Complete Antivirus 2008 Removal

Discussion in 'Windows Vista Security' started by RLund, Jun 21, 2008.

  1. RLund

    RLund Guest

    A few days ago, the Antivirus 2008 pop-up appeared on my friend's new
    computer. It stated that he had 41 infections. HIs access to the internet
    was blocked, as well.
    In order to remove them, he had to pay for the service.
    After a bit of research, I discovered that it was a scam and attempted to
    remove it from his computer, via standard means (control panel, programs and
    features, uninstall). It appeared that some files were removed, but some
    were left behind. Those that remained still indicated that he had 41
    infections and blocked his access to the internet, by indicating that the
    websites posed a threat.
    I found this community and the instructions for removing Antivirus 2008,
    through http://www.bleepingcomputer.com/malware-removal/antivirus-2008. I
    carefully followed the instructions and ran the scan...to no avail. The
    program didn't find the Antivirus 2008 or any infections, for that matter.
    Unfortunately, the problem remains.
    I thought that it might work to restore the computer to a time prior to the
    arrival of the Antivirus 2008 pop-up and then follow the removal
    instructions. When I restored it to a restore point from May, I could not
    get on the internet (the error message indicated that we were not connected
    to the internet. After an hour with the Roadrunner support people, we
    determined that their signal to the computer was strong and that the modem
    was working; but apparently the TCI/IP(?) was damaged by the restore and
    needed to be re-installed). Out of desperation, I restored the computer back
    to a restore point from yesterday. Now, he can connect to the internet
    again, but the Antivirus still states that the websites (any of them) pose a
    threat and prevents him from going any further.
    Does anyone have any ideas on how I can thoroughly remove this malicious
    program and restore his computer's functionality?
    Thanks, in advance.
     
    RLund, Jun 21, 2008
    #1
    1. Advertisements

  2. RLund

    Malke Guest

    (much snippage)

    First have your friend back up his data to external media Just In Case. Then
    have him go back to BleepingComputer (or one of the other specialty forums
    listed below in no particular order), register, read the posting FAQ, and
    post to get guided help. PLEASE DO NOT POST LOGS IN THE MS NEWSGROUPS.

    http://www.bleepingcomputer.com/forums/index.php?showtutorial=42 - another
    tutorial
    http://aumha.net/ - Click on the HijackThis forum. Read the announcement and
    the stickies *first*.
    http://www.atribune.org/forums/index.php?showforum=9
    http://aumha.net/viewforum.php?f=30
    http://www.bleepingcomputer.com/forums/forum22.html
    http://castlecops.com/forum67.html
    http://www.dslreports.com/forum/cleanup
    http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
    http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
    http://gladiator-antivirus.com/forum/index.php?showforum=170
    http://spywarewarrior.com/viewforum.php?f=5
    http://forums.techguy.org/54-security/
    http://forums.tomcoyote.org/

    Malke
     
    Malke, Jun 21, 2008
    #2
    1. Advertisements

  3. RLund

    GTS Guest

    It's likely you have multiple infections, so by all means, follow Malke's
    advice for a total clean up. I would also specifically suggest you download
    and run the free version of SuperAntiSpyware from
    http://www.superantispyware.com/ I've had some luck with it against the
    Antivirus 2008 infection in a few service cases.

    If there is a connectivity problem again after the malware cleanup, try
    running the following command in an elevated command prompt >Netsh Winsock
    Reset

    Once fixed, disable and then re-enable System Restore to clear infection
    items from the SR repository.
     
    GTS, Jun 21, 2008
    #3
  4. RLund

    Mick Murphy Guest

    Use Spybot Search & Destroy in Safe Mode.
    All instructions below.
    http://www.spybot.info/en/index.html

    Spybot Search & Destroy 1.5.2 is a very good, FREE Anti-Spyware Program.
    Download, install, update, and immunize your System with it.
    Then SCAN with it.
    Update it, and scan your System once a fortnight.

    Important re: Safe Mode
    If you happen to find a problem that you can’t uninstall / delete, reboot
    the computer, and go into Safe Mode.
    To get into Safe mode, tap F8 right at Power On / Startup, and use UP arrow
    key to get to Safe Mode, then hit ENTER.
    RESCAN your computer with Spybot S & D while in Safe Mode.
     
    Mick Murphy, Jun 22, 2008
    #4
  5. By far the best thing you can do is copy your data files to an external hard
    disk, and then reformat your hard disk and reinstall from scratch. It's not
    such a big deal - allow half a day.

    SteveT
     
    Steve Thackery, Jun 22, 2008
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.