PDA

View Full Version : Getting Rid Of Antivirus 2009 Successfully!


blkmagik
12-31-2008, 02:34 AM
I have recently found a few computers that I could not get Antivirus 2008 or 2009 Off. I was about to format, but I noticed something, the files were hidden. but when I put the users harddrive in my bench computer, the files showed up.... So something about the virus is hiding these files in windows, blocking internet access etc. So I Remembered few good tools. Kaspersky Linux Boot Disc:

ftp kaspersky com/devbuilds/RescueDisk

And Avira Linux AntiVir Rescue System:

free-av com/en/products/index html

Both free tools. Set them both to rename files if they cannot delete. and run them both. about 1 hour later, no more Antivirus 2009!

I hope this helps others, it has worked on 5 computers now. I will continue to see if this works on others.....

wmacquinn
12-31-2008, 02:25 PM
Thanks but this is actuallt old newa. Malwarebytes usually knocks them out in under 10 minutes.

WareDat
12-31-2008, 03:49 PM
AV 2009 can be dealt with pretty easily by setting the computer to restart in safe mode no network in msconfig, reboot to safe mode, and reboot to safe mode again then run mbam, reboot run mbam again. Run System Inspector, do the final clean up, and run HijackThis just to be sure. Reset msconfig to start windows normal.

Be sure system restore is turned off and all temp files are deleted after first mbam session, also reset IE security settings to default.

blkmagik
01-02-2009, 05:23 AM
The boot discs have cleaned it off in all occasions even the worst. 1 hour bench time.

lawson_jl
01-04-2009, 10:33 PM
SmitFraudFix or ComboFix will get rid of AV 2009 in under 10 minutes. Just run malwarebytes or superantispyware afterword to clean up the rest of the drive.

blkmagik
01-09-2009, 06:14 AM
Just put it in and walk away. come back in a few and all is well.

Simmy
01-09-2009, 09:15 AM
I've come across a number of AV2009 infections that won't let me run or install any software - so simply running Smitfraudfix/Combofix/MalwaysBytes etc isn't an option. In those cases, you need a boot disc, so thanks for the info :)

I've got the Kaspersky boot CD in my CD case, but I've yet to use it. UBCD4Win works well too as you can run SuperAntiSpyware which is included with it.

WareDat
01-09-2009, 10:43 AM
I've come across a number of AV2009 infections that won't let me run or install any software - so simply running Smitfraudfix/Combofix/MalwaysBytes etc isn't an option. In those cases, you need a boot disc, so thanks for the info :)

I've got the Kaspersky boot CD in my CD case, but I've yet to use it. UBCD4Win works well too as you can run SuperAntiSpyware which is included with it.

Give the Kaspersky Virus Removal Tool a try you can in install and run it in safe/minimal http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/ it's actually the first thing I run if the computer is loaded with infections. I've never had it not install, but my software update script renames all my installers to my liking, so maybe that's why.

geekhelp4u
01-09-2009, 05:41 PM
Another boot antivirus is also Dr Web Live CD

http://www.freedrweb.com/livecd/

Reset
01-10-2009, 12:23 AM
If you need a guide check my removal guide for anti-virus 2009

systemtechs.net/blog/archives/96 <---- Anti-Virus 2009 Removal Guide

systemtechs.net/blog/archives/109 <---- General guide for removing virus, malware ect

MHCG
01-24-2009, 04:12 AM
This may be old news for some, but I just got a version of Antivirus 2009 that would not allow me to run many of the regular tools. Most notably, it was stopping MBAM from properly installing and then it wouldn't run even if you rename the install program and the actual .exe file. Apparently it installs a hidden hardware device in device manager called TDSSserv.sys. You have to disable this device then reboot and you'll then be able to run these programs. Boy, what a pain in the butt.

nelsonm
01-24-2009, 03:12 PM
Some of you referred to "boot disc" as a means to remove av2009, are you talking about a repair install or what?

CHASEE
02-05-2009, 01:08 AM
Some of you referred to "boot disc" as a means to remove av2009, are you talking about a repair install or what?

they were referring to a bootable operating system. as in an operating system that runs off a cd/dvd.

JRoss
02-19-2009, 05:09 AM
I just had two PCs with this beast. One was removed with Malwarebytes, the other had infected the userinit.exe in the system32 folder making it impossible for Malwarebytes to remove. I removed the file and copied a fresh one from another xp install and rebooted. I also reset IE7 just to be safe. Problem solved. Nasty little critter.

The PC would have been a 6-8 hour reinstall because of all the peripherals and functions it performs so it was nice to avoid as much as I could use the work.

AtYourService
03-01-2009, 07:08 AM
av bootdisks are nice but painfully slow with computers with low ram
sometimes its quicker to remove drive and connect to usb and scan

ASDCR
03-14-2009, 12:13 AM
RESET - interesting links

thx for that





one thing though... these pests are not static - they're a moving target

any one "solution" is only a solution until the hackers figure out there's someone/something effetive at removing it

then they change!




but i have found ONE THING that works

every time!


get the orig CDs!

save their data.. insert XP disc.. del partition, create partition, reformat, install XP





btw.. has anybody experimented w/ ReImage (http://www.reimage.com/)??

iptech
03-14-2009, 01:53 AM
but i have found ONE THING that works

every time!


get the orig CDs!

save their data.. insert XP disc.. del partition, create partition, reformat, install XP
...and that's a professional fix? :confused:

You've also missed restore their 1Gb of multimedia files;
Download & install every update for XP since 1991;
Reinstall every application that had previously installed;
Legally re-licence above software reinstalls;
Reinstall updates for above applications;
Reinstall every piece of hardware that previously worked;
Update drivers for the above;
Reconfigure their network, shares, internet settings, security software etc. etc.
Leave everything working exactly as it was before the virus infestation.

As I see it that's two hours of diagnostic work replaced by 4+ hours of watching install bars running across a screen.

Guess which one a customer is going to be happiest paying top dollar for?

ASDCR
03-14-2009, 02:09 AM
heh!



aww... why you getting your panties in a bunch??
;)

iptech
03-14-2009, 02:16 AM
heh!



aww... why you getting your panties in a bunch??
;)

Not at all.

Just illustrating an alternative to your work methodology.

"we solve ANY technical issue on your computer!!" is not an analogy I'd use for the nuke and pave approach.

Good luck with your business.

AtYourService
03-14-2009, 04:05 AM
yea the format and reinstall is a cop-out for lazy tech or ones who don't know better

geekhelp4u
03-14-2009, 01:29 PM
I've come across a number of AV2009 infections that won't let me run or install any software - so simply running Smitfraudfix/Combofix/MalwaysBytes etc isn't an option.

I have run into this problem a few times as well.. The last two were fixed by doing the following on an admin account:

Click Start, and then click Run.
In the Open box, type cmd, and then click OK.
At the command prompt, type msiexec.exe /unregister, and then press ENTER.
Type msiexec /regserver, and then press ENTER.

Click Start, click Run, type regedit in the Open box, and then click OK.

Click the following registry hive:
HKEY_CLASSES_ROOT

On the Edit menu, click Permissions.

If SYSTEM is not listed in the Group or user names list, click Add, make sure that the local computer name appears in the From this location box, type system in the Enter the object names to select box, click Check Names, and then click OK.

Click SYSTEM in the Group or user names list, and then select the Full Control check box under Allow in the Permissions for SYSTEM box.

Click Apply, click OK, and then quit Registry Editor.

Restart the computer.