Windows 7: Win 7 Antivirus 2012 ~ Virus Removal Help

Hi Night Hawk,

I am not really sure where I need to start up on the Malware Removal instrutions.
It appears Win 7 Antivirus is only showing up now in my Control Panel Notification area.

I ran a Thorough Scan x 2 (Avast & Malwarebytes) per Malware Removal instructions.

First using Avast ... got 0 issues,






Next I ran Malwarebytes, came up again with 0
I also checked the Quarantined Tab, just to be sure, only the same 10 were there.





That made me feel better until I checked Control > Notifications Area Icons and saw that mess.

I'm still NOT having issues with pop ups, browser redirects, exe issues ..

Any suggestions on where I should begin to clear those items out of my Control Panel ...

I seriously hate knowing those three items are still showing ::
Proxycheck.exe > gud.exe > dwx.exe




I have also used CCleaner to clear out all the old temp files.

Do you think dumping my Restore points would help ???

I'm kind of at a loss now, don't know what to do to get rid of three things.

I already tried to find them via Task Manager > Process's & services ..
Also msconfig.exe > StartUp & Services .. NO LUCK with either of those.

Thank you so much for all the help and direction, hope you can figure this one out.

Jenn

Hi BigCityCat,

Mission accomplished .. I did it, I created the CD to use and my Laptop booted right to it with no issues.

Once on the Desktop I opened Firefox, connected with my Wireless then pulled up my banking site and managed to take care of business with no problem.

Then I decided to look/play around and see what I could understand.

Somehow that CD even had my D:\ drive storage items on it .. listed under a Data Icon. They were a mess, none alphabetical and I couldn't find a way to straighten them out but still when I opened the individual folders things were there and I understood the concept.

After playing around for awhile when I got ready to sigh out of it I couldn't figure how in the world to stop the CD .... I looked everywhere under every Menu no buttons to do it buy.

Finally went back to the Desktop and searched for HELP ..
Immediately the Log Out and Shut Down buttons became visible.
Boy was I LOST for a moment .. good learning experience.

Thank you so much for the input to help me with my online banking.

Have a Good Evening.

Huggs Jenn

Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide)

I've used instructions from these people before on an unrelated problem and was completely satisfied. Good luck!

That shows it to be the same worm type virus I saw VIPRE clean right off. They like to trash Windows even once you have them off entirely when you later start running into various problems!

For the 30 day trial which will work you would first need to uninstall Avast being another av program. This type of virus generally doesn't try to recode files you have stored on the drive like other viruses but mainly targets the registry and some system files.

I would recommend backing things up just in case you end up needing to wipe the drive clean for a fresh install. Later once everything was back on creating a full system image to be stored on a separate drive would be the idea. The restoration of an image will wipe the drive for you during the process.

Happy to help. Glad it was a good experience.

Thank YOU so much and I appreciate your time and the link.

Jenn

Jenn
Check this article as to why.
Security Fix - Avoid Windows Malware: Bank on a Live CD

Thank You so much Night Hawk,

Since I'm not having the pop-ups, re-direct issues or any other virus related problems right now I really don't want to have to reformat my computer.

Right now my scans are coming up clean and I can't find anything that the Fake Virus is doing except those 3 entries showing in the Notification Area Icons, which I would love to get rid of but not enough to reformat.

I read some articles today about understand the Registry finally felt comfortable enough to venture in and look around.

I found BOTH the gud.exe and the dwx.exe in the Registry under the Key HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache.

Being a novice I backed out of the Registry without doing anything but wondered what would have happened if I had deleted those two values.

Anyway I think I'll try to find a Registry program that will help me to delete those two items without fear ..

I never did find anything on the proxychecker.exe but I have found how to hide it within the Notification Area.

Again,Thank YOU so much I appreciate the time you've devoted trying to help me.

Jenn

You're welcome!

You would have been better dumping the entry for the gud.exe or rather that being the alias name used for the VC1.exe which is added into the registry as a start up item for trojan dropping and other things while remaining hidden. This isn't the only malware it's been seen with.

It's basically the same thing for the dwx.exe file being another trojan dropper added into the reg as a start up item. Those two will help auto load the main virus as the system starts up. They work much as backdoor trojans.

On each you first find the file location before removing the reg entry and then restart the system before attempting to manually delete the files from the drive. The restart will insure the processes have ended once the reg entries are no longer there to start them up again.

When editing the registry I can understand your concerns. You have to treat everything like a separate file or folder where you want to be looking only one thing at a time and verify any changes you make are for that one thing only. But if your av or other security programs are not able to remove them for you you end up doing the manual walk and just have to confirm those two and those two only are deleted there.

As for the ProxyChecker.exe file that's not a malware. One report on it can be seen at ProxyChecker Antivirus Scan Results - ProxyChecker 100% Clean Program

ProxyChecker basically checks lists of proxies. This is mainly used as a network tool and not anything to be worried about according to that plus other information on it. The other two you have there however get the bad rep one first seen in 2009 and the other in 2010 the gud.exe being the older of the two and far more widespread with other fake programs.

NightHawk,

I wanted you to know I haven't bailed on you.
My daughter's little dog was run over & killed today by her roommate.
We are all really big dog lovers and I've been with her.
I'm so tore up, don't feel like I can handle computer today.

I will write back to you tomorrow.
I am going to take your suggest and delete those two value's,
but probably not a good idea for me right now, brain to scattered.

Talk to you tomorrow.

Thank YOU for all your input and help.

Jenn