Having fun with "Personal Antivirus"

[XDanger]

Has anyone had any experience with this one?

I'm having trouble getting any program to run to get rid of the thing

Ive tried some recovery cd but didn't find anything ???

The references to reg keys on the interweb seem to be old versions so I'm not sure if I got everything...


attempting to boot into safe mode gives a bsod

Malwarebytes wont install properly.

[AthlonXP1800]

Try this guide to remove Personal Antivirus.

http://www.spywarevoid.com/personal-...antivirus.html

[bacon12]

Rename malwarebytes.exe to something like fix.exe and see if it will run.

[Revs]

^ Reported

[XDanger]

I would just re-install but she's got office 2007 on there.

Malwarebytes managed to install ,but It still wont run.

I don't trust spyhunter.

I tried Kaspersky Rescue Disk and it found nada ,I'm gonna try Antivir.

[ninelven]

Give SuperAntiSpyware a try.

Could be rootkitted, in which case you will probably want to use something like HijackThis.

[bacon12]

Quote:

Originally Posted by XDanger

I would just re-install but she's got office 2007 on there.

Malwarebytes managed to install ,but It still wont run.

I don't trust spyhunter.

I tried Kaspersky Rescue Disk and it found nada ,I'm gonna try Antivir.

Any well written piece of malware will prevent you from running some av suites. DId you try renaming the .exe like I suggested?

[XDanger]

Quote:

Originally Posted by bacon12

Any well written piece of malware will prevent you from running some av suites. DId you try renaming the .exe like I suggested?

But that doesn't apply to bootable linux based rescue disks does it? ,I will try the .exe thing next.



I think the Avira cd is having some success.

edit :
SUCCESS!!, I don't know how badly PAV ****ed up the PC though ,I set Avira to just delete the bad stuff

[TheBigOne]

Chance's of Rootkits and other virus still on your system are great Before cleaning you system do a ctrl+alt+del look at your processes, If you see Reader_S or Virut win*32 running don't bother going any futher, backup your data and lowlevel format you drive there no fixed.
Reason
Unfortunately, the virus you have infects every .exe and .scr (actually an executable) file on your system, and when you scan with a virus scanner, it will normally delete it as uncleanable. Eventually you end up loosing more and more files. The only viable alternative is to format the system. You will need to backup your important files before a format and reinstall, but you can not backup any .exe or .scr files, because they are infected. And as I already explained, Virut infects every exe. This means that you may not delete these files, but they should be disinfected. And since it's a buggy virus, the files cannot be properly disinfected.

Now if you don't have this virus and running Windows XP (Running Vista better to do a reload since combofix or most software won't run)
1. Mount the harddrive to another machine delete any 1256hg.exe or any weird .exe in your root directory or system32 folder or run AVG FREE and run full scan it will find them.
2. Put harddrive back into you machine then go to safemode with networking run malwarebytes sure run with no problems, do updates and do full scan.
3. Then download and run Combofix it free.
4. Then download and run a-squared Free 4.5 does better job then most antivirus do full scan.
5. Then type MSCONFIG look at your startup uncheck all unnecessary processes
6. Boot system into normal mode download and run mcafee rootkit detective looks for hidden processes.
7. Deleted any temp files
8. You system sure be fully cleaned and running good.

[XDanger]

Quote:

Originally Posted by TheBigOne

Chance's of Rootkits and other virus still on your system are great Before cleaning you system do a ctrl+alt+del look at your processes, If you see Reader_S or Virut win*32 running don't bother going any futher, backup your data and lowlevel format you drive there no fixed.
Reason
Unfortunately, the virus you have infects every .exe and .scr (actually an executable) file on your system, and when you scan with a virus scanner, it will normally delete it as uncleanable. Eventually you end up loosing more and more files. The only viable alternative is to format the system. You will need to backup your important files before a format and reinstall, but you can not backup any .exe or .scr files, because they are infected. And as I already explained, Virut infects every exe. This means that you may not delete these files, but they should be disinfected. And since it's a buggy virus, the files cannot be properly disinfected.

Now if you don't have this virus and running Windows XP (Running Vista better to do a reload since combofix or most software won't run)
1. Mount the harddrive to another machine delete any 1256hg.exe or any weird .exe in your root directory or system32 folder or run AVG FREE and run full scan it will find them.
2. Put harddrive back into you machine then go to safemode with networking run malwarebytes sure run with no problems, do updates and do full scan.
3. Then download and run Combofix it free.
4. Then download and run a-squared Free 4.5 does better job then most antivirus do full scan.
5. Then type MSCONFIG look at your startup uncheck all unnecessary processes
6. Boot system into normal mode download and run mcafee rootkit detective looks for hidden processes.
7. Deleted any temp files
8. You system sure be fully cleaned and running good.

The PC is back with the owner now (who I don't really care for anyway) But If any bad stuff shows its face I'll be sure to do what you said there.

They'll probably be doing their evil silently though...