Smart antivirus 2009

**sublib25** · 07-09-08, 03:18 PM

Picked this up today,
system restored,but is still hidding in program files,favorites and still had shortcuts on desktop.
Deleted favourites & shortcuts.
Anyone had this virus,Just got back on line so I thought I'd try here first,
RAR file was scanned with nod32 before openning and found nothing.
Don't really want to reformat but looks like the only option.

**ssrattus** · 07-09-08, 03:45 PM

From other threads malwarebytes does a pretty good job...

also How to remove Smart Antivirus 2009 (Uninstall Instructions) says malwarebytes is good.

Please download Malwarebytes' Anti-Malware to your desktop.

http://www.besttechie.net/tools/mbam-setup.exe

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

**Woodstock** · 07-09-08, 03:55 PM

5 th customer got anti-virus 2008 ... and Malwarebytes failed this time for me ... its removed it all .. then done reboot still there .. I deleted stacks of temp files .. .exes etc etc .. miserable bastard just not go .. so only answer was format ..

**sublib25** · 07-09-08, 04:24 PM

Cheers guys downloading now will post results.

**sublib25** · 07-09-08, 04:47 PM

Malwarebytes' Anti-Malware 1.26
Database version: 1122
Windows 5.1.2600 Service Pack 3

7/09/2008 4:49:21 PM
mbam-log-2008-09-07 (16-49-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 69898
Time elapsed: 17 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Darren\Local Settings\Temp\sfsrv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darren\Local Settings\Temp\smchk.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{542D874F-3C2E-4B21-A412-0BC7D7EB6918}\RP53\A0028867.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{542D874F-3C2E-4B21-A412-0BC7D7EB6918}\RP53\A0028868.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{542D874F-3C2E-4B21-A412-0BC7D7EB6918}\RP53\A0028876.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{542D874F-3C2E-4B21-A412-0BC7D7EB6918}\RP54\A0034181.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Smart Antivirus 2009\vscan.tsi (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darren\Local Settings\Temp\HDVideodll_ver1.5006.0.exe (Trojan.Agent) -> Quarantined and deleted successfully.

**sublib25** · 07-09-08, 04:49 PM

Running scan again now, looks like may have deleted all infected files,
Thanks SSrattus, much appreciated.

**PhillTheQuad** · 07-09-08, 05:56 PM

sic job, you had it good lol.
dont hurt to run ccleaner after removal, removing temp and leftover reg files.
check ya msconfig to see you only have legit startups.

**Woodstock** · 07-09-08, 05:57 PM

make sure ya turn off system restore as well !

**RHCP** · 07-09-08, 07:32 PM

Don't know if it's the same, but sounds similar to XP anti virus.
There's a thread about it at ocau. I got this on my parents comp, and it was an abslute hoe. There appears to be different strains with different levels of hoe'ness.

XP Antivirus 2008 - Overclockers Australia Forums

Cheers, RHCP.

**PhillTheQuad** · 07-09-08, 07:39 PM

yea its the same scumbag mob.
How to remove Antivirus 2009 (Uninstall Instructions)

sumone should shoot them.

**Studio1** · 08-09-08, 12:22 PM

Reformatting not necessary... use the tools to remove the problem.

**sublib25** · 08-09-08, 12:29 PM

Looks like all malware is gone ,but now nod32 will not update.

**mandc** · 08-09-08, 12:48 PM

Quote:

Originally Posted by sublib25

Looks like all malware is gone ,but now nod32 will not update.

There was a recent thread about this. Try continual manual updates...can take up to 30 tries before success.
No recent NOD32 updates

**Twoshots** · 08-09-08, 01:08 PM

I have a similar problem with a nasty calling itself:
XPSecuritycenter.

Did the suggested manual removal processes.
then did a Trend housecall scan, now both machines running XP get to the welcome screen and just hang, or blue screen.

Nothing of importance on them so i think i will just format and be done with it,
pain in the keester.

**PhillTheQuad** · 08-09-08, 01:18 PM

Quote:

Originally Posted by mandc

There was a recent thread about this. Try continual manual updates...can take up to 30 tries before success.
No recent NOD32 updates

yes, this nod32升级-最新nod32升级id、nod32升级服务器、nod32 下载
is in that thread i think.

**therufus** · 08-09-08, 01:56 PM

This thing is everywhere!

**Sanity** · 08-09-08, 02:00 PM

Quote:

Originally Posted by therufus

This thing is everywhere!

Sure is.

I havent seen any virus/malware/trojan/nasty etc appear this much in many years. Fortunately Malwarebytes makes removal easy though I suspect many people will format their system thinking it is too hard to get rid of.

**sublib25** · 08-09-08, 03:31 PM

All good thanks guys,
saved me heaps of time.
Much appreciated.

**PunX0r** · 08-09-08, 03:48 PM

We have had about 30 cases of this in the last 3 weeks

**Twoshots** · 08-09-08, 04:01 PM

Quote:

Originally Posted by Sanity

Sure is.

I havent seen any virus/malware/trojan/nasty etc appear this much in many years. Fortunately Malwarebytes makes removal easy though I suspect many people will format their system thinking it is too hard to get rid of.

Im about to put it in the to hard bin and format.
I cannot get windows up so i can try the suggested fixes.
Just hangs or blue screens.
"ADW_Xpsecurityce"

Will not work under :
Safemode
vga mode
Last known good...

Could you offer a suggestion as to how to get her up.?

07-09-08, 03:18 PM	#1 (permalink)
sublib25 Middle aged Member iTrader: (1) Join Date: Jan 2008 Location: My House Posts: 173 Spent time on board: 1 Week, 0 Days and 9:57:05	Smart antivirus 2009 Picked this up today, system restored,but is still hidding in program files,favorites and still had shortcuts on desktop. Deleted favourites & shortcuts. Anyone had this virus,Just got back on line so I thought I'd try here first, RAR file was scanned with nod32 before openning and found nothing. Don't really want to reformat but looks like the only option.

07-09-08, 03:55 PM	#3 (permalink)
Woodstock Senior Member iTrader: (14) Join Date: Jan 2008 Location: Mt Gambier Posts: 727 Spent time on board: 2 Weeks, 4 Days and 9:46:56	5 th customer got anti-virus 2008 ... and Malwarebytes failed this time for me ... its removed it all .. then done reboot still there .. I deleted stacks of temp files .. .exes etc etc .. miserable bastard just not go .. so only answer was format .. __________________ Trust thyself only, and another shall not betray thee.

07-09-08, 04:49 PM	#6 (permalink)
sublib25 Middle aged Member iTrader: (1) Join Date: Jan 2008 Location: My House Posts: 173 Spent time on board: 1 Week, 0 Days and 9:57:05	Running scan again now, looks like may have deleted all infected files, Thanks SSrattus, much appreciated. Last edited by sublib25 : 07-09-08 at 04:51 PM. Reason: spelling

07-09-08, 05:56 PM	#7 (permalink)
PhillTheQuad Quadmeister iTrader: (7) Join Date: Jan 2008 Location: nelson bay Posts: 604 Spent time on board: 2 Weeks, 3 Days and 2:24:14	sic job, you had it good lol. dont hurt to run ccleaner after removal, removing temp and leftover reg files. check ya msconfig to see you only have legit startups. __________________ vote for Luke fundraiser http://mydreamis.ingdirect.com.au/?id=3635

07-09-08, 05:57 PM	#8 (permalink)
Woodstock Senior Member iTrader: (14) Join Date: Jan 2008 Location: Mt Gambier Posts: 727 Spent time on board: 2 Weeks, 4 Days and 9:46:56	make sure ya turn off system restore as well ! __________________ Trust thyself only, and another shall not betray thee.

07-09-08, 03:45 PM	#2 (permalink)
ssrattus Super Moderator iTrader: (0) Join Date: Jan 2008 Posts: 1,233 Spent time on board: 3 Weeks, 6 Days and 6:40:38	From other threads malwarebytes does a pretty good job... also How to remove Smart Antivirus 2009 (Uninstall Instructions) says malwarebytes is good. Please download Malwarebytes' Anti-Malware to your desktop. http://www.besttechie.net/tools/mbam-setup.exe Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select Perform quick scan, then click Scan. When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected. When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

07-09-08, 04:24 PM	#4 (permalink)
sublib25 Middle aged Member iTrader: (1) Join Date: Jan 2008 Location: My House Posts: 173 Spent time on board: 1 Week, 0 Days and 9:57:05	Cheers guys downloading now will post results.

07-09-08, 04:47 PM	#5 (permalink)
sublib25 Middle aged Member iTrader: (1) Join Date: Jan 2008 Location: My House Posts: 173 Spent time on board: 1 Week, 0 Days and 9:57:05	Malwarebytes' Anti-Malware 1.26 Database version: 1122 Windows 5.1.2600 Service Pack 3 7/09/2008 4:49:21 PM mbam-log-2008-09-07 (16-49-21).txt Scan type: Full Scan (C:\\|) Objects scanned: 69898 Time elapsed: 17 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 13 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\Darren\Local Settings\Temp\sfsrv.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\Documents and Settings\Darren\Local Settings\Temp\smchk.exe (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{542D874F-3C2E-4B21-A412-0BC7D7EB6918}\RP53\A0028867.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{542D874F-3C2E-4B21-A412-0BC7D7EB6918}\RP53\A0028868.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{542D874F-3C2E-4B21-A412-0BC7D7EB6918}\RP53\A0028876.exe (Rogue.Installer) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{542D874F-3C2E-4B21-A412-0BC7D7EB6918}\RP54\A0034181.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\Smart Antivirus 2009\vscan.tsi (Rogue.SmartAntivirus) -> Quarantined and deleted successfully. C:\Documents and Settings\Darren\Local Settings\Temp\HDVideodll_ver1.5006.0.exe (Trojan.Agent) -> Quarantined and deleted successfully.

07-09-08, 07:32 PM	#9 (permalink)
RHCP Depressingly Boring iTrader: (3) Join Date: Jan 2008 Location: Molesting a Cow Posts: 257 Spent time on board: 3 Weeks, 2 Days and 5:26:15	Don't know if it's the same, but sounds similar to XP anti virus. There's a thread about it at ocau. I got this on my parents comp, and it was an abslute hoe. There appears to be different strains with different levels of hoe'ness. XP Antivirus 2008 - Overclockers Australia Forums Cheers, RHCP. __________________ Democracy: Three wolves and a sheep voting on what's for lunch.

07-09-08, 07:39 PM	#10 (permalink)
PhillTheQuad Quadmeister iTrader: (7) Join Date: Jan 2008 Location: nelson bay Posts: 604 Spent time on board: 2 Weeks, 3 Days and 2:24:14	yea its the same scumbag mob. How to remove Antivirus 2009 (Uninstall Instructions) sumone should shoot them. __________________ vote for Luke fundraiser http://mydreamis.ingdirect.com.au/?id=3635

08-09-08, 12:22 PM	#11 (permalink)
Studio1 Senior Member iTrader: (0) Join Date: Jan 2008 Location: Inside the toaster Posts: 484 Spent time on board: 3 Days and 11:13:34	Reformatting not necessary... use the tools to remove the problem.

08-09-08, 12:29 PM	#12 (permalink)
sublib25 Middle aged Member iTrader: (1) Join Date: Jan 2008 Location: My House Posts: 173 Spent time on board: 1 Week, 0 Days and 9:57:05	Looks like all malware is gone ,but now nod32 will not update.

08-09-08, 01:08 PM	#14 (permalink)
Twoshots Premium Member iTrader: (3) Join Date: Jan 2008 Location: In the Wood Posts: 449 Spent time on board: 1 Week, 3 Days and 23:15:12	I have a similar problem with a nasty calling itself: XPSecuritycenter. Did the suggested manual removal processes. then did a Trend housecall scan, now both machines running XP get to the welcome screen and just hang, or blue screen. Nothing of importance on them so i think i will just format and be done with it, pain in the keester. __________________ Old Dog, No Flies

08-09-08, 01:56 PM	#16 (permalink)
therufus Senior Member iTrader: (0) Join Date: Jan 2008 Location: Cranebrook, NSW Posts: 100 Spent time on board: 17:05:17	This thing is everywhere!

08-09-08, 03:31 PM	#18 (permalink)
sublib25 Middle aged Member iTrader: (1) Join Date: Jan 2008 Location: My House Posts: 173 Spent time on board: 1 Week, 0 Days and 9:57:05	All good thanks guys, saved me heaps of time. Much appreciated.

Sponsored Links

Sponsored Links

Sponsored Links

Sponsored Links

08-09-08, 03:48 PM	#19 (permalink)
PunX0r Premium Member iTrader: (1) Join Date: Jan 2008 Location: Tha Gong Posts: 258 Spent time on board: 1 Week, 3 Days and 20:21:29	We have had about 30 cases of this in the last 3 weeks

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode