Hijacked by AntiVirus Gold

Originally Posted by veliko

Hello Terry,

I had the EXACT same problem as you (with ANTIVIRUS GOLD) and solved it
as detailed below.

I read the follow-up posts to your original email and it seems that
some of the responses missed the nail in helping you out (one guy even
criticized you for installing "off-brand" antivirus... - he missed the
WHOLE point of your email for help not realizing that you DID NOT
install ANTIVIRUS GOLD ant that it simply took over your system).

In any event, I went to antivirus-gold.com customer service and emiled
a complaint asking how to get rid of this. But of course they never
responded.

I WAS able to get rid of it though and mayby this will help you to.

I'm running under XP Pro.

In Windows "Help and Support" (accessible via Start button), I clicked
"Undo changes to your computer with System Restore".

I then selected "Restore my computer to an earlier time". When the
calendar came up, I selected an available restore point a few days
BEFORE the time when this whole problem started, rebooted as requested,
and it's fine now.

How it happened: In my case, I let my guard down by stopping both
McAfee Vscan and McAfee AntiSpyware. I stopped these because I was
burning DVD's for my business. When the burning completed, I forgot to
re-arm these guys and went surfing. I hit a site that needed to load a
CODEC to run the video. I run a film to DVD business and I try to make
sure I always have all the latest CODECS and so I loaded the new
"codec" and that's when the problem started. (ok ok, it was a porn site
;-)

I would appreciate you letting me know if this solution help you at
all.

Veliko



Kerry Brown wrote:
> "Terry Smythe" <smythe@shaw.ca> wrote in message
> news:d0l991lmb7qbhnb5kc3pesl5nem4rpl64k@4ax.com...
> >I have now verified that my desktop has been hijacked by
> > "desktop.html" It resides in c:\windows I've tried
> > deleting it and editing it, but can't get rid of it. Keeps coming
> > back from somewhere, no matter what I do.
> >
> > It has imbedded within it a command to visit the Antivirus Gold web
> > site. It appears to be extremely malicious marketing, planting 3
> > virus that only it can remove, and itself. Its message is, 'if you
> > want to remove these virus, then buy me'
> >
> > A search for this file on my computer reveals only 1 copy. If I
> > delete it, it is replaced upon reboot. If I edit it, it is replaced
> > upon reboot.
> >
> > A 'net search suggests an incredibly convoluted procedure for getting
> > rid of it. Surely there must be an easier way.
> >
> > Along with SpyBot, AdAware, Microsoft's new parasite detector/remover
> > fails to see it. They see all kinds of things, but won't touch this
> > one. Registry First Aid finds only a single entry, deletes it, and
> > upon reboot, it's back again. It's not in Startup.
> >
> > I'm hopeful of finding some kind of specific utility to remove this
> > ugly parasite.
> >
> > Regards,
> >
> > Terry Smythe
> >
>
> Go to the following link and download HijackThis.
>
> http://www.aumha.org/freeware/freeware.php#hjt
>
> Run it and then post the log it generates to one of the forums dedicated to
> it's use. A good place to start is here:
>
> http://forum.aumha.org/viewforum.php?f=30
>
> http://www.techsupportforum.com/forumdisplay.php?f=50
>
> http://castlecops.com/forumx67-0-50.html
>
> Don't post the log here. Some malware hides very deep in the system and
> isn't detected by any of the spyware removal programs. Hijackthis and other
> tools will assist in it's manual removal. Barring that you could backup your
> data and reinstall Windows and all your programs then restore the data. If
> you are unable to do either I recommend you take your computer to a
> professional to have it fixed.
>
> Kerry