• Welcome to The Truck Stop! We see you haven't REGISTERED yet.

    Your truck knowledge is missing!
    • Registration is FREE , all we need is your birthday and email. (We don't share ANY data with ANYONE)
    • We have tons of knowledge here for your diesel truck!
    • Post your own topics and reply to existing threads to help others out!
    • NO ADS! The site is fully functional and ad free!
    CLICK HERE TO REGISTER!

    Problems registering? Click here to contact us!

    Already registered, but need a PASSWORD RESET? CLICK HERE TO RESET YOUR PASSWORD!

AntivirusGT

NVW

Well-Known Member
Messages
9,012
Reaction score
2,145
Location
Castor, AB.
The wife got this Trojan on her computer last night.

BitDefender and Kav Rescue wouldn't touch it.

Malware Bytes wouldn't work either until I downloaded "rkill" on my laptop and burned it to CD. rkill occupies the trojan then Maleware Bytes can remove it. It still took 2 tries, the second was with a renamed copy of rkill.

Just a warning if anyone is ever told their computer is infected and to click on AntivirusGT to remove the problem. DON'T.
 

btfarm

350,000 Worth and counting
Staff member
Lead Moderator
Messages
17,766
Reaction score
5,144
Location
Sandwich, Illinois
What OS are you on Leo? I know that MS Security Essentials on W7 will put a stop to any and all.
 

NVW

Well-Known Member
Messages
9,012
Reaction score
2,145
Location
Castor, AB.
Windows XP service pack 3 with Micro Soft Security Essentials.

It never realized there was any problem, the Trojan just block every action you tried. Even 2 different anti virus programs on reboot.

The secret is to not click on it in the first place.
 

SfcJones

A(ACLU) SGT. SLAUGHTER
Messages
3,528
Reaction score
82
Location
South Ga.
If you ever get a link to click on...DON'T. No software will detect it until the damage is done.
 

88gmctruck

02GMCtruck
Messages
2,010
Reaction score
334
Location
Auburn, Wa
I work at an IT helpdesk for my school, see this crud all the time. If your running 32-bit windows OS, use something called Combofix (www.combofix.org). It works 99% of the time to get rid of whatever it is that infected your computer.

Another tip, always boot into safemode to run any virus/malware scan if you know your machine is infected, and disable your internet.
 

Acesneights1

New Member
Messages
10,018
Reaction score
15
Location
Northeast CT
I use Norton. It just bagged something the other day. Some w32ad! thingy. What is the best Antivirus out there ? I have alwys trusted Norton. It slows the machine down a little but seems to work good.
 

JiFaire

Lieutenant
Staff member
Lead Moderator
Messages
7,778
Reaction score
485
Location
Alberta, Canada
http://www.bleepingcomputer.com/virus-removal/remove-antivirusgt

Bleepingcomputer dot com ... don't leave home without it.

What you got wasn't a virus, Kenny ... it was a BHO (little bit of irony, that) - a Browser Helper Object (Hijacker).

An active malware scan (like Malwarebytes retail version or Superantispyware retail version or MSE or Spysweeper) would have likely caught it. Chances are good that Norton, McAfee, TrendMicro, AVG would have missed it.

In cases like this one (or with Antivirus 2009, see an earlier thread), you need to kill the process before you can run a virus-scan, or access online sites to kill it.
 

NVW

Well-Known Member
Messages
9,012
Reaction score
2,145
Location
Castor, AB.
http://www.bleepingcomputer.com/virus-removal/remove-antivirusgt

Bleepingcomputer dot com ... don't leave home without it.

What you got wasn't a virus, Kenny ... it was a BHO (little bit of irony, that) - a Browser Helper Object (Hijacker).

An active malware scan (like Malwarebytes retail version or Superantispyware retail version or MSE or Spysweeper) would have likely caught it. Chances are good that Norton, McAfee, TrendMicro, AVG would have missed it.

In cases like this one (or with Antivirus 2009, see an earlier thread), you need to kill the process before you can run a virus-scan, or access online sites to kill it.
Jim, that's the link I followed to get rid of it.
 

JiFaire

Lieutenant
Staff member
Lead Moderator
Messages
7,778
Reaction score
485
Location
Alberta, Canada
All of these BHO 'trojans' don't exhibit true viral heuristics... they get into your browser cache through an exploit, hijack you to a different page, you click on a generated command page which effectively downloads the other half of the exploit, and poof - you have a running rogue process.

Which you have to kill before you can run an antiviral, antispyware, executable, or visit any of a list of sites referenced by the rogue. Meanwhile, the rogue exploit continues to live in your network - ask Clark20ry how he liked it when his Citrix farm got caught in that...

All of the Antivirus 200x exploits ran the same way... very, very large PITA. Try cleaning off 1500 machines when you can't get them to run an exec script through AD. You end up touching every friggin one of them, which isn't something to make your friendly neighborhood spiderman a happy webslinger.

Glad you got yours cleaned, Leo.
 

NVW

Well-Known Member
Messages
9,012
Reaction score
2,145
Location
Castor, AB.
Thanks Jim

It wouldn't let me access any administrative functions in the control panel.

Then when I tried rkill it didn't work the first time, then on retry is just put up a pop up saying rkill was a trojan. On the web page you listed there are 2 renamed copies of rkill and the one I used worked. The damn thing had complete control, my other option was a baseball bat.:hihi:
 

SuperTuscan

A(ACLU) # 12
Messages
406
Reaction score
7
Location
NE Ohio
If you have a second computer get a USB SATA dock for about $30.

When one machine gets nailed just pull the drive and pop it into the SATA dock. Then, use MSE from the other machine (after update and scan) to do a deep scan of the drive. Since the OS isn't active you won't have process fighting against you.

Do at least 2 scans and then place it back in to the original computer and fire it up. You should be at a point where your other tools can help your recovery from there.

This is always my first step when something hits a machine I manage.
 

Pruittx2

Been around a bit
Messages
737
Reaction score
122
Location
Lake Odessa, Mi
I use Avast,, it will stop almost anything,, I never have ANY problems,, both when running XP, and now with Win 7 pro 64bit. When I fix my friends comp's that have issues,,, I always pull their harddrive, and install it in mine as a secondary drive and scan it that way. Fixed many of systems that way, using Malwarebytes, and Avast. when I'm done,, I uninstall what they have and put Avast on it. Then they don't have to bother me anymore to fix it again. :D
 
Top