Smart antivirus 2009

**sublib25** · 07-09-08, 05:18 PM

Picked this up today,
system restored,but is still hidding in program files,favorites and still had shortcuts on desktop.
Deleted favourites & shortcuts.
Anyone had this virus,Just got back on line so I thought I'd try here first,
RAR file was scanned with nod32 before openning and found nothing.
Don't really want to reformat but looks like the only option.

**ssrattus** · 07-09-08, 05:45 PM

From other threads malwarebytes does a pretty good job...

also says malwarebytes is good.

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform quick scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

**Woodstock** · 07-09-08, 05:55 PM

5 th customer got anti-virus 2008 ... and Malwarebytes failed this time for me ... its removed it all .. then done reboot still there .. I deleted stacks of temp files .. .exes etc etc .. miserable bastard just not go .. so only answer was format ..

**sublib25** · 07-09-08, 06:24 PM

Cheers guys downloading now will post results.

**sublib25** · 07-09-08, 06:47 PM

Malwarebytes' Anti-Malware 1.26
Database version: 1122
Windows 5.1.2600 Service Pack 3

7/09/2008 4:49:21 PM
mbam-log-2008-09-07 (16-49-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 69898
Time elapsed: 17 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 13

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Smart Antivirus 2009 (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Darren\Local Settings\Temp\sfsrv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darren\Local Settings\Temp\smchk.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{542D874F-3C2E-4B21-A412-0BC7D7EB6918}\RP53\A0028867.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{542D874F-3C2E-4B21-A412-0BC7D7EB6918}\RP53\A0028868.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{542D874F-3C2E-4B21-A412-0BC7D7EB6918}\RP53\A0028876.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{542D874F-3C2E-4B21-A412-0BC7D7EB6918}\RP54\A0034181.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Smart Antivirus 2009\vscan.tsi (Rogue.SmartAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Darren\Local Settings\Temp\HDVideodll_ver1.5006.0.exe (Trojan.Agent) -> Quarantined and deleted successfully.

**sublib25** · 07-09-08, 06:49 PM

Running scan again now, looks like may have deleted all infected files,
Thanks SSrattus, much appreciated.

**Philquad** · 07-09-08, 07:56 PM

sic job, you had it good lol.
dont hurt to run ccleaner after removal, removing temp and leftover reg files.
check ya msconfig to see you only have legit startups.

**Woodstock** · 07-09-08, 07:57 PM

make sure ya turn off system restore as well !

**RHCP** · 07-09-08, 09:32 PM

Don't know if it's the same, but sounds similar to XP anti virus.
There's a thread about it at ocau. I got this on my parents comp, and it was an abslute hoe. There appears to be different strains with different levels of hoe'ness.

Cheers, RHCP.

**Philquad** · 07-09-08, 09:39 PM

yea its the same scumbag mob.

sumone should shoot them.

**BCNZ** · 08-09-08, 02:22 PM

Reformatting not necessary... use the tools to remove the problem.

**sublib25** · 08-09-08, 02:29 PM

Looks like all malware is gone ,but now nod32 will not update.

**mandc** · 08-09-08, 02:48 PM

Originally Posted by sublib25

Looks like all malware is gone ,but now nod32 will not update.

There was a recent thread about this. Try continual manual updates...can take up to 30 tries before success.

**Twoshots** · 08-09-08, 03:08 PM

I have a similar problem with a nasty calling itself:
XPSecuritycenter.

Did the suggested manual removal processes.
then did a Trend housecall scan, now both machines running XP get to the welcome screen and just hang, or blue screen.

Nothing of importance on them so i think i will just format and be done with it,
pain in the keester.

**Philquad** · 08-09-08, 03:18 PM

Originally Posted by mandc

There was a recent thread about this. Try continual manual updates...can take up to 30 tries before success.

yes, this
is in that thread i think.

**therufus** · 08-09-08, 03:56 PM

This thing is everywhere!

**admin** · 08-09-08, 04:00 PM

Originally Posted by therufus

This thing is everywhere!

Sure is.

I havent seen any virus/malware/trojan/nasty etc appear this much in many years. Fortunately Malwarebytes makes removal easy though I suspect many people will format their system thinking it is too hard to get rid of.

**sublib25** · 08-09-08, 05:31 PM

All good thanks guys,
saved me heaps of time.
Much appreciated.

**PunX0r** · 08-09-08, 05:48 PM

We have had about 30 cases of this in the last 3 weeks

**Twoshots** · 08-09-08, 06:01 PM

Originally Posted by Sanity

Sure is.

I havent seen any virus/malware/trojan/nasty etc appear this much in many years. Fortunately Malwarebytes makes removal easy though I suspect many people will format their system thinking it is too hard to get rid of.

Im about to put it in the to hard bin and format.
I cannot get windows up so i can try the suggested fixes.
Just hangs or blue screens.
"ADW_Xpsecurityce"

Will not work under :
Safemode
vga mode
Last known good...

Could you offer a suggestion as to how to get her up.?

Thread: Smart antivirus 2009

Thread Tools

Search Thread

Display

Smart antivirus 2009

Bookmarks

Bookmarks

Posting Permissions