFiles%\Antivirus System PRO\quarantine.vdb
%ProgramFiles%\Antivirus System PRO\queue.vdb
%ProgramFiles%\Antivirus System PRO\mbase.vdb
%ProgramFiles%\Antivirus System PRO\conf.cfg
%ProgramFiles%\Antivirus System PRO\uninstall.exe
%ProgramFiles%\Antivirus System PRO\Antivirussystempro.exe
%ProgramFiles%\Antivirus System PRO\
c:\WINDOWS\sysguard.exe
c:\WINDOWS\system32\iehelper.dll
(Run the following in the command prompt first: "regsvr32 /u c:\WINDOWS\system32\iehelper.dll")
Registry Keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Antivirus System PRO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\Antivirus System PRO
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run “Antivirus System PRO”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad “ieModule”
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run “system tool”
HKEY_CLASSES_ROOT\CLSID\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{BAD4551D-9B24-42cb-9BCD-818CA2DA7B63}
search registry and harddrives and delete anything with the following in the name:
Antivirus System PRO
SYSGUARD
Then I could boot into windows where I ran Avast, Spybot, MalwareBytes, and Kasperky.
Problems seem to be all fixed.
I take no responsibility for you editing your registry/files. | |
| | |
November 6th, 2009, 04:49 PM
|
#6 (permalink)
| | Junior Member
Join Date: Nov 2009
Posts: 1
| This is what worked for me
My customer had the exact same problem: Couldn't get into normal or safe mode because it would automatically reboot while it was booting into Windows. This virus is nasty and normally I would just say reinstall but this was not an option. His entire business was on this computer. Here's how I fixed it.....
Disconnected the other hard drives in the machine to take them out of the picture.
Made a complete image of the master hard drive onto another hard drive so if I made it worse I could always go back.
Booted the Windows XP Home CD and chose the repair option. It will reinstall all the Windows files but try to keep your programs and personal files on the hard drive. After it finished I was actually able to boot into Windows. Going into safe mode seemed to be fine but going into normal mode still brought up A/V Pro.
Went back into safe mode and ran combofix. This looked like it was helping but it didn't actually fix the problem.
Went back into safe mode and ran smitfraudfix. I don't know if this did anything.
Went back into safe mode and tried Malwarebytes. It found 11 problems and said it cleaned them. Went back into normal mode and still had the same issue.
Went back into safe mode again and ran Malwarebytes, this time doing a full scan. Found 8 problems and said it cleaned them. Went back into normal mode and to my surprise no more A/V Pro.
I then updated his Eset virus definitions.
Updated to XP service pack 3, then did the rest of the security updates. After running these updates and rebooting I noticed that IE would crash every time I launched it. So I used firefox to download the IE8 installer and installed IE8. Now everything seems to be ok. | |
| | |
November 7th, 2009, 03:53 AM
|
#7 (permalink)
| | Ultimate Member
Join Date: Sep 2002 Location: Finger Lakes area
Posts: 2,373
|
AntiVir rescue CD from avira.com under Tools (self booting) . MalwareBytes is helpful too.
.bh.
__________________
"Our freedom depends on five boxes: soap, ballot, jury, witness; and, when all else fails, Ammo. " ?author?
| |
| | | Thread Tools | Search this Thread | | | | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | | Most Active Discussions  | | | | |   Recent Discussions  | | | | |
 |
hardware
prices 
