PDA

View Full Version : Problem with Security Antivirus



bambrown
2010-02-23, 21:53
I have read your welcome about Malware Removal Forum and BEFORE you POST. I checked your archives and found I have a similar problem as listed in your archives with this malware, Security Antivirus. Someone in my house clicked on the pop-up, because it is now listed under all programs and it has created a short-cut and icon. However, I can not access the internet at all, which means I can not download anything. I can not back up my registry by downloading ERUNT and I can not create a HJT log. When I ran Spybot, I got the following:


Unexpected error in fixing problems
(Cannot create file
“C:\Windows\system32\drivers\etc\hosts”. Access is denied)

(SBI $B197733A) Redirected host
4-open-davinci.com=74.125.45.100

(SBI $B197733A) Redirected host
securitysoftwarepayments.com=74.125.45.100

(SBI $B197733A) Redirected host
privatesecuredpayments.com=74.125.45.100

(SBI $B197733A) Redirected host
getantivirusplusnow.com=74.125.45.100

(SBI $B197733A) Redirected host
secure-plus-payments.com=74.125.45.100

(SBI $B197733A) Redirected host
www.getantivirusplusnow.com=74.125.45.100

(SBI $B197733A) Redirected host
www.secure-plus-payments.com=74.125.45.100

(SBI $B197733A) Redirected host
www.getavplusnow.com=74.125.45.100

(SBI $B197733A) Redirected host
safebrowsing-cache.google.com=74.125.45.100

(SBI $B197733A) Redirected host
urs.microsoft.com=74.125.45.100

(SBI $B197733A) Redirected host
www.securesoftwarebill.com=74.125.45.100

(SBI $B197733A) Redirected host
secure.paysecuresystem.com=74.125.45.100

(SBI $B197733A) Redirected host
paysoftbillsolution.com=74.125.45.100

(SBI $B197733A) Redirected host
protected.maxisi\oftwaremart.com=74.125.45.100

(SBI $4C2D9D6C) settings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft


We can't use our computer at all. Also, my daughter plugged in her IPod Touch after being told not to, and she lost everything she had put on it.

Please help fix this problem.

Thank you very much.

ken545
2010-02-28, 23:43
Hi,

Welcome to the forum. What your going to have to do is download any programs I ask for to a known clean computer and transfer them by CD ( not a thumb or flash drive ) to the infected one. This can be difficult until we track down the culprit


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under the Custom Scan box paste this in


netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav



Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

ken545
2010-03-04, 20:17
Due to inactivity, this thread will now be closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.