# Antivirus Live -- Nastiest Virus I've ever seen



## CrusaderFrank (Jan 27, 2010)

My sons computer got the "Antivirus Live" attack and I've never seen anything like it. 

It blew through McAfee, Windows Defender and took out Task Manager (so I cant stop it as a process) regedit (so I can't stop it) and System Restore (so I can't...well you get the idea)

I have to take it to the professional propeller heads.

My son claims it came in on a flash drive, a brand new one.  We'll see.


----------



## Ravi (Jan 27, 2010)

Remove Antivirus Live, removal instructions


----------



## CrusaderFrank (Jan 27, 2010)

Ravi said:


> Remove Antivirus Live, removal instructions



That's where I started and could not figure out this part:

4. Now download renamed Process Explorer (explorer.com) and terminate Antivirus Live processes. Should be [random]sysguard.exe, for example: wmcqsysguard.exe.


----------



## Cold Fusion38 (Jan 27, 2010)

CrusaderFrank said:


> My sons computer got the "Antivirus Live" attack and I've never seen anything like it.
> 
> It blew through McAfee, Windows Defender and took out Task Manager (so I cant stop it as a process) regedit (so I can't stop it) and System Restore (so I can't...well you get the idea)
> 
> ...






STDs suck don't they?


----------



## Ravi (Jan 27, 2010)

CrusaderFrank said:


> Ravi said:
> 
> 
> > Remove Antivirus Live, removal instructions
> ...


You should be able to click on the embedded link and get the proper program.

But maybe these directions will work better for you.

Remove Antivirus Live (Uninstall Guide)

My daughter's computer got this last year and it took a bit of work to get rid of it.


----------



## xsited1 (Jan 27, 2010)

CrusaderFrank said:


> My sons computer got the "Antivirus Live" attack and I've never seen anything like it.
> 
> It blew through McAfee, Windows Defender and took out Task Manager (so I cant stop it as a process) regedit (so I can't stop it) and System Restore (so I can't...well you get the idea)
> 
> ...



My son just got a similar virus/spyware/maleware on his computer.  It took 3 days to completely remove it.  Not only did it do the usual browser redirects, but it would not allow any antispyware programs from running.  I had to use Combofix along with the other usual programs like Spybot-S&D, Malwarebytes, SUPERAntiSpyware, etc..  In some cases, I had to change the name of the executable of the antispyware program to get it to run.  The people who write this stuff that infects people's computers should be shot.

Let me know if you need any assistance.


----------



## jillian (Jan 27, 2010)

you can also try malawarebytes. run it twice if it doesn't get it the first time. 

ah... X mentioned it already.


----------



## uscitizen (Jan 27, 2010)

Why shot?  They are just capitalists creating a market for anti virus software.


----------



## CrusaderFrank (Jan 27, 2010)

uscitizen said:


> Why shot?  They are just capitalists creating a market for anti virus software.



Sounds like the Mafia telling you "You need to pay us for protection"


----------



## uscitizen (Jan 27, 2010)

CrusaderFrank said:


> uscitizen said:
> 
> 
> > Why shot?  They are just capitalists creating a market for anti virus software.
> ...



It does doesn't it?

but the fact remains.

Crime always produces legetimate profits for someone.


----------



## Xenophon (Jan 27, 2010)

xsited1 said:


> CrusaderFrank said:
> 
> 
> > My sons computer got the "Antivirus Live" attack and I've never seen anything like it.
> ...



They certainly should be shot, those fuckheads ruined my last PC.


----------



## Baruch Menachem (Jan 27, 2010)

My son's machine got that.  It is now a doorstop, as nothing else will go.

One of the advantages of a Mac.  I have yet to see a virus on any of my mac machines.  I had to take my vista machine and have them pull the hard drive and do a fresh install it was so virus ridden.  

My son does lots of chat, so it must have come through there.


----------



## Modbert (Jan 27, 2010)

Happened to my school's computers last year because they had no real firewall and people were bringing in viruses through the flashdrive by accident. Killed the whole system for a couple months.

Protip: Don't use a flash drive on computers you're not 100% sure about.


----------



## xotoxi (Jan 27, 2010)

CrusaderFrank said:


> Antivirus Live -- Nastiest Virus I've ever seen


 
Then you haven't seen Ebola.


----------



## sarahgop (Feb 14, 2010)

that  happened to me last  week but  i was  able to restore  to a  past  date  and  it seems to have sloved the  problem.


----------



## sarahgop (Feb 14, 2010)

i was  able  to go into the antivirus  live  program and  it  had  check marked to run automaticlly everytime  i logged  into IE. it  would stop IE from running alltogether  everytime  i started the  comp. the  check marked areas were grayed  out  so i couldnt  change them. i then went  and did a system restore to feb 03 and  it seems  to be  gone.


----------



## Liability (Feb 14, 2010)

I got it this past week.

I got REALLY screwed over by it, but did manage to knock it out for the most part.  As Jillian noted, the fix came from Malwarebyte's anti-malware program, required that the computer be re-opened in safe mode with networking option and ALSO required that IN that mode I run a program called *rkill.com.*

A company known (I do not kid you) as: *bleepingcomputer.com* is the place to go to get the stuff.  I printed the 8 pages of the fix to have it all handy as I worked the fix.

It involves a set of rather lengthy SCANS.  Took a couple of hours to get the job done once I figured out all the gobbledygook.

I still have residual problems on the computer, at this point, but those can be addressed separately.  The malware is gone, though!

While the shit was running (trying to get me to buy the "protection racket" bullshit program known as "Antivirus Soft") it also repeatedly opened my browser to some porn web site and a site that sells Viagra.  Seriously.  A nasty malware indeed.  But it's out of my operating system now.


----------



## Ringel05 (Feb 14, 2010)

xsited1 said:


> CrusaderFrank said:
> 
> 
> > My sons computer got the "Antivirus Live" attack and I've never seen anything like it.
> ...



Shot, no, handed over to some Apache Indians who still practice to old "techniques", yes.  Broadcast it live over internet.


----------



## PixieStix (Feb 14, 2010)

download and run this, I had that not too long ago. 

Malwarebytes' Anti-Malware Free Download and Reviews - Fileforum


----------



## Bezukhov (Feb 14, 2010)

Liability said:


> I got it this past week.
> A company known (I do not kid you) as: *bleepingcomputer.com* is the place to go to get the stuff. I printed the 8 pages of the fix to have it all handy as I worked the fix.


Bleeping computer rocks. 
Bleeping Computer - Computer Help and Discussion


----------



## RadiomanATL (Feb 14, 2010)

> Nastiest Virus I've ever seen



Except for the one your mom gave me!

lol

I know, I know....no family. I'll go sit in the corner now.


----------



## Modbert (Feb 14, 2010)

Wait, it's 2010 and some people still use internet explorer?


----------



## PixieStix (Feb 14, 2010)

READ & RUN ME FIRST. Malware Removal Guide - MajorGeeks Support Forums


----------



## Liability (Feb 14, 2010)

Dogbert said:


> Wait, it's 2010 and some people still use internet explorer?



I happen to have pretty good anti-virus and security suite stuff, but this nasty malicious malware crap got past my defenses.

On the other hand, I also have a Mozilla Firefox browser which did NOT get hit, so I was able to use THAT browser (despite the stuff that kept otherwise impeding my OS) to get to the web-sites where I found the cure, and I could do the downloads (especially after going into safe-mode-with-networking).

I would recommend that EVERYONE have at least one good functioning *alternative* browser available on each computer.


----------



## Modbert (Feb 14, 2010)

Liability said:


> I happen to have pretty good anti-virus and security suite stuff, but this nasty malicious malware crap got past my defenses.
> 
> On the other hand, I also have a Mozilla Firefox browser which did NOT get hit, so I was able to use THAT browser (despite the stuff that kept otherwise impeding my OS) to get to the web-sites where I found the cure, and I could do the downloads (especially after going into safe-mode-with-networking).
> 
> I would recommend that EVERYONE have at least one good functioning *alternative* browser available on each computer.



I disowned IE a long time ago. I use Firefox on my desktop and Safari on my Mac.

Just recently, European Governments such as France and Germany came out against IE saying they were a security risk to people's computers.


----------



## RadiomanATL (Feb 14, 2010)

Firefox is my main browser. I also have chrome (had to see what the buzz was about, but don't really use it) and I also still have IE (but never used, other than to go and download FF and Chrome).


----------



## sarahgop (Feb 14, 2010)

yea, the virus  didnt  effect firefox. after  i did  a restore  i did  a  virus/spyware scan and  it  found 4 viruses which were removed. my comp is running  much better.


----------



## blu (Feb 15, 2010)

I think computer virus infections should count as eletronic darwin awards. anyone dumb enough to get hit by a virus deserves it


----------



## Xenophon (Feb 15, 2010)

blu said:


> I think computer virus infections should count as eletronic darwin awards. anyone dumb enough to get hit by a virus deserves it


It appears you just won a eletronic darwin award for one of the truely stupid things I have seen anyone post.

Most virus come in secretly, nobody 'allows' them and they quite often find ways around security.


----------



## L.K.Eder (Feb 15, 2010)

blu said:


> I think computer virus infections should count as eletronic darwin awards. anyone dumb enough to get hit by a virus deserves it



HEY! there *could* be naked pics of maria sharapova in the attachment of the email sent by jesus.stud@yahoo.br


----------



## Sarah G (Feb 15, 2010)

Ravi said:


> Remove Antivirus Live, removal instructions



Yeah, this popped up on my screen twice yesterday and I denied their request to scan, used my McAfee updated.  It came back with clean results so it is a scam.


----------



## editec (Feb 15, 2010)

I had one of those horrible malwar viruses a year or so ago.

Never did figure out how I got it.

Like some of you it blew past my antivirus software and took over the box.

Nasty stuff, that.


----------



## CrusaderFrank (Feb 15, 2010)

I downloaded Malware and followed the instructions but was unable to remove the program.  

I brought it to the local tech store and they were able to save most of my son's files and wipe and replace the hard drive.

That's life.

He bought himself a 500G external hard drive because the House music his DJ friends sent him was irreplaceable. He also bought a new lap top and runs Linux on it. He's way smarter than I am.


----------



## Xenophon (Feb 15, 2010)

editec said:


> I had one of those horrible malwar viruses a year or so ago.
> 
> Never did figure out how I got it.
> 
> ...


I had an atytempt yesterday when I was looking at the VH1 website, updated Norton caught it.


----------



## blu (Feb 15, 2010)

Xenophon said:


> blu said:
> 
> 
> > I think computer virus infections should count as eletronic darwin awards. anyone dumb enough to get hit by a virus deserves it
> ...



you have to perform actions that allow them to execute. whether they are silent or not after that is irrelevant.


----------



## Ringel05 (Feb 15, 2010)

blu said:


> Xenophon said:
> 
> 
> > blu said:
> ...



You mean like searching on the internet, opening e-mail from a "trusted source" or plugging in a new memory stick, etc..................


----------



## blu (Feb 15, 2010)

Ringel05 said:


> blu said:
> 
> 
> > Xenophon said:
> ...



you can search safely, its easy to look at headers to see if an email is spoofed, and you should zero then format any new memory stick you get and in case you have to plug in other people you should have auto run & u3 disabled so none of the files execute on plug in. I haven't used anti virus in years and never had an issue


----------



## Ringel05 (Feb 15, 2010)

blu said:


> Ringel05 said:
> 
> 
> > blu said:
> ...



*Blank stare*  You just don't get it, do ya.  Did have a dose of rdean for breakfast?
(BTW I know what you are talking about.  Clue: How many others know?  Hint, hint.)


----------



## Mr.Fitnah (Feb 15, 2010)

Stopzilla rulez


----------



## PixieStix (Feb 15, 2010)

editec said:


> I had one of those horrible malwar viruses a year or so ago.
> 
> Never did figure out how I got it.
> 
> ...



I had one that pretended to be my antivirus


----------



## Xenophon (Feb 16, 2010)

blu said:


> Xenophon said:
> 
> 
> > blu said:
> ...


Wrong again, but at least you are consistant.

You don't have to do anything but click on the wrong web site.

You should really learn about this internet thingy before commenting on it.


----------



## blu (Feb 16, 2010)

Xenophon said:


> blu said:
> 
> 
> > Xenophon said:
> ...



"clicking on the wrong website" == "allow them to execute". you really do not know what you are talking about


----------



## SpidermanTuba (Feb 16, 2010)

Baruch Menachem said:


> My son's machine got that.  It is now a doorstop, as nothing else will go.
> 
> One of the advantages of a Mac.  I have yet to see a virus on any of my mac machines.  I had to take my vista machine and have them pull the hard drive and do a fresh install it was so virus ridden.
> 
> My son does lots of chat, so it must have come through there.



I've run Linux for years and NEVER had a virus or worm or anything of the sort. It amuses me that people continue to voluntarily use Windows


----------



## blu (Feb 16, 2010)

SpidermanTuba said:


> Baruch Menachem said:
> 
> 
> > My son's machine got that.  It is now a doorstop, as nothing else will go.
> ...



i use both and as stated before haven't got a virus on any of my windows installs without running any AV


----------



## Toronado3800 (Feb 16, 2010)

Baruch Menachem said:


> My son's machine got that.  It is now a doorstop, as nothing else will go.
> 
> One of the advantages of a Mac.  I have yet to see a virus on any of my mac machines.  I had to take my vista machine and have them pull the hard drive and do a fresh install it was so virus ridden.
> 
> My son does lots of chat, so it must have come through there.



Because no one bothers to create virus's for such a small percentage of computers.


----------



## Xenophon (Feb 16, 2010)

blu said:


> Xenophon said:
> 
> 
> > blu said:
> ...


No imbecile, tis YOU who hasn't a clue.


----------



## Douger (Feb 16, 2010)

Anyone dumb enough to run Winbloze deserves it.


----------



## blu (Feb 16, 2010)

Xenophon said:


> blu said:
> 
> 
> > Xenophon said:
> ...



so you are telling me that you don't have to click a link and allow it to load some sort of content whose renderer/parser/interperter has a vulnerability in order to allow a 3rd party to run native code on your system? how many browser exploits have you written again? how many exploits and viruses have you reverse engineered? I really think you are out of your league


----------



## Xenophon (Feb 16, 2010)

blu said:


> Xenophon said:
> 
> 
> > blu said:
> ...


Its pretty clear you have no idea what you are talking about.

You really should just stop posting in this thread lest you continue to prove how monumenmtaly fucking stupid you are.

Many virus and trojan programs enter PCs through web browsers, you don't have to do a thing but click on the wrong web site, but you are too fucking thick to understand this, you keep thinking this is 15 years ago when you ahd to click on an executiuon file to get one.

Get with the times, you are an embarrisment.


----------



## blu (Feb 16, 2010)

Xenophon said:


> blu said:
> 
> 
> > Xenophon said:
> ...



you have to be kidding me. when you click on a LINK, CODE runs whether its its the browser's html parser, javascript interpreter, 3rd party flash player, 3rd party java virtual machine, etc. these peices of code are VULNERABLE to system level vulnerabilities allowing NATIVE MACHINE CODE TO RUN when exploited. so by clicking on a link you don't trust, you are trusting that site not to contain a payload that will exploit your browser to run native machine code with the privledges of the person using the browser. once that code is loaded they have full control of your machine. you seriously have 0 clue what you are talking about. I do this for a living both writing exploits for browsers and other apps as proof of concepts or reverse engineering the exploits used by attackers and the malware they place on the system. if you really think code isn't running when you visit a page you are retarded


----------



## Xenophon (Feb 16, 2010)

blu said:


> Xenophon said:
> 
> 
> > blu said:
> ...


Asshole, get it through your head, it happens all over the net, on all kinds of sites, and it is not the 'fault' of the users, they did nothing wrong.

Your attempt to play yourself off as a super genius fails because you are too damn silly to understand this, which is ironic as you claimed people that get attacked somehow deserve darwin awards, whereas you are a primo candidate for one.


----------



## blu (Feb 16, 2010)

Xenophon said:


> blu said:
> 
> 
> > Xenophon said:
> ...



they did something wrong. they visited a url that was untrusted / unknown


----------



## Xenophon (Feb 16, 2010)

blu said:


> they did something wrong. they visited a url that was untrusted / unknown


Wrong again, but at least you are consistant.

As I already mentioned, I got attcked on the VH 1 site, that millions of people use.

Stop trying to wiggle out from your rediculous premise, and just admit you were wrong.


----------



## blu (Feb 16, 2010)

Xenophon said:


> blu said:
> 
> 
> > they did something wrong. they visited a url that was untrusted / unknown
> ...



was this through the main site or an ad? and were you running an ad blocker, if not then you let your browser visit an untrusted site, which again is your fault.


----------



## L.K.Eder (Feb 16, 2010)

blu said:


> Xenophon said:
> 
> 
> > blu said:
> ...



it is also the personal responsibility of the user to keep software up-to-date. and to choose software which is not a total swiss-cheese.

the user is the problem.


----------

