Annoying AntivirusSoft needs to die.

[General BlackDragon]

My computer booted up this morning and started giving me *hoot*.

Some program called Antivirus Soft won't let me even run AVG or Task Manager claiming they're "infected" and wants me to scan my computer. I've never seen this Antivirus Soft before and I'm weary of it. I let it do it's scan, only to find out it wants me to purchase the full version before it'll "fix" any of the problems it wants me to.

Teamspeak 3, Task Manager, AVG, NVidia Control Panel all won't run. I havn't tried much else. OF course IE and Firefox run, they want my money.

What is this? How do I fix it?

[Red Spot]

Its probably not what you would call a 'virus', but I sure do see it as that.

For a few months I have worked as helpdesk employee regarding basic software support and Inet support, we would go as far as giving people 2 bits of advice (in general):
-dont click everything you see on the Inet
-reinstall

All the normal 'get rid of it' routines dont seem to work with these 'AV' programmes.

[Axeminister]

This is what Manson does. Try to pm him, he's registered here as Wraith now. His actual signature for his profile is a program that might help.

[SkyNET]

There are Malware programs that pretend to be Antivirus programs, this sounds like one. Try google and see if you can find a removal tool. I suggest running HijackThis too.

[AHadley]

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft

[General BlackDragon]

Thanks hadley. I managed to restore operation of my computer by rebooting and opening task manager before the antivirus soft opened. After killing it in task manager I was able to resume normal operations. I am going through the bleepingcomputer steps now.

[mrtwosheds]

Make sure you backup your valuable data asap.
Some of these "Antivirus" Hijacks can be very dangerous.
You may be needing to reinstall your OS shortly.

[Nielk1]

Ahhhh, a classic. I think I've fixed this on 3 PCs now, though I never remember how and always end up fumbling it away white sitting in front of the thing.

[Vid]

I've found a similar infection on a few machines.
One I was able to get hijackthis to load, but no other antivirus/antispyware/removal tool.  Combofix was even blocked no matter the spelling or file type.  I found it to be a single file infection oddly enough though and when I was able to run hijackthis, I found the file and set it to delete on reboot.  After that, the pc resumed normal function, and after scanning with 5-6 engines.. they never really found anything.

Another blocked Hijackthis, and I had to end up running off a bootable CD and deleting the file from there, which also removed virus symptoms, although there were a few more nasties to clean up.  With malware digging down into the core of windows and protecting itself from deletion/preventing everything else from running, it is becoming more annoying to deal with these threats. 

Were you running on 32bit or 64bit windows?  Supposedly malware have less access to the kernal on 64bit systems and aren't as difficult to fight(inside the windows environment, because fighting from a bootable CD is always easier).

[AHadley]

We had a russian something on a set of PCs that came in to my first work palcement... it caused bluescreens, but then when we got around that it took up the antivirus moniker.

Oh yeah, and it added the infamous bluescreensaver.

[General BlackDragon]

Oh yeah, and it added the infamous bluescreensaver.

Lol

I'm back now. Took over 10 hours to scan my pc, must have alot of junk in there...

[Bump N Go]

How did it get on your system in the first place?

[AHadley]

How did it get on your system in the first place?

It tends to come bundled with other software... often legitimate installers that have been modified to install the malware too. There's a PDF exploit that'd allow it to get in too.

[bb1]

I think I may have that one... it sometimes randomly redirects me to a site with a CSS making it look very much like an XP folder view and scan. AVG has since started blocking the redirect calling it "Exploit Rogue Scanner" with no more information available. I'm thinking it may not be my PC, but websites that get hijacked will redirect people to it. That or it's an ad.

Ahh, could this be the cause of my hyper transport sync flood errors at startup?

[Bump N Go]

Avast home edition is free and scans things like the web, email, my network. It pisses peeps off when unscrupulus software companies give us free software and assume falsely that we grant them permiso to install extra crap on our systems.