Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

av-guru - perhaps AV 360? Removal method needed

Status
Not open for further replies.

davegmail

IS-IT--Management
Jun 4, 2006
186
US
I need a way to remove av-guru from Windows Vista 64. I've tried searching on Google. Tried various things, no luck, such as "STOPzilla.exe", etc.

I can surf via safe mode or standard mode with Firefox but not IE. I cannot save pages in Wordpad or open an Open Office document.

I've tried going to Bit Defender Online or Trend Online but neither work. I can go as far as downloading, but not be able to run them. "Unable to complete the download"

Bit Defender online found nothing.

Thanks, DAve
 
There is not much around on that "Av Guru", it must be a new infection?

Have a look at this post which is more for the bogus Anti Virus software that infects many computers that are Internet surfed by Administrative users, especially in XP.

How to remove XP Internet Security 2010, Antivirus Vista 2010, and Win 7 Antispyware 2010



I see lots of recommendations here for programs like the following which may be worth a try if you have any infection. The malware might have a list of programs that it will prevent from running (including these that I suggest). Sometimes such a list will be visible in this location of the Registry



Malwarebytes' Anti-Malware

SuperAntispyware


Sometimes lists of application.exe get placed in this Key as a way of preventing certain .exe from running, or causing them to start the malware .exe instead. Windows itself will place mainly .dlls and one or two ,exe in there, so you should check with a non-virused XP for comparison before assuming your Key has been altered. A good clue to trouble is when you see anti virus, or other security tools listed in there.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options

Using Image File Execution options as an Attack Vector on Windows
 
Thanks Linney,

I used several tools - AVG free, then used tips in later IE to reset settings and used other online scans. AVG free found one trojan and was deleted. System is now 100%.

Great! Dave
 
dave,

For future reference, if the question/issue is related to a virus/malware, it should be posted here:
forum760

Also, in case you did not already do this, you should turn off system restore, reboot, then re-enable system restore, and set a new restore point - to make sure no virus was able to hide itself in your old restore points. Otherwise you could be reinfected.

Also, I'd not trust the way the system "feels", nor would I trust one scanner to verify the system is clean. I'd try a few scanners, such as your active antivirus, as well as some pure scanners - Malwarebytes, SuperAntispyware, possibly an online scanner - wouldn't hurt. You can look at for instance.

Also, a good cleaning after the virus removal would be good in case the AV program missed anything that the clean-up tools might get for you - CCleaner, Advanced System Care, Glary Utilities.. probably others out there as well... RegScrubXP for Windows XP or possibly Windows 2000 machines.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top