Jump to content
jedispork

Problems removing rogue AntiVirus2008

Recommended Posts

hello everyone. I was tired of having to visit relatives and do spyware scans all the time so I bought 4 keys for SaS as gifts for them (actually more so for myself to save me time). I also install avira on any computer I have to mess with.

Only a few days later my Dad calls me up and asks whats this software that keeps popping up telling him he has to buy because he has all this spyware. I am baffled after just installing SaS pro and making sure everything on the pc is up to date. It was some xp antivirus 2008 variant. He went through a SaS scan and removed whatever showed up.

I decided to go over and check it out for myself and again come up clean under a quick scan with SaS. I'm thinking this is great but I also did a scan with malwarebytes for good measure. I come up with 9 items that appear to be left overs from this annoying spyware. After reboot there are still a few items showing up in malwarebytes that seem to re-create themselves when the computer is restarted.

A few other times I have went to mess with a computer and the spyware/virus is always detected by the scanner but just recreates itself. I just end up reformatting. This time I tried a system restore to a earlier date and did another scan with malwarebytes. There was still one item, zango?zongo? or something like that but after reboot I seem to now get clean scans.

Is this a common problem that anti-spyware applications have trouble removing programs that re-create their selves? At least with malwarebytes it detected the left overs problem where as SaS came up clean. I also read a few posts that say disabling system restore before you do a scan can help remove these kinds of files. Is there any truth to that?

I'm starting to wonder if I wasted my money buying the pro version. This is not intended to be a post bragging up malwarebytes because it didn't really do its job either. I am now setting up firefox with adblock plus for everyone. I subscribe to the easy list and malware domains.

thanks for any advice you can give

Share this post


Link to post
Share on other sites

Hi.

If you can post the MB scan log, we can check if the files detected are only benign traces (remants). If the AntiVirus2008 popup no longer shows up, then I suspect the latter.

In regards to System Restore, about a year ago I posted on another forum in which some nasty malware kept re-creating itself until I disabled System Restore. Since then, I've noticed on a few forums that some are requesting such. Anyway, I now always disable SR before a disinfection.

Share this post


Link to post
Share on other sites

Unfortunately I didn't save the log when I was there working on it. I'm not even sure the log is still there since I've already used system restore. The problem did seem to go away after SaS did its thing. I was just concerned about the left over files and I think there were registry entries that were not detected by SaS.

I think it was the same thing talked about here

viewtopic.php?f=2&t=2260

The pc is clean now and I wish I would of known about turning off system restore before the scan to see if that worked. This is something that should be mentioned in the SaS documentation if it actually works. I know you guys can't tell whats going on without a log so I will post back if I find one.

I was just wondering if anyone else had success with SaS removing one of these Rogue AntiVirus programs? I also worked on a computer a while back that had some kind of Vundo virus. It would just replicate itself when the computer rebooted. I tried SaS and Avira and still ended up reformatting. This was 6-12 months ago.

I'm sure the programmers must know about these replicating files but I just want to know if anything can be done about them. Is it something that requires a little more research or do they need a completely different approach? What about a bootable disc that could clean your system without even loading windows?

I truly thank the authors of these programs for giving us a way to fight all the bs spyware on the internet even if they don't always work perfect.

Share this post


Link to post
Share on other sites
hello everyone. I was tired of having to visit relatives and do spyware scans all the time so I bought 4 keys for SaS as gifts for them (actually more so for myself to save me time). I also install avira on any computer I have to mess with.

Only a few days later my Dad calls me up and asks whats this software that keeps popping up telling him he has to buy because he has all this spyware. I am baffled after just installing SaS pro and making sure everything on the pc is up to date. It was some xp antivirus 2008 variant. He went through a SaS scan and removed whatever showed up.

I decided to go over and check it out for myself and again come up clean under a quick scan with SaS. I'm thinking this is great but I also did a scan with malwarebytes for good measure. I come up with 9 items that appear to be left overs from this annoying spyware. After reboot there are still a few items showing up in malwarebytes that seem to re-create themselves when the computer is restarted.

A few other times I have went to mess with a computer and the spyware/virus is always detected by the scanner but just recreates itself. I just end up reformatting. This time I tried a system restore to a earlier date and did another scan with malwarebytes. There was still one item, zango?zongo? or something like that but after reboot I seem to now get clean scans.

Is this a common problem that anti-spyware applications have trouble removing programs that re-create their selves? At least with malwarebytes it detected the left overs problem where as SaS came up clean. I also read a few posts that say disabling system restore before you do a scan can help remove these kinds of files. Is there any truth to that?

I'm starting to wonder if I wasted my money buying the pro version. This is not intended to be a post bragging up malwarebytes because it didn't really do its job either. I am now setting up firefox with adblock plus for everyone. I subscribe to the easy list and malware domains.

thanks for any advice you can give

What version of SAS and our definitions were you scanning with? You should always do a complete scan if you know you are infected. As for as MalwareBytes, they flag lots of traces, we focus on the heart of the infection. Both great complimentary products to each other.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...