Fake Anti-virus cant remove
-
First off, what is the name of this fake AV? I believe in this case it would really help everyone if we knew specifically what we were dealing with. Different fake AV's work in different ways, and as I stated in the 1st post, there is software that targets certain fake AV's.
I don't know how much internet access it's allowing you, but if you can go here, it will d/l it's own AV engine & run it in a sandbox. Try both links.
Free Virus Scan - Free Antivirus Software | Norton Security Scan
http://security.symantec.com/sscv6/h...&auth_status=0
If this thing is so stubborn that even a boot up rescue disk isn't helping, you may wish to just reinstall the entire OS (after wiping the disk), as even if you clean it out, there may be some remnants left that can cause instability down the road.
Last edited by Borg 386; 29 Dec 2010 at 10:29.
-
-
Nothing here worked, but somehow Windows Defender found it (funny huh). It was some backdoor, and a rootkit. Removed them both and was fine.
-
Glad to hear Windows Defender took care of the problem. 
FWIW you might want to try scanning again with Malwarebytes, Hitman, etc just as a precaution. If you can't get those scans to work you might still have some malware on your machine.
-
-
Did you get a name for the fake AV?
-
There are quite a few Fake AV's floating around at the moment,
Some of these names include:
SecurityTool (Very easy to remove)
Anti-Virus Vista 2010 (Very hard to remove)
Anti-Virus Vista 2011(Very hard to remove)
rogue.systemdefragmenter (Malware Bytes detection name)
and so on.
Usually, these are really easy to remove unless they're the ones that contain rootkits and backdoor droppers like Anti-Virus Vista.
-
Nothing here worked, but somehow Windows Defender found it (funny huh). It was some backdoor, and a rootkit. Removed them both and was fine.
Rootkits are not that easy to get rid of. My suggestion is to wipe and do a clean install. You can't be sure the computer will ever be stable again, without doing so.
-
-
Nothing here worked, but somehow Windows Defender found it (funny huh). It was some backdoor, and a rootkit. Removed them both and was fine.
Rootkits are not that easy to get rid of. My suggestion is to wipe and do a clean install. You can't be sure the computer will ever be stable again, without doing so.
Ah but if you know what your doing, you can completely clear the system of rootkits. Yes they are hard to remove, but the system can still be stable if removed properly...
-
After it got rid of it, I scanned in safe mode with Spy Sweeper, and MSE. they found nothing.
And it was somehting like System Security Scan or something like that.
-
I'd still insist on doing a wipe and install rather than scanning with some basic stuffs like MSE, Spysweeper.
You can never be sure how much damage the rootkit has done. They can install hooks at such low levels that can survive formats and scans. Moreover, they may also create hidden partitions or locations as you say, which acts as their backup and working area.
However, a wipe would very likely clean the remnants.
-
I always check partitions frequently on this computer as my brother often messes it up somehow. Glad to say that there is only 1 partition.
And I had him back up all the stuff he wants to keep, so that if it does give him trouble again, we will just wipe teh drive and reinstall the OS.
Quote