av-guru - perhaps AV 360? Removal method needed

[davegmail]

I need a way to remove av-guru from Windows Vista 64. I've tried searching on Google. Tried various things, no luck, such as "STOPzilla.exe", etc.

I can surf via safe mode or standard mode with Firefox but not IE. I cannot save pages in Wordpad or open an Open Office document.

I've tried going to Bit Defender Online or Trend Online but neither work. I can go as far as downloading, but not be able to run them. "Unable to complete the download"

Bit Defender online found nothing.

Thanks, DAve

 

[linney]

There is not much around on that "Av Guru", it must be a new infection?

Have a look at this post which is more for the bogus Anti Virus software that infects many computers that are Internet surfed by Administrative users, especially in XP.

How to remove XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-vista-2010

I see lots of recommendations here for programs like the following which may be worth a try if you have any infection. The malware might have a list of programs that it will prevent from running (including these that I suggest). Sometimes such a list will be visible in this location of the Registry



Malwarebytes' Anti-Malware

http://www.malwarebytes.org/mbam.php

SuperAntispyware

http://superantispyware.com/

Sometimes lists of application.exe get placed in this Key as a way of preventing certain .exe from running, or causing them to start the malware .exe instead. Windows itself will place mainly .dlls and one or two ,exe in there, so you should check with a non-virused XP for comparison before assuming your Key has been altered. A good clue to trouble is when you see anti virus, or other security tools listed in there.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

Using Image File Execution options as an Attack Vector on Windows

http://silverstr.ufies.org/blog/archives/000809.html

 

[davegmail]

Thanks Linney,

I used several tools - AVG free, then used tips in later IE to reset settings and used other online scans. AVG free found one trojan and was deleted. System is now 100%.

Great! Dave

 

[linney]

Thanks for the feedback, all the best.

 

[kjv1611]

dave,

For future reference, if the question/issue is related to a virus/malware, it should be posted here:
forum760

Also, in case you did not already do this, you should turn off system restore, reboot, then re-enable system restore, and set a new restore point - to make sure no virus was able to hide itself in your old restore points. Otherwise you could be reinfected.

Also, I'd not trust the way the system "feels", nor would I trust one scanner to verify the system is clean. I'd try a few scanners, such as your active antivirus, as well as some pure scanners - Malwarebytes, SuperAntispyware, possibly an online scanner - wouldn't hurt. You can look at

http://housecall.trendmicro.com

for instance.

Also, a good cleaning after the virus removal would be good in case the AV program missed anything that the clean-up tools might get for you - CCleaner, Advanced System Care, Glary Utilities.. probably others out there as well... RegScrubXP for Windows XP or possibly Windows 2000 machines.