Just a little warning. This is the biggest scam/virus/malware of the year. I've had several friends make the mistake of clicking on one of their popups and it is a major pain to remove. I think there are other variations of the name.
Antivirus 2009
- Thread starter 1100011CS
- Start date
They key for me was disabling TDSSserv.sys . Until I did that I couldn't install any of the tools mentioned in these or any forums.
BTW - Another great source for info is READ & RUN ME FIRST. Malware Removal Guide - MajorGeeks Support Forums
BTW - Another great source for info is READ & RUN ME FIRST. Malware Removal Guide - MajorGeeks Support Forums
I have yet to actually see it but apparently they get a pop-up while surfing that says they're computer is infected and they should click some link to fix it which downloads this Antivirus 2009. They then try to charge you to buy the software to fix the crap they put on.
Sometimes just following a search link is enough to get it installed.
What they do is say "we found x malware things running on your computer, click here to protect yourself."
The link takes you to a place to purchase Antivirus 2009 (or whatever they happen to be calling it) - their scam is to part you with your money.
The software itself just displays the warning and does its best to try to prevent its removal.
Malwarebytes.org - I've had luck removing that stuff with malwarebytes as well.
Well looks like there's a new "version" of this *****. It's called Antivirus 2010 now (original huh). My buddy brought me his computer on Sunday and I have been unable to get rid of the damn thing. I got it so there's no popup and all the warnings are gone but there's something that keeps changing permissions on apps so that you can't run them anymore. Last time I just had to get rid of something called TDSServ but I'm not finding that this time. All the forums I've read about this suggest certain tools (Malwarebytes, etc..) but I can't run any of them because of this. Any suggestions?
Can you get to them from safe mode?
Edit to add: I don't remember if it was antivirus 2010, but I cleaned off one a while back that actually was in that "family" and had to use TDSSKiller (http://support.kaspersky.com/viruses/solutions?qid=208280684) to remove the rootkit enough to allow for cleanup.
try the link
How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?
you might need to do this from safe mode.
Exact same problem. It's a rootkit that has dug deep into the system.
Try running Combofix from safe mode. It was basically our last resort before nuking it and starting over.
Here's the link, part-way down the page. Just make sure you know what you're doing because this can also seriously mess things up.
Combofix download
I tried combofix but I don't think I tried that one in safe mode. will give it a shot now. thanks.
Helping friends remove things like this from their computers, I stumbled on a program called "rkill" I believe. It shuts most of the unnecessary processes down and then allows you to run malwarebytes or other programs like it. Download "rkill" and malwarebytes to a flash drive and run them in safe mode. Worked for me...not sure if it is the most recommended procedure...but it works.
