Hijacked by AntiVirus Gold

Discussion in 'Windows XP Help' started by Terry Smythe, May 25, 2005.

  1. Terry Smythe

    Terry Smythe Guest

    Earlier today, my main computer was hi-jacked by Antivirus Gold. I
    can uninstall it, but it returns immediately upon reboot. Try as I
    might, I cannot get rid of it. It's taken over my desktop and
    will not allow me to change it, constant black background with a huge
    "Buy Me" advertisement.

    It seems to behave like Spyware, but Microsoft's beta spyware
    detection and removal utility doesn't know about this and fails to see
    it. In fact, none of my housekeeping utilities, including SpyBot,
    AdAware, Registry FirstAid, etc., see it or remove it.

    It won't leave me alone, constantly popping up with warning messages
    urging me to buy.

    At the same time this happened, 3 virus did invade my computer,
    notwithstanding the presence of my SMC Barricade Router:

    sysupd.dll
    delprot.sys
    edmond.exe

    My Norton Anti-Virus detects and removes them following reboot. But
    upon the next reboot, these 3 infected files have somehow been
    restored and are still there. After Norton has done its thing, a
    file search fails to find them, confirming deletion. But they keep
    coming back.

    I have a sinking feeling that this Antivirus Gold utility deliberately
    planted these viruses, and will not allow them to be permanently
    removed until I pay for it. Ugly, ugly, ugly...... :-(

    Suggestions on how to get rid of Antivirus Gold and these 3 virus
    would be appreciated. It somehow got itself installed without my
    knowledge or concurrence. I already have Norton Anti-Virus which
    until now has served me well.

    I'm running WinXP Home, fully updated, including Microsoft AntiSpyware
    beta 1.

    Regards,

    Terry Smythe
    Winnipeg, Canada
     
    Terry Smythe, May 25, 2005
    #1
    1. Advertisements

  2. Terry Smythe

    Mister Scary Guest

    The top anti-spyware program is Webroot Spysweeper. Its real time
    protection is buggy as hell, but its scanner is the best.

    You also might try TDS-3, which is antitrojan software. You never know how
    what you are dealing with is classified. The fact that there are pieces of
    this thing that cannot be deleted and restore the orignal program indicate
    it is behaving an awful lot like an advanced trojan.

    Both programs have legitimate trial versions.

    What in the hell were you doing installing some off-brand anti-virus
    software? Never install anything that isn't on Virus Bulletin's approved
    list. The two universal choice of anti-virus software by knowledgeable
    people are Kaspersky and Eset NOD32.

    "Terry Smythe" <> wrote in message
    news:...
    > Earlier today, my main computer was hi-jacked by Antivirus Gold. I
    > can uninstall it, but it returns immediately upon reboot. Try as I
    > might, I cannot get rid of it. It's taken over my desktop and
    > will not allow me to change it, constant black background with a huge
    > "Buy Me" advertisement.
    >
    > It seems to behave like Spyware, but Microsoft's beta spyware
    > detection and removal utility doesn't know about this and fails to see
    > it. In fact, none of my housekeeping utilities, including SpyBot,
    > AdAware, Registry FirstAid, etc., see it or remove it.
    >
    > It won't leave me alone, constantly popping up with warning messages
    > urging me to buy.
    >
    > At the same time this happened, 3 virus did invade my computer,
    > notwithstanding the presence of my SMC Barricade Router:
    >
    > sysupd.dll
    > delprot.sys
    > edmond.exe
    >
    > My Norton Anti-Virus detects and removes them following reboot. But
    > upon the next reboot, these 3 infected files have somehow been
    > restored and are still there. After Norton has done its thing, a
    > file search fails to find them, confirming deletion. But they keep
    > coming back.
    >
    > I have a sinking feeling that this Antivirus Gold utility deliberately
    > planted these viruses, and will not allow them to be permanently
    > removed until I pay for it. Ugly, ugly, ugly...... :-(
    >
    > Suggestions on how to get rid of Antivirus Gold and these 3 virus
    > would be appreciated. It somehow got itself installed without my
    > knowledge or concurrence. I already have Norton Anti-Virus which
    > until now has served me well.
    >
    > I'm running WinXP Home, fully updated, including Microsoft AntiSpyware
    > beta 1.
    >
    > Regards,
    >
    > Terry Smythe
    > Winnipeg, Canada
    >
     
    Mister Scary, May 25, 2005
    #2
    1. Advertisements

  3. Terry Smythe

    Locke Guest

    A list of what to do to ensure viruses, spyware, and adware off of your
    computer.
    1.. Don't use Internet Explorer, use Firefox. <---- Dont boot me for this
    2.. Turn off system restore and reboot.
    3.. Scan online for free at
    http://housecall.trendmicro.com/housecall/start_corp.asp and
    http://security.symantec.com/sscv6/home.asp?productid=symhome&langid=ie&venid=sym&close_parent=true.
    4.. Download "Spybot Search and Destory", Ad-Aware SE, Spywareblaster, and
    Microsoft Anti Spyware Beta. All of these are freeware. Then run each in
    turn.
    5.. Reboot computer and turn back on system restore.
    Locke

    "Terry Smythe" <> wrote in message
    news:...
    > Earlier today, my main computer was hi-jacked by Antivirus Gold. I
    > can uninstall it, but it returns immediately upon reboot. Try as I
    > might, I cannot get rid of it. It's taken over my desktop and
    > will not allow me to change it, constant black background with a huge
    > "Buy Me" advertisement.
    >
    > It seems to behave like Spyware, but Microsoft's beta spyware
    > detection and removal utility doesn't know about this and fails to see
    > it. In fact, none of my housekeeping utilities, including SpyBot,
    > AdAware, Registry FirstAid, etc., see it or remove it.
    >
    > It won't leave me alone, constantly popping up with warning messages
    > urging me to buy.
    >
    > At the same time this happened, 3 virus did invade my computer,
    > notwithstanding the presence of my SMC Barricade Router:
    >
    > sysupd.dll
    > delprot.sys
    > edmond.exe
    >
    > My Norton Anti-Virus detects and removes them following reboot. But
    > upon the next reboot, these 3 infected files have somehow been
    > restored and are still there. After Norton has done its thing, a
    > file search fails to find them, confirming deletion. But they keep
    > coming back.
    >
    > I have a sinking feeling that this Antivirus Gold utility deliberately
    > planted these viruses, and will not allow them to be permanently
    > removed until I pay for it. Ugly, ugly, ugly...... :-(
    >
    > Suggestions on how to get rid of Antivirus Gold and these 3 virus
    > would be appreciated. It somehow got itself installed without my
    > knowledge or concurrence. I already have Norton Anti-Virus which
    > until now has served me well.
    >
    > I'm running WinXP Home, fully updated, including Microsoft AntiSpyware
    > beta 1.
    >
    > Regards,
    >
    > Terry Smythe
    > Winnipeg, Canada
    >
     
    Locke, May 25, 2005
    #3
  4. Terry Smythe

    Mister Scary Guest

    "Locke" <> wrote in message
    news:HP1le.18473$Fv.13580@lakeread01...
    >A list of what to do to ensure viruses, spyware, and adware off of your
    >computer.
    > 1.. Don't use Internet Explorer, use Firefox. <---- Dont boot me for
    > this


    In the future this might be a good idea but it won't get the junk off of his
    computer now.

    > 3.. Scan online for free at
    > http://housecall.trendmicro.com/housecall/start_corp.asp and
    > http://security.symantec.com/sscv6/home.asp?productid=symhome&langid=ie&venid=sym&close_parent=true.
    > 4.. Download "Spybot Search and Destory", Ad-Aware SE, Spywareblaster,
    > and Microsoft Anti Spyware Beta. All of these are freeware. Then run each
    > in turn.

    He's already mentioned that he's run those. Sometimes the freeware doesn't
    cut it. And those online scanners are really worthless!
     
    Mister Scary, May 25, 2005
    #4
  5. Terry Smythe

    Locke Guest

    That's true but the good thing about using something like the Trend
    Micro is that it isn't corrupted by your virus so there is a chance that it
    might find the virus that Norton might not. Also you have to remember to
    turn off the System Restore anytime something has infected the computer to
    have it truly removed. That list I posted is just a good to know list for
    some of the items and suggestions to remove infections for the rest.

    Locke

    "Mister Scary" <> wrote in message
    news:%23N1b5$...
    >
    > "Locke" <> wrote in message
    > news:HP1le.18473$Fv.13580@lakeread01...
    >>A list of what to do to ensure viruses, spyware, and adware off of your
    >>computer.
    >> 1.. Don't use Internet Explorer, use Firefox. <---- Dont boot me for
    >> this

    >
    > In the future this might be a good idea but it won't get the junk off of
    > his computer now.
    >
    >> 3.. Scan online for free at
    >> http://housecall.trendmicro.com/housecall/start_corp.asp and
    >> http://security.symantec.com/sscv6/home.asp?productid=symhome&langid=ie&venid=sym&close_parent=true.
    >> 4.. Download "Spybot Search and Destory", Ad-Aware SE, Spywareblaster,
    >> and Microsoft Anti Spyware Beta. All of these are freeware. Then run
    >> each in turn.

    > He's already mentioned that he's run those. Sometimes the freeware
    > doesn't cut it. And those online scanners are really worthless!
    >
     
    Locke, May 25, 2005
    #5
  6. Terry Smythe

    Terry Smythe Guest

    I have now verified that my desktop has been hijacked by
    "desktop.html" It resides in c:\windows I've tried
    deleting it and editing it, but can't get rid of it. Keeps coming
    back from somewhere, no matter what I do.

    It has imbedded within it a command to visit the Antivirus Gold web
    site. It appears to be extremely malicious marketing, planting 3
    virus that only it can remove, and itself. Its message is, 'if you
    want to remove these virus, then buy me'

    A search for this file on my computer reveals only 1 copy. If I
    delete it, it is replaced upon reboot. If I edit it, it is replaced
    upon reboot.

    A 'net search suggests an incredibly convoluted procedure for getting
    rid of it. Surely there must be an easier way.

    Along with SpyBot, AdAware, Microsoft's new parasite detector/remover
    fails to see it. They see all kinds of things, but won't touch this
    one. Registry First Aid finds only a single entry, deletes it, and
    upon reboot, it's back again. It's not in Startup.

    I'm hopeful of finding some kind of specific utility to remove this
    ugly parasite.

    Regards,

    Terry Smythe
     
    Terry Smythe, May 25, 2005
    #6
  7. Terry Smythe

    Locke Guest

    Well like I said in my list - make sure you turn off System Restore -
    you go into Control Panel -> System Restore -> Turn off on all drives. You
    can d/l a trial of Webroot's SpySweeper which is very good at finding some
    things the others miss. It is a good idea to run all of them though b/c
    different ones find different things. I also say to use Trendmicro's
    website b/c it is off of your computer and finds and cleans various things.
    The virus can reside in the System Restore and reinstall itself upon
    reboot - it doesnt have to be listed in the startup to do this. If you know
    all of the names that are used by this then search the symantec website,
    many times there is a removal tool that you can run.

    Locke

    "Terry Smythe" <> wrote in message
    news:...
    >I have now verified that my desktop has been hijacked by
    > "desktop.html" It resides in c:\windows I've tried
    > deleting it and editing it, but can't get rid of it. Keeps coming
    > back from somewhere, no matter what I do.
    >
    > It has imbedded within it a command to visit the Antivirus Gold web
    > site. It appears to be extremely malicious marketing, planting 3
    > virus that only it can remove, and itself. Its message is, 'if you
    > want to remove these virus, then buy me'
    >
    > A search for this file on my computer reveals only 1 copy. If I
    > delete it, it is replaced upon reboot. If I edit it, it is replaced
    > upon reboot.
    >
    > A 'net search suggests an incredibly convoluted procedure for getting
    > rid of it. Surely there must be an easier way.
    >
    > Along with SpyBot, AdAware, Microsoft's new parasite detector/remover
    > fails to see it. They see all kinds of things, but won't touch this
    > one. Registry First Aid finds only a single entry, deletes it, and
    > upon reboot, it's back again. It's not in Startup.
    >
    > I'm hopeful of finding some kind of specific utility to remove this
    > ugly parasite.
    >
    > Regards,
    >
    > Terry Smythe
    >
    >
    >
    >
     
    Locke, May 25, 2005
    #7
  8. Terry Smythe

    Kerry Brown Guest

    "Terry Smythe" <> wrote in message
    news:...
    >I have now verified that my desktop has been hijacked by
    > "desktop.html" It resides in c:\windows I've tried
    > deleting it and editing it, but can't get rid of it. Keeps coming
    > back from somewhere, no matter what I do.
    >
    > It has imbedded within it a command to visit the Antivirus Gold web
    > site. It appears to be extremely malicious marketing, planting 3
    > virus that only it can remove, and itself. Its message is, 'if you
    > want to remove these virus, then buy me'
    >
    > A search for this file on my computer reveals only 1 copy. If I
    > delete it, it is replaced upon reboot. If I edit it, it is replaced
    > upon reboot.
    >
    > A 'net search suggests an incredibly convoluted procedure for getting
    > rid of it. Surely there must be an easier way.
    >
    > Along with SpyBot, AdAware, Microsoft's new parasite detector/remover
    > fails to see it. They see all kinds of things, but won't touch this
    > one. Registry First Aid finds only a single entry, deletes it, and
    > upon reboot, it's back again. It's not in Startup.
    >
    > I'm hopeful of finding some kind of specific utility to remove this
    > ugly parasite.
    >
    > Regards,
    >
    > Terry Smythe
    >


    Go to the following link and download HijackThis.

    http://www.aumha.org/freeware/freeware.php#hjt

    Run it and then post the log it generates to one of the forums dedicated to
    it's use. A good place to start is here:

    http://forum.aumha.org/viewforum.php?f=30

    http://www.techsupportforum.com/forumdisplay.php?f=50

    http://castlecops.com/forumx67-0-50.html

    Don't post the log here. Some malware hides very deep in the system and
    isn't detected by any of the spyware removal programs. Hijackthis and other
    tools will assist in it's manual removal. Barring that you could backup your
    data and reinstall Windows and all your programs then restore the data. If
    you are unable to do either I recommend you take your computer to a
    professional to have it fixed.

    Kerry
     
    Kerry Brown, May 25, 2005
    #8
  9. Terry Smythe

    veliko Guest

    Hello Terry,

    I had the EXACT same problem as you (with ANTIVIRUS GOLD) and solved it
    as detailed below.

    I read the follow-up posts to your original email and it seems that
    some of the responses missed the nail in helping you out (one guy even
    criticized you for installing "off-brand" antivirus... - he missed the
    WHOLE point of your email for help not realizing that you DID NOT
    install ANTIVIRUS GOLD ant that it simply took over your system).

    In any event, I went to antivirus-gold.com customer service and emiled
    a complaint asking how to get rid of this. But of course they never
    responded.

    I WAS able to get rid of it though and mayby this will help you to.

    I'm running under XP Pro.

    In Windows "Help and Support" (accessible via Start button), I clicked
    "Undo changes to your computer with System Restore".

    I then selected "Restore my computer to an earlier time". When the
    calendar came up, I selected an available restore point a few days
    BEFORE the time when this whole problem started, rebooted as requested,
    and it's fine now.

    How it happened: In my case, I let my guard down by stopping both
    McAfee Vscan and McAfee AntiSpyware. I stopped these because I was
    burning DVD's for my business. When the burning completed, I forgot to
    re-arm these guys and went surfing. I hit a site that needed to load a
    CODEC to run the video. I run a film to DVD business and I try to make
    sure I always have all the latest CODECS and so I loaded the new
    "codec" and that's when the problem started. (ok ok, it was a porn site
    ;-)

    I would appreciate you letting me know if this solution help you at
    all.

    Veliko



    Kerry Brown wrote:
    > "Terry Smythe" <> wrote in message
    > news:...
    > >I have now verified that my desktop has been hijacked by
    > > "desktop.html" It resides in c:\windows I've tried
    > > deleting it and editing it, but can't get rid of it. Keeps coming
    > > back from somewhere, no matter what I do.
    > >
    > > It has imbedded within it a command to visit the Antivirus Gold web
    > > site. It appears to be extremely malicious marketing, planting 3
    > > virus that only it can remove, and itself. Its message is, 'if you
    > > want to remove these virus, then buy me'
    > >
    > > A search for this file on my computer reveals only 1 copy. If I
    > > delete it, it is replaced upon reboot. If I edit it, it is replaced
    > > upon reboot.
    > >
    > > A 'net search suggests an incredibly convoluted procedure for getting
    > > rid of it. Surely there must be an easier way.
    > >
    > > Along with SpyBot, AdAware, Microsoft's new parasite detector/remover
    > > fails to see it. They see all kinds of things, but won't touch this
    > > one. Registry First Aid finds only a single entry, deletes it, and
    > > upon reboot, it's back again. It's not in Startup.
    > >
    > > I'm hopeful of finding some kind of specific utility to remove this
    > > ugly parasite.
    > >
    > > Regards,
    > >
    > > Terry Smythe
    > >

    >
    > Go to the following link and download HijackThis.
    >
    > http://www.aumha.org/freeware/freeware.php#hjt
    >
    > Run it and then post the log it generates to one of the forums dedicated to
    > it's use. A good place to start is here:
    >
    > http://forum.aumha.org/viewforum.php?f=30
    >
    > http://www.techsupportforum.com/forumdisplay.php?f=50
    >
    > http://castlecops.com/forumx67-0-50.html
    >
    > Don't post the log here. Some malware hides very deep in the system and
    > isn't detected by any of the spyware removal programs. Hijackthis and other
    > tools will assist in it's manual removal. Barring that you could backup your
    > data and reinstall Windows and all your programs then restore the data. If
    > you are unable to do either I recommend you take your computer to a
    > professional to have it fixed.
    >
    > Kerry
     
    veliko, May 27, 2005
    #9
  10. Terry Smythe

    veliko

    Joined:
    May 27, 2005
    Likes Received:
    0
    ANTIVIRUS GOLD - no longer hijacked

    Hello Terry,

    I had the EXACT same problem as you (with ANTIVIRUS GOLD) and solved it as detailed below.

    I read the follow-up posts to your original email and it seems that some of the responses missed the nail in helping you out (one guy even criticized you for installing "off-brand" antivirus... - he missed the WHOLE point of your email for help not realizing that you DID NOT install ANTIVIRUS GOLD ant that it simply took over your system).

    In any event, I went to antivirus-gold.com customer service and emailed a complaint asking how to get rid of this. But of course they never responded.

    I WAS able to get rid of it though and maybe this will help you to.

    I'm running under XP Pro.

    In Windows "Help and Support" (accessible via Start button), I clicked "Undo changes to your computer with System Restore".

    I then selected "Restore my computer to an earlier time". When the calendar came up, I selected an available restore point a few days BEFORE the time when this whole problem started, rebooted as requested, and it's fine now.

    How it happened: In my case, I let my guard down by stopping both McAfee Vscan and McAfee AntiSpyware. I stopped these because I was burning DVD's for my business. When the burning completed, I forgot to re-arm these guys and went surfing. I hit a site that needed to load a CODEC to run the video. I run a film to DVD business and I try to make sure I always have all the latest CODEC'S and so I loaded the new "codec" and that's when the problem started. (ok ok, it was a porn site ;-)

    I would appreciate you letting me know if this solution help you at all.

    Veliko
     
    veliko, May 27, 2005
    #10
  11. Terry Smythe

    janu

    Joined:
    May 27, 2005
    Likes Received:
    0
    Hi
    Thanks a lot the problem got solved by the system restore. But the program got installed again after some time and now even system restore cant solve the problem.
     
    janu, May 27, 2005
    #11
  12. Terry Smythe

    Olson Guest

    Hi janu,
    just yesterday i stumbled into the same problem. My 13 year old cousin
    caught this proggy but of course... "i didn't do anything".
    Whatever.
    I tried to track down how antivirus-gold kept sticking on the system
    and found that on startup a process called winnook.exe got started.
    That one was responsible for the red X in the taskbar (bottom right)
    telling you that your computer was infected. You can remove that one by
    starting msconfig from the run menu and unchecking it.
    Antivirus-gold was actually found in the software panel and could be
    uninstalled. But after the uninstall process was done it immediately
    started the internet explorer going to it's website. So i checked IE's
    settings and found some IE helper objects (sorry, forgot the name.).
    But the fact that AV gold got re-installed right after that made me
    think that it must have been one of those browser helpers (thank you
    microsoft!). So i de-activated the suspicious ones.
    The website on the desktop can be removed by settings -> system panel
    -> display -> desktop -> customize desktop (dont know if thats the
    correct english term) -> web. There you can remove that website from
    the active desktop.
    After all it did not come back. But of course you never know. Today i'm
    gonna deep check that machine for virii with knoppicillin.
    I hope this will help you.

    regards
    Olson
     
    Olson, May 29, 2005
    #12
  13. Terry Smythe

    Terry Smythe Guest

    On 29 May 2005 04:47:42 -0700, "Olson" <> wrote:

    >just yesterday i stumbled into the same problem.


    My computer, the one that started this thread, is still infected with
    the Anitvirus Gold parasite. I have somehow been successful in
    shutting down the automatic re-install following reboot. Not sure
    what I did right. However, my desktop is still hi-jacked by the
    parasite that masquerades as an ad to buy Antivirus Gold.

    If there was ever a way to turn off a potential customer, the
    Antivirus Gold folks have seen very successful. With this
    aggravation in my face at all times, I'm filled with complete hatred
    for this product.

    Microsoft's AntiSpyware, Spy-Bot, Ad-Aware, TuneUp, SpySweeper,
    CWShredder, Registry First Aid, Norton, etc., all fail to find and
    remove this insidious parasite.

    My desktop is hi-jacked by "desktop.html" which resides in c:\windows.
    I can physically delete the file, remove all traces of it from the
    registry, but instantly upon reboot, it's back again in full control
    of my desktop.

    Symantec does have a page dedicated to this, but it appears to be
    outdated, as their suggested fix does not work. So I gather that
    the folks behind Anitvirus Gold have figured out a way around that
    fix, staying one-step ahead of everybody.

    What these folks are doing amounts to extortion, a criminal offense
    worthy of a formal charge.

    As this parasite has been around for a while, I'm astonished that
    Microsoft has not picked up on it, and added a fix to their
    AntiSpyware.

    If anybody comes up with a permanent fix, they will be a hero in the
    eyes of many.

    Regards,

    Terry Smythe
    Winnipeg, Canada
     
    Terry Smythe, May 30, 2005
    #13
  14. Terry Smythe

    Kerry Brown Guest

    "Terry Smythe" <> wrote in message
    news:...
    > On 29 May 2005 04:47:42 -0700, "Olson" <> wrote:
    >
    >>just yesterday i stumbled into the same problem.

    >
    > My computer, the one that started this thread, is still infected with
    > the Anitvirus Gold parasite. I have somehow been successful in
    > shutting down the automatic re-install following reboot. Not sure
    > what I did right. However, my desktop is still hi-jacked by the
    > parasite that masquerades as an ad to buy Antivirus Gold.
    >
    > If there was ever a way to turn off a potential customer, the
    > Antivirus Gold folks have seen very successful. With this
    > aggravation in my face at all times, I'm filled with complete hatred
    > for this product.
    >
    > Microsoft's AntiSpyware, Spy-Bot, Ad-Aware, TuneUp, SpySweeper,
    > CWShredder, Registry First Aid, Norton, etc., all fail to find and
    > remove this insidious parasite.
    >
    > My desktop is hi-jacked by "desktop.html" which resides in c:\windows.
    > I can physically delete the file, remove all traces of it from the
    > registry, but instantly upon reboot, it's back again in full control
    > of my desktop.
    >
    > Symantec does have a page dedicated to this, but it appears to be
    > outdated, as their suggested fix does not work. So I gather that
    > the folks behind Anitvirus Gold have figured out a way around that
    > fix, staying one-step ahead of everybody.
    >
    > What these folks are doing amounts to extortion, a criminal offense
    > worthy of a formal charge.
    >
    > As this parasite has been around for a while, I'm astonished that
    > Microsoft has not picked up on it, and added a fix to their
    > AntiSpyware.
    >
    > If anybody comes up with a permanent fix, they will be a hero in the
    > eyes of many.
    >
    > Regards,
    >
    > Terry Smythe
    > Winnipeg, Canada
    >
    >


    Did you download and run HijackThis then post your log to the recommended
    forums?

    Kerry
     
    Kerry Brown, May 30, 2005
    #14
  15. Terry Smythe

    janu

    Joined:
    May 27, 2005
    Likes Received:
    0
    Hi Olson,

    I did what u told to do and the desktop has been cleaned but the program did install again so i did what u told me again but after that i also deleted the folder in the Program Files Folder . The only thing is that the entry in the msconfig still remains and is disactivated.

    When it install i checked the msconfig and i had 2 entries 1 disactivated and one active but when i disactivated the other one too, i have only 1 entry.

    Hope it doesnt bother again. If it happens again will have to find the culprut file.

    Thanks for your help.
    Janu
     
    janu, May 30, 2005
    #15
  16. Terry Smythe

    janu

    Joined:
    May 27, 2005
    Likes Received:
    0
    Hi
    I have noticed another thing it keeps installing in the Favorites links which i have deleted like a 100 times now but wouldnt go away i restart explorer and it installs even installs if you open a new window.

    Dont know when i will get rid of this stupid thing.

    I have even removed the registry of winnook.exe.
    also removed files frm prefetch folder so there are no backups to the files.

    Without luck.
    Hope a good solution to this problem comes fast i am loosing my mind.

    Take care
     
    janu, May 31, 2005
    #16
  17. Terry Smythe

    Kerry Brown Guest

    "janu" <janu.1pvhom@> wrote in message
    news:...
    >
    > Hi
    > I have noticed another thing it keeps installing in the Favorites links
    > which i have deleted like a 100 times now but wouldnt go away i restart
    > explorer and it installs even installs if you open a new window.
    >
    > Dont know when i will get rid of this stupid thing.
    >
    > I have even removed the registry of winnook.exe.
    > also removed files frm prefetch folder so there are no backups to the
    > files.
    >
    > Without luck.
    > Hope a good solution to this problem comes fast i am loosing my mind.
    >
    > Take care
    >
    >
    > --
    > januPosted from http://www.pcreview.co.uk/ newsgroup access
    >


    I know I'm harping on this but have either you or Terry Smythe tried
    HijackThis? When all other programs fail HijackThis will usually get to the
    root of the problem. It is a program for advanced users so do not use it
    blindly. Read the FAQ at the following link then follow the instructions you
    find there.

    http://forums.spywareinfo.com/

    Kerry
     
    Kerry Brown, May 31, 2005
    #17
  18. Terry Smythe

    e[x]!t

    Joined:
    Jun 1, 2005
    Likes Received:
    0
    I had the same EXACT problem...Sunday i went to a soccer game came home finding out that my sister used my computer and this software installed itself...HOWEVER there is a way to remove that backround...It is just an oversized window, so if you get it look at the top of ur screen and you see a grey bar or some kind or line and drag down and it just moves the window down and you simply close the X....My problem is that after i uninstall the little icon saying my computer is infected still stays in my toolbar. Now this was the other day Sunday, and i restored my computer to last Friday. This worked however, today the program reinstalled itself and i did not use internet explorer. I have firefox. Along with this program installing itself again some other junk instaled on my computer and i got 5 new icons on my desktop in total. I did a system restore and not more then 5 minutes after the restore the AVG software installed itself again. I contacted the company...of course no reply. I tried deleting the files under "regedit" from the Run command and one file for this program was ad efault and could not be deleted. But i guess im just gonna try to restore my computer to a few weeks ago and see if that helps.
     
    e[x]!t, Jun 1, 2005
    #18
  19. Terry Smythe

    CGKBA

    Joined:
    Jun 1, 2005
    Likes Received:
    0
    This work to get it of Antivirus Gold

    Run Hijackthis and place a check beside each of the following. Once you have checked them, click fix checked.
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aflashcounter.com/?a=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://aflashcounter.com/?a=2

    Download noact reg to desktop: http://home9.inet.tele.dk/le01/Sikkerhed.htm
    Doubleclick on it, say yes to merge.

    Reboot, post new log and tell how things are running
     
    CGKBA, Jun 2, 2005
    #19
  20. Terry Smythe

    gregp86

    Joined:
    Jun 2, 2005
    Likes Received:
    0
    How I beat Antivirus-gold

    I finally got rid of the desktop danger thing, the redirects and everything those dirtbags at Antivirus Gold threw at me. I did it by using the free scans from SpywareNuker (aka pcOrion) and Xoftspy. I did the Nuker first and printed out the results from my scan, then found and deleted the cookies and files where it told me to find them on my C:/ When I had a .exe or .dll file I couldn't get to I deleted them in safe mode. Then I went into the regedit thing and did the same thing on my registry. All together Nuker found 22 nasties for me to delete. After that I still had the black screen up and the red X on my task bar so I used the Xoftspy scan and it dug up another list. I pretty much followed the locations it gave me and I got rid of everything else except the black desktop screen became white and I couldn't get rid of it. I Dogpiled AVGold and found yall on this string and I want to thank e[x]!t for his help. He's right, I just clicked and dragged the top of that window down, found the X in the upper right corner and its gone!

    I just registered on this site to thank you all for the advice I got reading the posts and wanted to share how I got over on AVGold. I'm pretty much a complete computer neophyte and I think my total ignorance allowed me to mess with my registry without a second thought and I just got lucky picking a couple of scans that happened to work out. But hey it worked for me, and if anybody knows how to trash AntiVirus Gold I'll be happy to hold the door open. Thanks for your help.
     
    Last edited: Jun 2, 2005
    gregp86, Jun 2, 2005
    #20
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. TPN
    Replies:
    3
    Views:
    520
    Wesley VogelX
    Oct 21, 2003
  2. Kim

    Windows XP Gold???

    Kim, Oct 30, 2003, in forum: Windows XP Help
    Replies:
    6
    Views:
    732
    Mike Brannigan [MSFT]
    Oct 30, 2003
  3. Graham

    Hijacked registry keys

    Graham, Nov 1, 2003, in forum: Windows XP Help
    Replies:
    1
    Views:
    564
    Rick \Nutcase\ Rogers
    Nov 1, 2003
  4. Mike J
    Replies:
    0
    Views:
    588
    Mike J
    Nov 15, 2003
  5. Guest

    B.H.A. Gold 5 (cd burner software) Problems

    Guest, May 4, 2004, in forum: Windows XP Help
    Replies:
    1
    Views:
    475
    Guest
    May 4, 2004
  6. Jim Lazzaro

    How much weight in gold can be recovered from a CPU?

    Jim Lazzaro, May 5, 2004, in forum: Windows XP Help
    Replies:
    2
    Views:
    2,013
    Jim Lazzaro
    May 6, 2004
  7. Terry Smythe

    Still Hi-Jacked by Anti-Virus Gold

    Terry Smythe, Jun 15, 2005, in forum: Windows XP Help
    Replies:
    4
    Views:
    400
    Guest
    Jun 15, 2005
  8. Guest
    Replies:
    0
    Views:
    255
    Guest
    Jul 27, 2006
Loading...