In many of the infected computers I've dealt with, programs like "Video Access ActiveX Object" show up in the Control Panel and are the initial infection that start the whole issue. Most of these programs when scanned with an up-to-date virus scanner are shown to be infected with viruses like Troj.Zlob.AN or Spyware.Cyberlog-X. In the case of AntivirusGolden, I was confronted with the following popup message of a Critical System Warning telling me I had been infected with Cyberlog-X Soon after I was presented with the AntivirusGolden advertisement on my screen. and then it downloaded, placed the following icon on my desktop and started scanning the system Logfile of HijackThis v1.99.1 Scan saved at 5:38:50 PM, on 3/18/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16414) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Video Access ActiveX Object\pmsnrr.exe C:\Program Files\Video Access ActiveX Object\pmmnt.exe C:\Program Files\Video Access ActiveX Object\pmmnt.exe C:\Program Files\AntiviralGolden\AntiviralGolden.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [AntiviralGolden] C:\Program Files\AntiviralGolden\AntiviralGolden.exe /h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163981700061 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe Step
by Step Procedure for Removing AntivirusGolden or AntiviralGolden Before attempting this removal procedure, download the following removal tools to your desktop and install them.
Removal Procedure 1) Download the programs above to your desktop, extracting and install them. 2) Open SmitFraudFix, and choose option 4 to check for updates and download any updates, then quit the program 3) Restart your computer in Safe Mode 4) Open the SmitRem folder and double-click on RunThis.bat to start the SmitRem removal procedure. Besides removing particular files that it looks for, the tool also runs the Disk Cleanup tool to remove temporary files on the hard drive that may contain problem files. For a Tutorial on using SmitRem click here 5) After SmitRem has finished, open SmitFraudFix and choose to search (option 1) and clean (option 2) and run a full system scan to remove anything it finds. For a tutorial on using SmitFraudFix click here 6) Double-click on MalwareBytes, install it, update it, and run it to remove misc rogue application files. If you prefer you can purchase MalwareBytes Anti-Malware which provides a realtime monitor that will alert you if you attempt to download a rogue program. 7) While still in Safe Mode, run CCleaner. Analyze and Clean files it finds, then click on the Issues button on the left side of the screen and Scan and Fix any Registry issues CCleaner discovers. Run both the Registry Scanner and the File Analyzer until nothing else is found. 8) Run Hijackthis and Remove any leftover issues. If you are not sure, if a line in Hijackthis is a problem, reboot in normal mode and use the Online HiJackthis Scanner to see if the file is a threat. Just copy and paste your Hijackthis log file into the scanner and let it analyze it for you. Although its not perfect, it will give you an idea if your system is clean or still needs some work. Do not delete anything with Hijackthis unless you are absolutely sure what the file is and what it does. Another great tool to use is Process Library to see if a file is a threat. For items in the Hijackthis log like the following, that will not delete manually, use KillBox to browse to the location of the file and delete it or delete it on reboot. Items that are impossible to remove unless using Killbox usually show up in the 20 section of Hijackthis. O20
- Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll 9) Reboot computer in Normal mode 10) Open the Add/Remove Control Panel, and uninstall any leftover programs like "AntivirusGolden" or any Video Active X programs that were the root cause of the infection. 11) Delete any leftover directories for AntivirusGolden in the C:\Program Files folder by right-clicking on the AntivirusGolden folder and choosing Delete. 12) Scan your computer with online virus scanner like Housecall, BitDefender, or eTrust or download and install an antivirus program and run a complete scan. A list of online scanners is below, some however will only scan but not remove issues. Online
Virus Checkers You may also want to run a thorough scan for adware/spyware using Ad-aware SE, Spybot Search and Destroy, or Windows Defender as well to make sure your system is absolutely clean of other malware. You can visit my page for other Essential Tools to Use in Removing Spyware, Adware, Trojans, and Viruses Congratulations! Your computer should be free of the AntivirusGolden. Please be careful when being prompted to download any more Video Active X components to watch a particular video. If in doubt, dont install it.
Printer Friendly Version of This Page Bookmark and Share this Article on PCHELL with these Social Networks: Removal Instructions for Other Programs Spyware Removal and Other Resources Essential Tools for Removing Spyware, Adware, and Malware Rootkit Removal Tools and Help How to Delete Undeleteable Files Review of Free Registry Cleaner How to Manually Run the Microsoft Malicious Software Removal Tool How to Remove Windows Diagnostic or Windows Restore malware Bargain Buddy Removal Instructions and Help Click2FindNow and I-Lookup Removal Electronic Greeting Card Virus - MSDATAACCESS.EXE Removal Instructions and Help Powered by Zedo Popup Ad Removal Instructions and Help Search and Destroy Removal Instructions and Help Spyaxe, Spy Trooper, Spy Sheriff, Brave Sentry and Similar Removal Instructions and Help TheSpyBot Removal Instructions and Help Spam Blocker Utility Removal Instructions and Help DriveCleaner Removal Instructions and Help Alfacleaner Removal Instructions and Help Spylocked Removal Instructions and Help AntivirusGolden Removal Instructions and Help VirusProtectPro Removal Instructions and Help UltimateDefender and UltimateCleaner 2007 Removal Instructions and Help VirusRescue Removal Instructions and Help PestCapture Removal Instructions and Help SystemDoctor 2006 Removal Instructions and Help How to Fix Task Manager disabled by your Administrator How to Fix Problem Changing Desktop Wallpaper How to Remove SmitFraud Variants like WinAntivirus Pro 2007 and PestCapture SurfSideKick Removal Instructions and Help How to Remove Zango Search Assistant and Toolbar About:Blank Homepage Hijacker Removal Instructions and Help Kazaa Removal Instructions and Help How to Disable Windows XP Security Alert Balloons and Notifications res://random.dll Homepage Hijacker Removal Instructions and Help IBIS Web Search (websearch.com) Removal Instructions and Help Open Search Web (Lop.com) Removal Instructions and Help UPDMGR.EXE Removal Instructions and Help FCADVICE.EXE Removal Instructions and Help U3 Smart Drives - What are they and how to remove U3 Dubolom.com Homepage Hijacker Removal Instructions and Help DSO Exploit Removal Instructions and Help FastSearch.cc Homepage Hijacker Removal Instructions and Help My Web Search Removal Instructions and Help Cursor Mania Removal Instructions and Help Fun Buddy Icons Removal Instructions and Help Smiley Central Removal Instructions and Help My Mail Stamps Removal Instructions and Help My Mail Stationery Removal Instructions and Help My Mail Signatures Removal Instructions and Help Fun Web Products Popular Screensavers Removal Instructions and Help Webfetti Removal Instructions and Help What is PDF Spam and Does it Contain Viruses Hugesearch.net Homepage Hijacker Removal Instructions and Help Search-Space.com and Start-Space.com Homepage Hijacker Removal Instructions and Help How to Remove Global-Finder.com Homepage Hijacker Huntbar and Search Toolbar Info and Removal Look2Me Removal Instructions and Help Lookfor.cc (res://mshp.dll/index.html) Homepage Hijacker Removal Instructions and Help MaximumSearch.net Homepage Hijacker Removal Instructions and Help Ncase Removal Instructions and Help People OnPage Toolbar Info and Removal SearchMyRequest.com Homepage Hijacker Removal Instructions and Help Smartsearch.ws Homepage Hijacker Removal Instructions and Help SysUpd.exe (TSCash) Removal Instructions and Help Ezula TopText (yellow underlined links) Removal Instructions and Help How to Remove SpeedBlaster and MemoryMeter TopRebates and WebRebates Removal Instructions and Help Twaintec.dll Removal Instructions and Help Viewpoint Removal Instructions and Help WildTangent Removal Instructions and Help |
Tools for Removing Spyware, Adware, and Malware PC HELL Welchia (Dllhost.exe and SVCHost.exe) Worm Removal Uninstall Antivir Instructions How to Manually Run the Microsoft Malicious Software Removal Tool Bloodhound.Exploit.6 Virus Removal Backdoor SDBot.H Trojan Removal
iPadastic - News, Tutorials, Help, Tips, and Hints for the iPad Download Hoyle Games |
Recommended Software for PC Hell Visitors | |||||
Malwarebytes Anti-Malware |
iolo System Mechanic® |
Emsisoft Anti Malware |
|||
Search PCHELL.COM |
|