Fake Antivirus 2009 - HELP!!!

[cytheguy]

One of our computers has what appears to be a nasty little virus. Keeps telling us our computer has hundreds of infected files, or something like that, and that we need to install Antivirus 2009. Won't let me do Jackshnit. Can't get on the Internet at all. I have Ad-Aware and McAfee, but don't think those are helping.

Anyone know what the F this is and how I can fix it? Tried installing Spy Sweeper and running Spybot Search and Destroy, but Spy Sweeper get's about 3/4 through the installation then stops. And Spybot won't even open.

Any help would be much appreciated. Thanks.

 

[cytech]

Malwarebytes' Anti-Malware - Free software downloads and reviews - CNET Download.com

Download this program update and run it. It should take care of most of your problems if you have remaining issues post them

 

[cytheguy]

Thanks. Only problem is, I can't open Internet Explorer on the computer that's infected. Can I save the program to a thumb drive and transfer it to the other computer, then run it? Are there any tricks, tips or special instructions if I do?

 

[IcSyU]

Thanks. Only problem is, I can't open Internet Explorer on the computer that's infected. Can I save the program to a thumb drive and transfer it to the other computer, then run it? Are there any tricks, tips or special instructions if I do?

Yes, save it to the flash drive and then execute the file on infected computer.

 

[Go2Guy]

I hope the anti-Mal works for you; it's a vicious bastard. I was infected, and tried the free anti-Mal software and after a frustrating couple of hours , ended up having to reformat my hard drive.

 

[twojman]

I have the same problem, bought AVG a month ago and still cannot get online with my laptop. I will have to take it somewhere....:sad:

 

[jumbopackage]

This thing is a major pain in the tucus to get rid of.

Infected with AntiVirus Pro 2009

 

[1100011CS]

http://www.cyclonefanatic.com/forum/off-topic/44858-antivirus-2009-a.html#post774479

Good luck. It took me probably 10 hours to rid my neighbor's PC of this pest.

 

[1100011CS]

Malwarebytes' Anti-Malware - Free software downloads and reviews - CNET Download.com

Download this program update and run it. It should take care of most of your problems if you have remaining issues post them

When my neighbor brought their PC over with this problem I couldn't install any of the anti-malware programs suggested by most sites. Some of them you could rename the install program and it would install but then they wouldn't run. The key is disabling TDSSserv.sys.

 

[jumbopackage]

My suggestion:
Boot to safe mode
Run sdfix
reboot
run sdfix again
reboot
run combofix
reboot
run spybot search and destroy
reboot
hopefully that does it...

 

[cytheguy]

When my neighbor brought their PC over with this problem I couldn't install any of the anti-malware programs suggested by most sites. Some of them you could rename the install program and it would install but then they wouldn't run. The key is disabling TDSSserv.sys.

How do I disable TDSSserv.sys, and when I do, do I need to enable it again?

Another option is to have GeekSquad or someone like that come out and fix it. I'd pay the money to get the stupid thing fixed. Just hoping there's a way I can do it myself.

I installed the malware program mentioned earlier, but it wouldn't run.

 

[CYdTracked]

If all else fails you can do what we do with virus infected PCs at the office which is reimage it with a fresh OS image and you'll surely get rid of it. Our rule of thumb is if the infected files are outside of the user profile such as the system32 folder, registry keys, etc. the safest way to make sure it's gone it to wipe the drive and start over. Temp folders are easy clean and re-scan but when you are dealing with thousands of networked machines and you have a pesky virus that won't clean easily just wipe the drive.

 

[cytheguy]

I'll try that, Jumbo.

 

[jumbopackage]

How do I disable TDSSserv.sys, and when I do, do I need to enable it again?

Another option is to have GeekSquad or someone like that come out and fix it. I'd pay the money to get the stupid thing fixed. Just hoping there's a way I can do it myself.

I installed the malware program mentioned earlier, but it wouldn't run.

TDSServ.sys is the problem. You don't want it. SDFix should be able to get rid of it.

 

[d4nim4l]

The key to getting Malwarebytes to work is actually rename the executable that runs the program after installation.

Right click on your shortcut, see where it directs, find that .exe file and rename it something like "mango". Then in the shortcut change the target to direct to that and run. It did the trick for me and seems to be the common way of beating this virus/spyware because it looks for specific .exe names to block.

 

[cytheguy]

The key to getting Malwarebytes to work is actually rename the executable that runs the program after installation.

Right click on your shortcut, see where it directs, find that .exe file and rename it something like "mango". Then in the shortcut change the target to direct to that and run. It did the trick for me and seems to be the common way of beating this virus/spyware because it looks for specific .exe names to block.

Thanks, this worked and I'm running the program now.

 

[cytheguy]

Malwarebytes seems to have removed the problem, only now my Internet Explorer won't launch. Box comes up like it wants to, but it disappears right away. Any ideas?

 

[brianhos]

This is a really nasty one. I suggest just reformatting and starting over.

 

[d4nim4l]

Malwarebytes seems to have removed the problem, only now my Internet Explorer won't launch. Box comes up like it wants to, but it disappears right away. Any ideas?

Run a full system scan of Malwarebytes if you have not already. Follow that up by running Spybot. Should hopefully do the trick.