BEWARE AntiVirGear v3.7

b21 · 15-09-2007 10:07pm #1

:mad: There's a new dog in town, AntiVirGear v3.7. It infects and then tries blackmail to make Windows usable. The only useable feature will be DOS in safe mode, unless you execute the system restore command, which shows the dreaded "Windows Explorer Has Stopped Working" bar. Couldn't even boot the recovery CD to format/reinstall. FYI, have Vista and Norton Security installed and up to date. Norton support gave up, "contact Microsoft. MS doesn't support OEM versions, then called Toshiba, who were very professional but unable to resurrect the dead laptop, and arranged a service pickup/repair.
Anyhow, got everything back now by removing the HDD and formatting with MS DOS, cause windows XP wont let you format a Windows patition/directory. ALSO FYI the BIOS remained intact, although I was very doubtful about this.
BEWARE ActiveX, and AntiVirGear(also Guard).
Thanks to Toshiba for a warranty offer which had nothing to do with them.

C:\ONGRATULATIONS: Apple to MS at Win95 launch.

bushy... · 15-09-2007 10:20pm

A bootable cd might have baled you out of trouble , always worth having one or two.

b21 · 16-09-2007 10:20am

bushy... wrote:

A bootable cd might have baled you out of trouble , always worth having one or two.

"
Good point, but I had one. Toshiba System recovery. This uses a "hiden HDD partition" to get going, plus has a fomat/reinstall fresh Windows feature. Didn't work though. Even tried my retail version of XP professional..no good. Both of these bring you eventually to a windows type explorer box, disabled it seems by the malware.

bushy... · 16-09-2007 11:35am

I should have said an OS that runs from a bootable cd , say Baktrak or bootable XP

Darth Maul · 16-09-2007 11:55am

Unlikely all your problems were virus related, antivirgear is a rouge antivirus scanner which falsley detects malware and looks for payment to remove. it has not been reported to cause the problems you have listed (as this would be a silly thing this program to do as it needs windows running for you to send the money)
its not a virus its a fake virus scanner that users install thinking they are doing good.

A total reinstall in this case was a over reaction.

ActorSeeksJob · 16-09-2007 3:59pm

Darth Maul summed it up nicely.

Read this also
http://www.bleepingcomputer.com/forums/topic108440.html

b21 · 16-09-2007 10:30pm

FYI, thanks FYI. I tried that method of removal, but Safe mode also was infected..the only thing possible was to enter your email address and purchase code, into AntiVirGear dialog, while the PC tried to connect to internet. It couldn't 'cause I pulled the plug. I ultimately think I under-reacted, wasting a day with Norton and Toshiba when the writing was on the windows wall.. Should have mentioned OS VistaHomePremium..is it really just a giant hairball..?

I was planning to sell my Dell4150 w/XPpro but after this episode, I need a spare 4 future blunders...

Darth Maul · 16-09-2007 11:13pm

b21 wrote:

FYI, thanks FYI. I tried that method of removal, but Safe mode also was infected..the only thing possible was to enter your email address and purchase code, into AntiVirGear dialog, while the PC tried to connect to internet. It couldn't 'cause I pulled the plug.

Nothing was infected it was a fake virus scanner

b21 wrote:

I ultimately think I under-reacted, wasting a day with Norton and Toshiba when the writing was on the windows wall..

Any time spent on NORTON is a waste of time.

CptSternn · 17-09-2007 10:33am

I have seen this program create havok on a Vista box. It was installed by a user who had a pop-up on a website that claimed they had been infected by a virus. It was crafted to appear like a normal windows box, with just a CONTINUE button, no other options.

When the user clicked CONTINUE, it installed antivirgear, and rebooted. The problem is, its installation was partially blocked by Windows Defender. It not only corrupted the windows install, it also screwed the emergency recovery partition on the secondary drive.

This happened on a brand new Dell last week. It wouldn't boot, even into safe mode (it would boot, then even before the sidebar opened it gave an error - Windows Explorer has stopped working...).

A big pain to fix. I tried using a boot CD with a few different antivirus proggies - but none found any virus.

It appears this program attempts to manipulate the core in efforts to 'lock' your PC until yu pay them money (even if it finds a false positive it locks your system). The thing is - defender fights this, causing all sorts of issues and it kills the whole system.

It's the first time I have seen something that kills Vista so quickly, without any user help.

ActorSeeksJob · 17-09-2007 12:52pm

It's not that tough to fix tbh.

b21 · 17-09-2007 7:24pm

Thanks bushy and CaptSternn 4 good info.

Opinions are like... Windows, everybody has a copy.

ActorSeeksJob · 18-09-2007 3:44pm

No problem, glad me and Darth Maul could help...

Black Swan · 19-09-2007 12:44am

b21 wrote:

AntiVirGear v3.7. I have Vista and Norton Security installed and up to date. Norton support gave up

You installed a second anti-virus programme on top of Norton? Although this second programme was a ploy, my understanding was that you never run more than one AV scanning programme at one time.*

*Only one AV is recommended! (but several compatible anti-spyware, anti-adware, anti-malware are recommended by PCWorld, PC Magazine, and Wired).

Twin#1 · 28-09-2007 4:49pm

Darth Maul,
I somehow contracted this annoyance by probably installing an AxtiveX control. I am running Windows XP, which continues to operate except for the bogus warning which popups every 10 seconds. I was running the full suite of Mcfee anti-everything. How do you suggest I kill this?

ActorSeeksJob · 28-09-2007 6:56pm

Read
http://www.bleepingcomputer.com/forums/topic108399.html

bpasr · 07-10-2007 8:26am

there is manual removal tutorial with smitfraudfix
for more information look here: antivirgear

Twin#1 · 11-10-2007 12:15am

I successfully eliminated this virus by going back to a recent restore point.

b21 · 20-10-2007 11:04pm

Sorry 'bout the netiquette, thanks to all posters.

Just wish the malware folks would use their talents more constructively. Then again, maybe they are in cahoots with the mainstream removal tools, maybe not. What I mean is if you invest in an organic Garden, and they invest in a flower shop, and they in turn buy stock in a nuclear bomb manufacturing facility, etc. :eek:

numbnuts · 20-10-2007 11:45pm

Bpasr what you posted is dangerous.:mad:
http://siri.geekstogo.com/SmitfraudFix.php

You haven’t seen nor read a HjT logfile.:eek: Nor has the member posted one.

There are certain steps to be taken when running that tool in order and in certain
Way . there are 2 steps to running it and if it is run out off sequence this member
Just might have deleted there desktop … it would need to be confirmed that they have that infection .. If a HjT was not seen ..

b 21 post a Hjt logfile and lets see what you have ..

Download HiJack This from here: http://www.thespykiller.co.uk/files/HJTsetup.exe

This will download HiJack This to your computer, choose "Save" and navigate to the folder where it´s saved and doubleclick upon it.
This is a complete installer that installs Hijackthis onto your computer to C:\Program Files\HijackThis and makes an entry in the start menu & allows you to have a shortcut on desktop as well.

then.......

Doubleclick the HJT icon on your desktop, hit "Do a system scan and save logfile". Save the logfile and a txt-file will be produced.. Copy that one and paste it here

numbnuts:)

bpasr wrote: »

there is manual removal tutorial with smitfraudfix
for more information look here: antivirgear

BEWARE AntiVirGear v3.7

Comments