Web Analytics
   Register •   Forum Home •   FAQ      Login    
   Windows Forums Register
Donate a Dollar to Pay for Next Year’s Web Hosting It is currently Wed Dec 30, 2009 7:32 pm

All times are UTC - 5 hours [ DST ]


Forum rules


Please click here to view the forum rules



Post new topic Reply to topic  [ 11 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: Suspected Spyware (win32).
PostPosted: Sat Nov 07, 2009 2:49 pm 
Offline
Familiar Face
Familiar Face
User avatar

Joined: Sat Nov 07, 2009 2:38 pm
Posts: 6
Hi,

I;ve got similar problem.

I am infected by suspected spyware (win32). I scanned through using spyware doctor but the unknown "advanced virus remover" keep popping up.

I am using window vista home and I would want to restore to certain point to make everthing easier. gpedit and regedit was not found so I don't know what to do next.

Please help me.

Cheers



 Profile E-mail  
 Post subject: Re: Suspected Spyware (win32).
PostPosted: Sat Nov 07, 2009 3:34 pm 
Offline
Moderator
Moderator
User avatar

Joined: Sat Jun 07, 2008 9:08 am
Posts: 976
Location: UK
limcy86 wrote:
Hi,

I;ve got similar problem.

I am infected by suspected spyware (win32). I scanned through using spyware doctor but the unknown "advanced virus remover" keep popping up.

I am using window vista home and I would want to restore to certain point to make everthing easier. gpedit and regedit was not found so I don't know what to do next.

Please help me.

Cheers


Hello limcy86 & welcome to mintywhite :D

When you say suspected spyware, what makes you say this?

Download MSEand save it to your desktop.


Have you noticed any irregular entries in the processes list of the Task Manager?

At this point in time, i would advise against performing a system restore.

Boot into safe mode (without networking), uninstall the spyware doctor and any other anti-virus applications you have. Make sure UAC & DEP are enabled. Reboot into safe mode (with networking) again and install MSE, update MSE as required. Deep scan your entire computer (this may take some time).

Hit us back with the results of the scan!

_________________
Image


 Profile E-mail  
 Post subject: Re: Suspected Spyware (win32).
PostPosted: Sun Nov 08, 2009 6:50 am 
Offline
Familiar Face
Familiar Face
User avatar

Joined: Sat Nov 07, 2009 2:38 pm
Posts: 6
Hi,

The is an unknow so called "advanced virus remover" keep popping up and my system slow down significantly. Spyware doctor and malwarebytes found trojans and other viruses but they couldnt delete the " advanced virus remover" to this point. Some other website descride this as spyware.

I am thinking to restore my system to a date before i wrongly downloaded something from website but not totally restore the system to as new. I couldn't anyway...

I will try to do as u suggest...

cheers


 Profile E-mail  
 Post subject: Re: Suspected Spyware (win32).
PostPosted: Sun Nov 08, 2009 7:28 am 
Offline
Moderator
Moderator
User avatar

Joined: Wed Mar 11, 2009 11:19 am
Posts: 534
Location: < AIRSTRIP 1 >
limcy86 - A system restore [even to a point before you installed Advanced Virus Remover] may not solve the problem, as rsvr85 has already advised you. Please read this and I hope it helps you somewhat.:-
Advanced Virus Remover manual removal:
Kill processes:
PAVRM.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_CURRENT_USER\software\avr lastd
HKEY_CURRENT_USER\software\avr lastscan
HKEY_CURRENT_USER\software\avr lastvfc
HKEY_CURRENT_USER\software\avr virlist
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run advanced virus remover
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run advanced virus remover
HKEY_CURRENT_USER\Software\AVR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU
HELP:
how to remove registry entries

Delete files:
PAVRM.exe Advanced Virus Remover.lnk
HELP:
how to remove harmful files

Delete directories:
%program_files%\advancedvirusremover
Other programs to remove Advanced Virus Remover:
• Malwarebytes Anti Malware - Review - Download
• Malwarebytes Anti Malware - Review - Download
• Windows Defender - Review - Download
--------------------------------------------------------------------------------------------------------------------------------
......... OR, Read this tutorial here:- http://www.bleepingcomputer.com/virus-r ... us-remover :)


 Profile E-mail  
 Post subject: Re: Suspected Spyware (win32).
PostPosted: Sun Nov 08, 2009 8:14 am 
Offline
Familiar Face
Familiar Face
User avatar

Joined: Sat Nov 07, 2009 2:38 pm
Posts: 6
Hi moderator,

I am currently performing virus scan using MSE. found lots of win32/Virut.gen!O and I uninstalled all my antivirus programmes include malwarebyte, spyware doctor and AVG as instructed.

Do you mind to further explain where to delete registry values. I deleted the advanced virus remover folder in Program files.

Many thanks


 Profile E-mail  
 Post subject: Re: Suspected Spyware (win32).
PostPosted: Sun Nov 08, 2009 8:26 am 
Offline
Familiar Face
Familiar Face
User avatar

Joined: Sat Nov 07, 2009 2:38 pm
Posts: 6
by the way, could not find regedit by typing regedit in start-->run but i can see it in one of the folders in C:/windows. I tried to run it but nth happen so i am wondering if it because I am in safe mode ?


 Profile E-mail  
 Post subject: Re: Suspected Spyware (win32).
PostPosted: Sun Nov 08, 2009 9:11 am 
Offline
Moderator
Moderator
User avatar

Joined: Wed Mar 11, 2009 11:19 am
Posts: 534
Location: < AIRSTRIP 1 >
limcy86 - Can you reboot and start windows normally?


 Profile E-mail  
 Post subject: Re: Suspected Spyware (win32).
PostPosted: Sun Nov 08, 2009 9:33 am 
Offline
Familiar Face
Familiar Face
User avatar

Joined: Sat Nov 07, 2009 2:38 pm
Posts: 6
Yes I can but does that meant i have to stop virus scan? what should I do when I reboot in normall window again.

Thanks


 Profile E-mail  
 Post subject: Re: Suspected Spyware (win32).
PostPosted: Sun Nov 08, 2009 9:44 am 
Offline
Moderator
Moderator
User avatar

Joined: Wed Mar 11, 2009 11:19 am
Posts: 534
Location: < AIRSTRIP 1 >
limcy86 - Let the scan with MSE finish and delete/quarantine [best to delete!] any malware. Then start Windows normally and look on your pc in the places stated in my above post and delete any traces/files of the application. Then when you have done all that, open Task Manager just to check [under Processes Tab] that any processes associated with the application are not running and have been removed.


 Profile E-mail  
 Post subject: Re: Suspected Spyware (win32).
PostPosted: Sun Nov 08, 2009 12:06 pm 
Offline
Moderator
Moderator
User avatar

Joined: Sat Jun 07, 2008 9:08 am
Posts: 976
Location: UK
SAFE MODE

TASKLIST

TASKKILL

_________________
Image


 Profile E-mail  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 11 posts ]  Go to page 1, 2  Next

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  


© 2008-09 www.mintywhite.com | Rich Robinson