Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Heard of "Windows Antivirus 2004" program? 12

Status
Not open for further replies.

ShawnF

IS-IT--Management
Oct 1, 2001
149
US
Hello,

I looked at someone's computer yesterday to clear up some hard drive space. There computer had several spyware/advertising popup programs on it as well that I discovered. But what disturbed me most was that they were running Antivirus software I had never heard of--Windows Antivirus 2004. It wasn't a Symantec or McAfee product, though it used a similar style and color scheme of that of Symantec's with the yellows and blacks.

Supposedly, the owner of the computer said that they got a message (whether popup, E-mail, or otherwise I don't know) saying their antivirus was about to expire and that they needed to renew. Norton Antivirus had been uninstalled from the PC (logged in the XP restore checkpoint list) a couple weeks ago and somehow this Windows Antivirus took it's place. I've done searching on Google and cannot find any reference to this software. I looked at the Help --> About drop down menu for the software and it did not mention a company or URL It just had a yellow window with the software name and version. The software was VERY basic with basic menus and basic screens. I removed the software and installed a Symantec product.

I'm worried that this might not be a legit program and that it may not be completely removed from the system. Does anyone know anything about Windows Antivirus 2004?
 
To the remove the reg entrees go to the run command in the start menu and type Regedit or regedit32, either one works. Then from the edit menu select find and start searching for WinAntivirus, WinPopupGuard and WinFirewall2004 deleting* the entrees as you go.

*Note: deleting the wrong thing in the registry can damage a system so I urge caution, and refuse to take any blame if it screws something up.
 
What I've been learning about spyware/adware in general is that there is no simple 1-2-3 step process to removal. Every case has been unique. I've seen everything from simple annoying popup ads, to full blown computer crashes and computers not even booting because of numerous spyware programs all trying to load during boot up and crashing and causing an endless loop. Programs like Ad-aware and Spybot work great, but they only work about 80% of the time for me. The rest of the time, I have to go through the computer and basically just snoop around and look for things that don't seem right. This can be anything from looking at folder names in the C:\Program Files directory or other directories, to going through the registry and searching for key terms I know of, plus looking at the RUN folders and looking for suspicious things. Sometimes doing all that isn't enough, and it can get to the point where restoring a machine, reloading software, and reloading data is faster then spending hours upon hours of searching for spyware.

Spyware wasn't designed to be easily detected, much less easily removable. And it seems that when you get one of them on the machine, it invites all it's friends. What worked for me in the case of WinAntivirus and PopupGuard was to "uninstall" them from Add/Remove Programs, look for and delete what looked like their folders in C:\Program Files, run Ad-aware and Spybot, search the registry for key terms (e.g. search for "Winantivirus"), and finally to snoop around for folders elsewhere such as C:\Documents and Settings\Users Name\Application Data. I don't remember where I found some folders to delete or what they were called, and it really wouldn't matter anyway because their names and locations could easily change from one computer to another.

As for going through the registry, I don't recommend doing anything with it unless you are comfortable modifying the registry and know how to undo things if you made a mistake. Editing the registry can be very dangerous and can prevent the computer from booting. And of course, make sure to back up the registry before doing anything.
 
I looked in the registry but found none of them - prob cuz I just cleaned my system with SpyBot and Ad-Adware. BUT I did find that I didn't have the box checked to ask me if I wanted to allow any of them. Now that I have done that I get a popup telling me it wants access, at which I say no. I can change it to not ask me but am interested in how often it's happening - for now anyhow. If nothing else I don't get the full screen in my face and have to stop to alt-ctrl-del. I'm waiting to see if XP SP2 really has better security b4 installing it - hopefully it will help. In the meantime, you all are a great resource and I sure appreciate the time you take to post and research this stuff.

Thanks!!!!
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top