How do I get rid of Windows Antivirus Pro?

dudalb · 17th August 2009, 02:10 PM

I managed to download this malware. It shusts down my legit AntiVirus Program (Norton's Antivirus) and bombards me with messages asking me to purchase the full program. I have tried to download some programs that will remove it, but it blocks those programs. How do I get rid of this thing?
The dangerous part is that it totally disables my legit protection systems.
It's clever, I will give it that. I even tried to go to Wikipedia to get some info, but is said I had blocked that site for security reasons..and,needless to say ,there is no way of changing that.
HELP!

dtugg · 17th August 2009, 02:22 PM

I would try booting into Safe Mode. If you do that, the malware probably won't load. Then turn off System Restore because these things can back themselves up in there, then run the AV scan. I hope this helps

tuc0 · 17th August 2009, 02:36 PM

My advice is to google it on a different computer in case it blocks you. There are tons of sites on how to do it.

The first three hits:

http://www.xp-vista.com/spyware-remo...-antivirus-pro
http://www.bleepingcomputer.com/viru...-antivirus-pro
http://www.2-spyware.com/remove-wind...virus-pro.html

Dancing David · 17th August 2009, 03:05 PM

Safe mode with networking, open task manager, look for abnormal processes and end them,malwarebytes and superantispyware

tuc0 nailed it as well.

kbm99 · 17th August 2009, 03:06 PM

http://www.malwarebytes.org/mbam.php

Probably blocked; you may need to download from an uninfected computer.

Dancing David · 18th August 2009, 09:38 AM

Originally Posted by kbm99

http://www.malwarebytes.org/mbam.php

Probably blocked; you may need to download from an uninfected computer.

Safe mode with networking will usually get around that. If you see the process in the task panel, you can kill it for sure.

Pink Booties · 18th August 2009, 09:42 AM

I thank everyone who starts these threads... they help me avoid trouble.

dudalb · 18th August 2009, 10:54 AM

I just found out that the latest mutation of this virus basically disables most of the methods described above. It has also corrupted my rundll32.exe so most of my programs do not run.
Very frustrating,and I am really trying to avoid paying a couple of hundred bucks to a tech help person.
I hope the guys in Russia who created this thing rot in hell.
Any ideas on getting my rundll32 file up and running manually? Just cutting and pasting it from my XP installation disc does not help
I am also going to take a hard look at my Anti Virus program (Norton) since they dropped the ball on this one big time.

NWO Sentryman · 18th August 2009, 11:12 AM

have you tried system restore, or was it affected by the rundll32.exe disability?

If not, try going back a day before the first incidents took place. Then run in safe mode and clean up afterwards.

Worked with me when i removed Zlob.

Pink Booties · 18th August 2009, 11:15 AM

Originally Posted by dudalb

I just found out that the latest mutation of this virus basically disables most of the methods described above. It has also corrupted my rundll32.exe so most of my programs do not run.
Very frustrating,and I am really trying to avoid paying a couple of hundred bucks to a tech help person.
I hope the guys in Russia who created this thing rot in hell.
Any ideas on getting my rundll32 file up and running manually? Just cutting and pasting it from my XP installation disc does not help
I am also going to take a hard look at my Anti Virus program (Norton) since they dropped the ball on this one big time.

Personal: I had NAV for a long time. It worked great, until after the 2003 version.

I had NAV 2009, and it is a totally different ball of whacks... and I got a virus for the first time ever. Took it in and had it cleaned for 90 bucks. The techies removed NAV, installed AVG, Windows Defender, Spybot, and Malware anti-malware. I am a wide-net fisher, and no troubles so far.

I feel like an ass for paying so much for NAV 2009 when freeware does a better job.

CynicalSkeptic · 18th August 2009, 11:19 AM

Originally Posted by Magnifico2.0

a totally different ball of whacks...

That's a Mondegreen I hadn't heard before.

BobTheDonkey · 18th August 2009, 11:26 AM

Originally Posted by Magnifico2.0

Personal: I had NAV for a long time. It worked great, until after the 2003 version.

I had NAV 2009, and it is a totally different ball of whacks... and I got a virus for the first time ever. Took it in and had it cleaned for 90 bucks. The techies removed NAV, installed AVG, Windows Defender, Spybot, and Malware anti-malware. I am a wide-net fisher, and no troubles so far.

I feel like an ass for paying so much for NAV 2009 when freeware does a better job.

Had the same prob with NAV and then with McAfee/AVG co-install. Now use Avast! and haven't had any probs on either computer. Go freeware!

Pink Booties · 18th August 2009, 11:28 AM

Originally Posted by CynicalSkeptic

That's a Mondegreen I hadn't heard before.

Typed a-purpose. I like it better, it describes the NAV trouble more accurately.

ohms · 18th August 2009, 12:45 PM

Originally Posted by dudalb

I just found out that the latest mutation of this virus basically disables most of the methods described above. It has also corrupted my rundll32.exe so most of my programs do not run.
Very frustrating,and I am really trying to avoid paying a couple of hundred bucks to a tech help person.
I hope the guys in Russia who created this thing rot in hell.
Any ideas on getting my rundll32 file up and running manually? Just cutting and pasting it from my XP installation disc does not help
I am also going to take a hard look at my Anti Virus program (Norton) since they dropped the ball on this one big time.

Instructions on restoring rundll32.exe from CD are here. Quite often these sorts of malware are introduced via video codes or unpatched vulnerabilities in 3rd party software (Flash player etc). I use Secunia PSI to help keep my software up to date and help to avoid these nasties (as well as Firefox+Noscript+Adblock Plus of course

).

Dancing David · 19th August 2009, 06:09 AM

Originally Posted by dudalb

I just found out that the latest mutation of this virus basically disables most of the methods described above. It has also corrupted my rundll32.exe so most of my programs do not run.
Very frustrating,and I am really trying to avoid paying a couple of hundred bucks to a tech help person.
I hope the guys in Russia who created this thing rot in hell.
Any ideas on getting my rundll32 file up and running manually? Just cutting and pasting it from my XP installation disc does not help
I am also going to take a hard look at my Anti Virus program (Norton) since they dropped the ball on this one big time.

Ouch. Manual cleaning of the registry won't help that one. Ouch.

Normally I use something like this (this happens at work alot.)
http://www.bleepingcomputer.com/viru...virus-pro-2009

After you get it cleaned, you may want to install Windows Steady State, we have tried to booger up machines with it at work (our IT director has a lab full of toxic malware) , so far it has worked, of course it just means you have to turn off the steady state to install anything or change settings. (Like installing printers)

http://www.microsoft.com/windows/pro...s/default.mspx

And not all AV software is updated by it automatically.

But we infected machines until they were crashing, restarted and boom they are all better.

volatile · 19th August 2009, 06:15 AM

My Dad's laptop had an iteration of this, and whilst MalwareBytes got most of the nastiness, the browser remained hi-jacked. Thanks to someone on here, I managed to fix even that: http://forums.randi.org/showpost.php...5&postcount=21

It really is a nasty, nasty piece of code.

17th August 2009, 02:10 PM	#1
dudalb Penultimate Amazing Join Date: Aug 2007 Posts: 14,444	How do I get rid of Windows Antivirus Pro? I managed to download this malware. It shusts down my legit AntiVirus Program (Norton's Antivirus) and bombards me with messages asking me to purchase the full program. I have tried to download some programs that will remove it, but it blocks those programs. How do I get rid of this thing? The dangerous part is that it totally disables my legit protection systems. It's clever, I will give it that. I even tried to go to Wikipedia to get some info, but is said I had blocked that site for security reasons..and,needless to say ,there is no way of changing that. HELP!

17th August 2009, 02:36 PM	#3
tuc0 Critical Thinker Join Date: Dec 2006 Posts: 422	My advice is to google it on a different computer in case it blocks you. There are tons of sites on how to do it. The first three hits: http://www.xp-vista.com/spyware-remo...-antivirus-pro http://www.bleepingcomputer.com/viru...-antivirus-pro http://www.2-spyware.com/remove-wind...virus-pro.html
tuc0 Critical Thinker Join Date: Dec 2006 Posts: 422

17th August 2009, 03:05 PM	#4
Dancing David Penultimate Amazing Join Date: Mar 2003 Location: Central Illinois Posts: 18,357	Safe mode with networking, open task manager, look for abnormal processes and end them,malwarebytes and superantispyware tuc0 nailed it as well.
	__________________ Resolve then, that on this very ground, with small flags waving and tinny blast on tiny trumpets, we shall meet the enemy, and not only may he be ours, he may be us.- Walt Kelly wow Mr.Philospher, you need some custard poured over your head mayhaps? -kittynh "Exhibit 1338A as to why the Politics forum is "where rational thought goes to die."-Carlitos

17th August 2009, 03:06 PM	#5
kbm99 Thinker Join Date: Apr 2006 Posts: 233	http://www.malwarebytes.org/mbam.php Probably blocked; you may need to download from an uninfected computer.
kbm99 Thinker Join Date: Apr 2006 Posts: 233

18th August 2009, 09:38 AM	#6
Dancing David Penultimate Amazing Join Date: Mar 2003 Location: Central Illinois Posts: 18,357	Originally Posted by kbm99 http://www.malwarebytes.org/mbam.php Probably blocked; you may need to download from an uninfected computer. Safe mode with networking will usually get around that. If you see the process in the task panel, you can kill it for sure.
	__________________ Resolve then, that on this very ground, with small flags waving and tinny blast on tiny trumpets, we shall meet the enemy, and not only may he be ours, he may be us.- Walt Kelly wow Mr.Philospher, you need some custard poured over your head mayhaps? -kittynh "Exhibit 1338A as to why the Politics forum is "where rational thought goes to die."-Carlitos

17th August 2009, 02:22 PM	#2
dtugg Pseudoskeptic Government Loyalist Join Date: Jul 2008 Location: NWO headquarters Posts: 3,467	I would try booting into Safe Mode. If you do that, the malware probably won't load. Then turn off System Restore because these things can back themselves up in there, then run the AV scan. I hope this helps

18th August 2009, 09:42 AM	#7
Pink Booties Guest Join Date: Jan 2009 Location: in your guard, up on points, and stalling. Posts: 3,537	I thank everyone who starts these threads... they help me avoid trouble.

18th August 2009, 10:54 AM	#8
dudalb Penultimate Amazing Join Date: Aug 2007 Posts: 14,444	I just found out that the latest mutation of this virus basically disables most of the methods described above. It has also corrupted my rundll32.exe so most of my programs do not run. Very frustrating,and I am really trying to avoid paying a couple of hundred bucks to a tech help person. I hope the guys in Russia who created this thing rot in hell. Any ideas on getting my rundll32 file up and running manually? Just cutting and pasting it from my XP installation disc does not help I am also going to take a hard look at my Anti Virus program (Norton) since they dropped the ball on this one big time.

18th August 2009, 11:12 AM	#9
NWO Sentryman Proud NWO Gatekeeper Join Date: Jun 2009 Location: Quantum Gate to the NWO Posts: 1,060	have you tried system restore, or was it affected by the rundll32.exe disability? If not, try going back a day before the first incidents took place. Then run in safe mode and clean up afterwards. Worked with me when i removed Zlob.

18th August 2009, 11:15 AM	#10
Pink Booties Guest Join Date: Jan 2009 Location: in your guard, up on points, and stalling. Posts: 3,537	Originally Posted by dudalb I just found out that the latest mutation of this virus basically disables most of the methods described above. It has also corrupted my rundll32.exe so most of my programs do not run. Very frustrating,and I am really trying to avoid paying a couple of hundred bucks to a tech help person. I hope the guys in Russia who created this thing rot in hell. Any ideas on getting my rundll32 file up and running manually? Just cutting and pasting it from my XP installation disc does not help I am also going to take a hard look at my Anti Virus program (Norton) since they dropped the ball on this one big time. Personal: I had NAV for a long time. It worked great, until after the 2003 version. I had NAV 2009, and it is a totally different ball of whacks... and I got a virus for the first time ever. Took it in and had it cleaned for 90 bucks. The techies removed NAV, installed AVG, Windows Defender, Spybot, and Malware anti-malware. I am a wide-net fisher, and no troubles so far. I feel like an ass for paying so much for NAV 2009 when freeware does a better job.

18th August 2009, 11:19 AM	#11
CynicalSkeptic Critical Thinker Join Date: Oct 2006 Location: state of denial Posts: 488	Originally Posted by Magnifico2.0 a totally different ball of whacks... That's a Mondegreen I hadn't heard before.

18th August 2009, 11:26 AM	#12
BobTheDonkey Muse Join Date: Jun 2009 Posts: 913	Originally Posted by Magnifico2.0 Personal: I had NAV for a long time. It worked great, until after the 2003 version. I had NAV 2009, and it is a totally different ball of whacks... and I got a virus for the first time ever. Took it in and had it cleaned for 90 bucks. The techies removed NAV, installed AVG, Windows Defender, Spybot, and Malware anti-malware. I am a wide-net fisher, and no troubles so far. I feel like an ass for paying so much for NAV 2009 when freeware does a better job. Had the same prob with NAV and then with McAfee/AVG co-install. Now use Avast! and haven't had any probs on either computer. Go freeware!
BobTheDonkey Muse Join Date: Jun 2009 Posts: 913

18th August 2009, 11:28 AM	#13
Pink Booties Guest Join Date: Jan 2009 Location: in your guard, up on points, and stalling. Posts: 3,537	Originally Posted by CynicalSkeptic That's a Mondegreen I hadn't heard before. Typed a-purpose. I like it better, it describes the NAV trouble more accurately.

18th August 2009, 12:45 PM	#14
ohms Thinker Join Date: Apr 2005 Posts: 188	Originally Posted by dudalb I just found out that the latest mutation of this virus basically disables most of the methods described above. It has also corrupted my rundll32.exe so most of my programs do not run. Very frustrating,and I am really trying to avoid paying a couple of hundred bucks to a tech help person. I hope the guys in Russia who created this thing rot in hell. Any ideas on getting my rundll32 file up and running manually? Just cutting and pasting it from my XP installation disc does not help I am also going to take a hard look at my Anti Virus program (Norton) since they dropped the ball on this one big time. Instructions on restoring rundll32.exe from CD are here. Quite often these sorts of malware are introduced via video codes or unpatched vulnerabilities in 3rd party software (Flash player etc). I use Secunia PSI to help keep my software up to date and help to avoid these nasties (as well as Firefox+Noscript+Adblock Plus of course).
ohms Thinker Join Date: Apr 2005 Posts: 188	__________________ Long time lurker

19th August 2009, 06:09 AM	#15
Dancing David Penultimate Amazing Join Date: Mar 2003 Location: Central Illinois Posts: 18,357	Originally Posted by dudalb I just found out that the latest mutation of this virus basically disables most of the methods described above. It has also corrupted my rundll32.exe so most of my programs do not run. Very frustrating,and I am really trying to avoid paying a couple of hundred bucks to a tech help person. I hope the guys in Russia who created this thing rot in hell. Any ideas on getting my rundll32 file up and running manually? Just cutting and pasting it from my XP installation disc does not help I am also going to take a hard look at my Anti Virus program (Norton) since they dropped the ball on this one big time. Ouch. Manual cleaning of the registry won't help that one. Ouch. Normally I use something like this (this happens at work alot.) http://www.bleepingcomputer.com/viru...virus-pro-2009 After you get it cleaned, you may want to install Windows Steady State, we have tried to booger up machines with it at work (our IT director has a lab full of toxic malware) , so far it has worked, of course it just means you have to turn off the steady state to install anything or change settings. (Like installing printers) http://www.microsoft.com/windows/pro...s/default.mspx And not all AV software is updated by it automatically. But we infected machines until they were crashing, restarted and boom they are all better.
	__________________ Resolve then, that on this very ground, with small flags waving and tinny blast on tiny trumpets, we shall meet the enemy, and not only may he be ours, he may be us.- Walt Kelly wow Mr.Philospher, you need some custard poured over your head mayhaps? -kittynh "Exhibit 1338A as to why the Politics forum is "where rational thought goes to die."-Carlitos Last edited by Dancing David; 19th August 2009 at 06:16 AM.

19th August 2009, 06:15 AM	#16
volatile Scholar and a Gentleman Join Date: Aug 2006 Location: The Uncanny Valley Posts: 6,322	My Dad's laptop had an iteration of this, and whilst MalwareBytes got most of the nastiness, the browser remained hi-jacked. Thanks to someone on here, I managed to fix even that: http://forums.randi.org/showpost.php...5&postcount=21 It really is a nasty, nasty piece of code.
	__________________ - ""My tribe has a saying: 'If you're bleeding, look for a man with scars'" - Leela, Doctor Who 'Robots of Death'.