HOWTO: Remove that Fake AV Virus Part 1
- January 14th, 2010
- Posted in How To's . Technology
- By dargus
- Write comment
UPDATE This virus has evolved faster than I can write a new HOWTO…The info in this article is out of date…
I TAKE NO RESPONSIBILITY FOR DAMAGE DONE TO YOUR COMPUTER. I AM PROVIDING THIS GUIDE AS A HELPFUL PATH TO FIX A MAJOR PROBLEM, BUT CANNOT BE RESPONSIBLE FOR WHAT YOU DO TO YOUR COMPUTER.
Keep your Windows disc handy because there may be a point where you need to do a Repair on the computer to replace virus infected files with clean versions. I will provide instructions on how to do a Repair at a later date and link to it from here.
The first thing is to establish what version of the damn thing you have. I have encountered 3 different types of the virus: 1) Just starts on boot, doesn’t do much to STOP you from doing things, just is persistent and annoying. Usually rebooting into safe mode will allow you to clean it. 2) Starts on boot, and stops you from running any program with very specific exceptions, including Internet Explorer. Rebooting into safe mode gives you a 0x7B error and must be cleaned from a normal boot into Windows. 3) The nastiest of all, this version starts on boot, places rootkits throughout the system and generally shuts down the system making it useless.
I’ll start with the first version, the easiest to clean.
The first thing that you need to do is disconnect your computer from the Internet. Doing this will prevent additional viruses, trojans and other baddies from getting into your system during the cleaning. Use a flash drive to copy the cleaning agent files from another computer.
Your first line of defense is going to be a proper antivirus. Most antivirus programs have been horrid at finding and cleaning this virus but the one I’ve found to work best is Avast. When you download the file, make sure to download the 30 MB file. That is the standalone installer that will need to be run on the infected computer. Registration is free, and they will only send you an e-mail with a registration key. If you are using Symantec or McAfee, I do recommend that you remove it AFTER installing Avast!. Do NOT leave your computer open to additional attack by making that mistake.
During the install, Avast! will ask you if you want to perform a “Boot Scan.” Make sure you select Yes. That will perform the scan when your computer reboots. Avast! updates their setup program with the newest definitions every day. Reboot the computer and run the scan.
I highly recommend to repair the files first and if they cannot be repaired, move the files to the chest in case something goes wrong. This is the point that is most likely to wipe out one or two essential Windows files based on which files are infected. If something essential is infected (ntldr, autoexec.bat, etc) then Windows cannot boot correctly after the file is repaired or removed.
Once the boot scan is complete, you should have a fully functioning system again. If not, you will need to move on to some more advanced cleaning techniques.
No comments yet.