'Personal Anti-Virus' malicious file removal?

[Greg Masters]

EDITED.....PROBABLY UNWISE TO FOLLOW THE LINKS GREG HAS POSTED UNLESS YOU KNOW WHAT YOURE DOING OR ARE PREPARED TO BE INFECTED
Bill


The youngster's managed to feck her computer in just a couple of weeks and I need a bit of help.

I think that the sequence has been:

• a visit to http://n.ethz.ch/student/naegelic/download

This appears to have loaded a malicious file on her laptop which opens a pop-up headed:

• W32.Pavsse.C - Virus Found!
• option buttons of 'Block' and 'Ignore'

If you hit 'Block' (as she has done) it takes you to a page of:

• http://antivirushelpscanner.com etc etc

... which loads a programme called 'PersonalAV'.

This runs a psuedo AV programme which shows that your computer is riddled with viruses and invites you to 'Remove Threats'. When you try to remove threats, it says that you're not registered and would you like to just enter your credit card details to get registered ...

Does anyone know the sequnce for removing this lot?

BTW her PC has AVG 8.5.375 and with a full scan it comes up as clean - but it isn't.



Greg

 

[Fanum]

It's a browser hijack Greg, not a virus.

Run adaware instead.....that'll root the fekker out

 

[Fanum]

PS The second link should give you this if you're protected by something that works

(It'll probably be a trojan/hijacker in the first that installed the hijacker in the browser though)

 

[Fanum]

If adaware doesn't get it (it should) you may have to do some registry changes BTW , but run adaware first then report back and we'll go from there

 

[Dickieboy]

Try Spybot as well Greg, after installation, updating and immunising go to 'Mode' and select 'Advanced' then go to Tools and check the box 'BHO' and you will then be able to open BHO from the list on the left, delete/remove anything you see there except the Spybot entry.

**During installation do not check the box 'Tea Timer' ** it's a pain in the proverbial.

 

[Greg Masters]

Thanks guys.

I'll have a look at this over the next couple of days (if I don't rush, she may learn a lesson!)

Greg

 

[Fanum]

Thanks guys.

I'll have a look at this over the next couple of days (if I don't rush, she may learn a lesson!)

Greg

This is a teenager we're talking about? Let me fix that for you Greg

(if I don't rush, she'll probably carry on surfing crap sites and making the situation far worse, then make my life a living hell......I may learn a lesson!)

 

[Greg Masters]

Hmmm - it's not going too well.

It wouldn't let me install Ad-Aware because the site kept getting blocked. So I downloaded the Ad-Aware software to disk on my PC and loaded it from that.

A full scan found a number of dodgy cookies - so they are now gone. Futher full scans with both AVG and Ad-Aware didn't show up anything else but the problem is still there big time.

I can't delete Personal Anti-Virus as it appears to be protected.

Should I do a system restore?



Greg

 

[Fanum]

Hmmm - it's not going too well.

It wouldn't let me install Ad-Aware because the site kept getting blocked. So I downloaded the Ad-Aware software to disk on my PC and loaded it from that.

A full scan found a number of dodgy cookies - so they are now gone. Futher full scans with both AVG and Ad-Aware didn't show up anything else but the problem is still there big time.

I can't delete Personal Anti-Virus as it appears to be protected.

Should I do a system restore?



Greg

As long as there hasn't been anything important created since little miss fekked it up, yes, it's the easiest way.

 

[Dickieboy]

Greg do you mean format and reboot or just restore to an earlier date, if you mean the latter it's a waste of time.

 

[Greg Masters]

Greg do you mean format and reboot or just restore to an earlier date, if you mean the latter it's a waste of time.

It had been my intension to drag out of the attic the system restore disks that I burnt when the laptop was new (4 weeks ago!!) but, as they are in the attic, I tried restoring to last week.

It seems to have done the trick (so far!!). So I now plan to remove Limewire (and any other file sharing programmes I find), run a disk cleanup, reinstall Ad-Aware, defrag and it's good to go.

More later.

Greg

 

[Fanum]

It had been my intension to drag out of the attic the system restore disks that I burnt when the laptop was new (4 weeks ago!!) but, as they are in the attic, I tried restoring to last week.

It seems to have done the trick (so far!!). So I now plan to remove Limewire (and any other file sharing programmes I find), run a disk cleanup, reinstall Ad-Aware, defrag and it's good to go.

More later.

Greg

PUt AV on first....that sort of thing doesn't like being put on after other stuff and it should always be the bottom layer wnyway to pick up anything else on top of it.

A lot of us here are using Avast now Greg...that's what threw up the warning boc I posted a pic of earlier.....avg were getting a bit pushy in trying to get people to go to their full priced 'pro' version ..

Also, get rid of (or disable) IE.....it's far more open to attack than Firefox and FF has lots more plugins to stop shyte getting on.

PS If it were my girls, I'd tell them that if it happened again I'd be putting something on to monitor where they're surfing to prevent it happening

but then again, I'm a fascist

 

[Greg Masters]

PUt AV on first....that sort of thing doesn't like being put on after other stuff and it should always be the bottom layer wnyway to pick up anything else on top of it.

A lot of us here are using Avast now Greg...that's what threw up the warning boc I posted a pic of earlier.....avg were getting a bit pushy in trying to get people to go to their full priced 'pro' version ..

Also, get rid of (or disable) IE.....it's far more open to attack than Firefox and FF has lots more plugins to stop shyte getting on.

PS If it were my girls, I'd tell them that if it happened again I'd be putting something on to monitor where they're surfing to prevent it happening

but then again, I'm a fascist

The AVG is still on there as that was in place from Day 1.

She's already had a bollocking over the whole affair. The laptop was bought specifically for her schoolwork and she's loaded all sorts of bollox onto it becuase I made the mistake of allowing her admin rights.

Perhaps I should think again.

Greg