Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

BEWARE AntiVirGear v3.7

  • 15-09-2007 10:07pm
    #1
    Closed Accounts Posts: 22


    :mad: There's a new dog in town, AntiVirGear v3.7. It infects and then tries blackmail to make Windows usable. The only useable feature will be DOS in safe mode, unless you execute the system restore command, which shows the dreaded "Windows Explorer Has Stopped Working" bar. Couldn't even boot the recovery CD to format/reinstall. FYI, have Vista and Norton Security installed and up to date. Norton support gave up, "contact Microsoft. MS doesn't support OEM versions, then called Toshiba, who were very professional but unable to resurrect the dead laptop, and arranged a service pickup/repair.
    Anyhow, got everything back now by removing the HDD and formatting with MS DOS, cause windows XP wont let you format a Windows patition/directory. ALSO FYI the BIOS remained intact, although I was very doubtful about this.
    BEWARE ActiveX, and AntiVirGear(also Guard).
    Thanks to Toshiba for a warranty offer which had nothing to do with them.


    C:\ONGRATULATIONS: Apple to MS at Win95 launch.


Comments

  • Closed Accounts Posts: 1,462 ✭✭✭bushy...


    A bootable cd might have baled you out of trouble , always worth having one or two.


  • Closed Accounts Posts: 22 b21


    bushy... wrote:
    A bootable cd might have baled you out of trouble , always worth having one or two.
    "
    Good point, but I had one. Toshiba System recovery. This uses a "hiden HDD partition" to get going, plus has a fomat/reinstall fresh Windows feature. Didn't work though. Even tried my retail version of XP professional..no good. Both of these bring you eventually to a windows type explorer box, disabled it seems by the malware.


  • Closed Accounts Posts: 1,462 ✭✭✭bushy...


    I should have said an OS that runs from a bootable cd , say Baktrak or bootable XP


  • Closed Accounts Posts: 336 ✭✭Darth Maul


    Unlikely all your problems were virus related, antivirgear is a rouge antivirus scanner which falsley detects malware and looks for payment to remove. it has not been reported to cause the problems you have listed (as this would be a silly thing this program to do as it needs windows running for you to send the money)
    its not a virus its a fake virus scanner that users install thinking they are doing good.

    A total reinstall in this case was a over reaction.


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    Darth Maul summed it up nicely.

    Read this also
    http://www.bleepingcomputer.com/forums/topic108440.html


  • Advertisement
  • Closed Accounts Posts: 22 b21


    FYI, thanks FYI. I tried that method of removal, but Safe mode also was infected..the only thing possible was to enter your email address and purchase code, into AntiVirGear dialog, while the PC tried to connect to internet. It couldn't 'cause I pulled the plug. I ultimately think I under-reacted, wasting a day with Norton and Toshiba when the writing was on the windows wall.. Should have mentioned OS VistaHomePremium..is it really just a giant hairball..?

    I was planning to sell my Dell4150 w/XPpro but after this episode, I need a spare 4 future blunders...


  • Closed Accounts Posts: 336 ✭✭Darth Maul


    b21 wrote:
    FYI, thanks FYI. I tried that method of removal, but Safe mode also was infected..the only thing possible was to enter your email address and purchase code, into AntiVirGear dialog, while the PC tried to connect to internet. It couldn't 'cause I pulled the plug.

    Nothing was infected it was a fake virus scanner
    b21 wrote:
    I ultimately think I under-reacted, wasting a day with Norton and Toshiba when the writing was on the windows wall..

    Any time spent on NORTON is a waste of time.


  • Registered Users, Registered Users 2 Posts: 1,530 ✭✭✭CptSternn


    I have seen this program create havok on a Vista box. It was installed by a user who had a pop-up on a website that claimed they had been infected by a virus. It was crafted to appear like a normal windows box, with just a CONTINUE button, no other options.

    When the user clicked CONTINUE, it installed antivirgear, and rebooted. The problem is, its installation was partially blocked by Windows Defender. It not only corrupted the windows install, it also screwed the emergency recovery partition on the secondary drive.

    This happened on a brand new Dell last week. It wouldn't boot, even into safe mode (it would boot, then even before the sidebar opened it gave an error - Windows Explorer has stopped working...).

    A big pain to fix. I tried using a boot CD with a few different antivirus proggies - but none found any virus.

    It appears this program attempts to manipulate the core in efforts to 'lock' your PC until yu pay them money (even if it finds a false positive it locks your system). The thing is - defender fights this, causing all sorts of issues and it kills the whole system.

    It's the first time I have seen something that kills Vista so quickly, without any user help.


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    It's not that tough to fix tbh.


  • Closed Accounts Posts: 22 b21


    Thanks bushy and CaptSternn 4 good info. :)



    Opinions are like... Windows, everybody has a copy.:confused:


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    No problem, glad me and Darth Maul could help...


  • Moderators, Category Moderators, Science, Health & Environment Moderators, Society & Culture Moderators Posts: 47,812 CMod ✭✭✭✭Black Swan


    b21 wrote:
    AntiVirGear v3.7. I have Vista and Norton Security installed and up to date. Norton support gave up
    You installed a second anti-virus programme on top of Norton? Although this second programme was a ploy, my understanding was that you never run more than one AV scanning programme at one time.*




    *Only one AV is recommended! (but several compatible anti-spyware, anti-adware, anti-malware are recommended by PCWorld, PC Magazine, and Wired).


  • Closed Accounts Posts: 2 Twin#1


    Darth Maul,
    I somehow contracted this annoyance by probably installing an AxtiveX control. I am running Windows XP, which continues to operate except for the bogus warning which popups every 10 seconds. I was running the full suite of Mcfee anti-everything. How do you suggest I kill this?


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob




  • Closed Accounts Posts: 1 bpasr


    there is manual removal tutorial with smitfraudfix
    for more information look here: antivirgear


  • Closed Accounts Posts: 2 Twin#1


    I successfully eliminated this virus by going back to a recent restore point.


  • Closed Accounts Posts: 22 b21


    Sorry 'bout the netiquette, thanks to all posters.

    Just wish the malware folks would use their talents more constructively. Then again, maybe they are in cahoots with the mainstream removal tools, maybe not. What I mean is if you invest in an organic Garden, and they invest in a flower shop, and they in turn buy stock in a nuclear bomb manufacturing facility, etc. :eek:


  • Closed Accounts Posts: 68 ✭✭numbnuts


    Bpasr what you posted is dangerous.:mad:
    http://siri.geekstogo.com/SmitfraudFix.php

    You haven’t seen nor read a HjT logfile.:eek: Nor has the member posted one.

    There are certain steps to be taken when running that tool in order and in certain
    Way . there are 2 steps to running it and if it is run out off sequence this member
    Just might have deleted there desktop … it would need to be confirmed that they have that infection .. If a HjT was not seen ..

    b 21 post a Hjt logfile and lets see what you have ..

    Download HiJack This from here: http://www.thespykiller.co.uk/files/HJTsetup.exe

    This will download HiJack This to your computer, choose "Save" and navigate to the folder where it´s saved and doubleclick upon it.
    This is a complete installer that installs Hijackthis onto your computer to C:\Program Files\HijackThis and makes an entry in the start menu & allows you to have a shortcut on desktop as well.

    then.......

    Doubleclick the HJT icon on your desktop, hit "Do a system scan and save logfile". Save the logfile and a txt-file will be produced.. Copy that one and paste it here


    numbnuts:)


    bpasr wrote: »
    there is manual removal tutorial with smitfraudfix
    for more information look here: antivirgear


Advertisement