Remaining problem removing rogue Antivirus Pro Security

rups

New Member
Thread author
Oct 12, 2013
3
Many, many thanks to Stelian for his excellent blogs but still one remaining issue. I have set out what I've doen and what is the rmeining issue below.

First, I found the activation key for Antivirus Security Pro on another google search which allowed me to work without interference before I found your blog. I have run through all the steps on Option 2 in http://malwaretips.com/blogs/file-contained-a-virus-and-was-deleted-removal/#safemode (since that was the first problem this Antivirus Security Pro created) and then I followed this guide. After each step I tried to turn back on my McAfee firewall but it woudl not let me. Windows firewall would also not turn on and I got "Windows Firewall can't change some of your settings. Error code 0x80070424". So I decided to run Combofix. To be absolutely sure ComboFix would work I uninstalled McAfee including using their specific removal utility MCPR.exe. On reboot, the windows firewall was working (not sure whether Combofix or removal of McAfee cured this. I then also run ESET Services repair utility to be sure everything was restored to normal. This has taken many, many hours over several evenings but well worth it!

The only remaining problem is that in Start->All Programs I still have a folder named Antivirus Security Pro in which there seems to be the program and an Uninstall utility. I dare not try to see if it is actually there nor do I dare try to run the uninstall in case the infection starts over again. Any advice on whether this is still an issue and also how I can remove it from the progeams menu (it doesn't appear to be listed in Program flies in my C drive so not sure whether anything is actually there).
 

Fiery

Level 1
Jan 11, 2011
2,007
Hi and welcome to MalwareTips! :)

I'm Fiery and I would gladly assist you in removing the malware on your computer.

PLEASE NOTE: The first 3 posts of ALL new members require approval by mods/admins. Please be patient if you don't see your post immediately after submitting it.

Before we start:
  • Note that the removal process is not immediate. Depending on the severity of your infection, it could take a long time.
  • Malware removal can be dangerous. I cannot guarantee the safety of your system as malware can be unpredictable. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system. Therefore, I would advise you to backup all your important files before we start.
  • Please be patient and stay with me until I give you the green lights and inform you that your PC is clean.
  • Some tools may be flagged by your antivirus as harmful. Rest assure that ALL the tools we use are safe, the detections are false positives.
  • The absence of symptoms does not mean your PC is fully disinfected.
  • If you are unclear about the instructions, please stop and ask. Following the steps in the order that I post them in is vital.
  • Lastly, if you have requested help on other sites, that will delay and hinder the removal process. Please only stick to one site.

<hr>
Download OTL by Old Timer from here and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Click the Scan All Users checkbox.
  • Check the boxes beside LOP Check and Purity Check
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please attach the contents of these 2 Notepad files in your next reply.

If you don't know how to attach the files, please follow the instructions here: http://malwaretips.com/Thread-How-to-use-the-attachment-system?pid=16072#pid16072
 

rups

New Member
Thread author
Oct 12, 2013
3
Hi Fiery

Thanks for the assistance. Have attached the files.
Look forward to your reply.

Rups
 

Attachments

  • OTL.Txt
    86.6 KB · Views: 158
  • Extras.Txt
    57.2 KB · Views: 101

Fiery

Level 1
Jan 11, 2011
2,007
Hi,

Open OTL. Under custom scan/fixes, copy and paste the following:

:OTL
[2013/10/06 09:31:06 | 000,000,000 | ---D | C] -- C:\Users\Rupen & Anupa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Security Pro
[2013/10/06 09:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\sa3pn373

:Commands
[EMPTYTEMP]

Then click Run Fix. Let your PC reboot to normal mode. A new log will be created automatically, post the content in the next reply.

Did that resolve your issue?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top