Over 1 million tech questions and answers.

Antivirus Action leads to non-stop BSOD

Q: Antivirus Action leads to non-stop BSOD

Hello everyone (and Happy Thanksgiving!),Two days ago, I got the antivirus action virus; I followed the steps on this site to remove it via malwarebytes--and successfully did. Woke up today, however, and the computer began acting strange--Java started all of the sudden (Since this was when Antivirus Action initially started, I rushed to end the process, but no use), then I instantly began running malwarebytes again. It discovered three infected files; two fake alert definitions, and one other trojan (really hitting myself in the head for not writing down exact names). Malwarebytes was running extremely slow for some reason, and my computer was behaving radically. I'm running XP Home - SP3, and the screen froze for a second, and then went to the classic 98 or older era windows template--then went back. Then it did it again a half hour later and remained in that state. Before I started scanning with malwarebytes, I received a Win32 HOST process failure notification (where it asks to choose to send error info to Microsoft or not). After Malwarebytes finished scanning, it said it needed to reboot to delete certain files. So I did.Here is where I ran into the BSOD. I chose safe mode, with/without networking, last known configuration, and boot normally--to no avail. I disabled automatic restart on error, and the BSOD posted: *** STOP: 0x0000007B (0xB84C7524, 0xC0000034, 0x00000000, 0x00000000)Also, when booting in Safe Mode, the system hangs on "MDFSYSNT.sys." A quick google search uncovers that this is some windows process to be able to read Mac files/formats? My computer only has NTFS partitions and a Windows installation. I do have a FAT32 iPod Shuffle and USB docking station...?Furthermore, after MDFSYSNT.sys is listed, the bottom of the screen posts, "Press ESC to cancel loading SPTD.sys," then shortly after crashes. If I press Esc, nothing happens. I'm running a futile chkdsk through the XP disk recovery console.[edit]: CHKDSK /p finished, merely saying "CHKDSK found one or more errors on the volume." with a bunch of generic memory size information. No indication of what or where the errors are, and if they were fixed.[edit]: I now understand that /f needs to be used; but this may take some time--and is it the root of my issue.[edit]: After discovering this user's issue and results, I decided to start running a chkdsk /r in the recovery console. Will edit back with resultsThe number one priority is getting to my data and transferring it to a safe HDD; then I plan on performing a reformat anyway.[edit]: I performed an XP repair installation off of the boot disk, but no luck; it takes a little longer for the XP loading screen to crash than before, and safe mode crashes at the same .sys file, only without SPTD.sys notification at the bottom.What are my other options, here?Thank you,-Jake

RELEVANCY SCORE 200
Preferred Solution: Antivirus Action leads to non-stop BSOD

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

A: Antivirus Action leads to non-stop BSOD

The number one priority is getting to my data and transferring it to a safe HDD; then I plan on performing a reformat anyway.What are my other options, here?There are two options here:"getting to my data and transferring it to a safe HDD; then I plan on performing a reformat"getting the system cleaned up and running againThe first option is likely to be quicker.Let us know which one you intend to pursue and whether you would like any help.

Read other 9 answers
RELEVANCY SCORE 63.6

By creating a bootable disk, that loads in RAM. You then boot from that disk and can access all files.Would you be willing to help me do the disk option? I would prefer to try and keep the system I have without having to reinstall windows. I had the antivirus action and tried to remove it in safemode with malwarebytes. rebooted and have got blue screen of death ever since. It is my dads computer so I need to get it fixed.

A:Removed antivirus action now BSOD on boot

Hello, first lets have a look at the BSOD.We Need to Diagnose Your BlueScreenWhen you boot your machine, press F8 to list the startup options, exactly as you would if you were trying to enter Safe ModeSelect "Disable Automatic Restart on System Failure", as shown here:
When your system BSODs, write down the STOP error code, as well as any written out error message back here. The STOP error will always appear, but the message may not. You are looking for this:
Please post me the error(s).

Read other 1 answers
RELEVANCY SCORE 61.6

Hello! Part 1: After the latest drivers update (Wacom develops driver for Lenovo Active Pen 2), the long press of the top side button leads to activation of screenshot event (kind of Snip and Sketch). It interrupts any drawing activity. For example, Sketchable application has a color picking assigned to this button, which is interrupted by screenshot triggering. Note: There are 2 side buttons on the Active Pen 2, and the top side button leads to the issue. It's not about usual top button at the end of the pen, and it's not about long tap of the pen itself (that "issues" were found in a huge amounts in the internet). I found that 1. Working driver version: Lenovo Pen Service (Wacom provider) 7.5.1.21, 2. not working: 7.6.1.29.Now, community, I ask you how and where to report the driver issue? Part 2: I reported the issue to Wacom support. Wacom supports stopped support me when they realized that I have Lenovo Active Pen 2, so you can see "Lenovo" there, not Wacom, that's why it's not Wacom's problem. Not really clear situation, because drivers has been downloaded from Wacom site and developed by Wacom. Ok, then I went to Lenovo support. I managed to communicate to USA Lenovo support, and they redirected me to my local Lenovo representatives (not USA) because of the laptop warranty location. How the laptop warranty is linked to Wacom driver bug? After that destructive finger pointing, I came here. Perhaps, could you suggest... Read more

Read other answers
RELEVANCY SCORE 60.4

Hello! Chapter 1: After the latest drivers update (Wacom develops driver for Lenovo Active Pen 2), the long press of the top side button leads to activation of screenshot event (kind of Snip and Sketch). It interrupts any drawing activity. For example, Sketchable application has a color picking assigned to this button, which is interrupted by screenshot triggering. Note: There are 2 side buttons on the Active Pen 2, and the top side button leads to the issue. It's not about usual top button at the end of the pen, and it's not about long tap of the pen itself (that "issues" were found in a huge amounts in the internet). I found that 1. Working driver version: Lenovo Pen Service (Wacom provider) 7.5.1.21, 2. not working: 7.6.1.29.Now, community, I ask you how and where to report the driver issue? Chapter 2: I reported the issue to Wacom support. Wacom denied to support me after they realized that I have Lenovo Active Pen 2, so you can see "Lenovo" in the title, not Wacom, that's why it's not a Wacom's problem. Not really clear situation, after all drivers have been downloaded from Wacom site and they are developed by Wacom. Then I went to Lenovo support. I managed to communicate to USA Lenovo support, and they redirected me to my local Lenovo representatives (not USA ones) because of the laptop warranty location. How the laptop warranty is linked to Wacom driver bug? After that destructive finger pointing, I came here. Perh... Read more

Read other answers
RELEVANCY SCORE 55.6

Gentlebeings:

My HP portable running Vista Home Premium was infected by Security Shield. As I was trying to exit all my open windows, I got a blue screen with stop 0xc000021a.

I would gather the information you requested, but the system won't boot to Safe Mode with Networking, or even to plain old Safe Mode.

I have a bootable Vista Home Premium CD, and have, in fact, booted to it. I am currently on the Install Windows screen. Should I try a system repair (to deal with the stop code) before I attempt to remove Security Shield using the given instructions? Or would another course of action be best?

Thank you all in advance for your kind support and generous patience!

Rose

A:Security Shield Infection Leads To Stop 0xc000021a

Welcome to the forum, Rose in RoseBear!Let's see if we can get a hold of the infected computer...You will need a USB flash/pen drive and access to a clean computer for the procedure outlined below.Also, you may want to print these instructions for easier access to them.Now, if the system is 64-bit, download Farbar Recovery Scan Tool x64 Save the program to the >> USB flash/pen drive.For 32- bit systems download Farbar Recovery Scan Tool.Save the program to the >> USB flash drive.Next, plug the flash drive into the infected computer.To enter System Recovery Options using the Windows Vista Installation Disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Choose your language settings, and then click: NextSelect the Operating System you want to repair, and then click: NextSelect your user account and click: NextOn the System Recovery Options menu you get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolScan your computer's memory for errors.Command Prompt[*]Select Command Prompt[*]In the Command window, at the bliking cursor type notepad and press: Enter[*]In Notepad, under the File menu select: Open[*]Double-click Computer, find the flash drive letter, remember what letter it is, click on it, and press: Open[*]C... Read more

Read other 5 answers
RELEVANCY SCORE 55.2

Running:

ESET NOD32 V4
MalwareBytes
SuperAntiSpyware
CC Cleaner

Recent Incidents:

C:/progamdata/privacy.exe
C:/windows/System32/consrv.dll
C:/windows/sysWOW64/ping.exe
Last Notes:

Windows Defender has gone missing.
Windows Firewall has gone disabled and cannot be started/restarted
Getting many redirects in IE and Firefox
ping.exe in processes hogging memory (not sure if ping.exe is even supposed to be on my pc)
An address continually being blocked by ESET NOD32
Also wish I could get rid of error associated with missing Aspi32 file (been a problem for ages).

Last attempt at cleaning was with MSE which found one virus (cannot remember the name) and deleted. After subsequent restart, began getting BS STOP: c0000135 {Unable To Locate Component} consrv not found.

Following other posts, I've attached the FRST log for your consideration.

Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.2.9
Ran by SYSTEM at 2011-11-18 19:43:50
Running from H:\
Windows Vista ™ Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL [x]
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2839840 2010-03-24] (ESET)
HKLM\...\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvra... Read more

A:Virus Removel leads to Stop: c0000135 consrv not found

Hello frrstrn,

Welcome to Bleeping Computer.

I understand you have boot issue. If the issue is not yet resolved please let me know.

Read other 2 answers
RELEVANCY SCORE 55.2

ok so
i have an annoying program called "antivirus action" on my computer. does the classics of makeing my computer use a proxy connection, not allowing me to run antivirus etc. just a general pain.
currently i am running in safe mode

so here is my dds log

DDS (Ver_10-11-27.01) - NTFSx86 NETWORK
Run by Bruiser at 2:33:00.68 on Fri 12/03/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_21
Microsoft? Windows Vista? Ultimate 6.0.6002.2.1252.1.1033.18.3571.2660 [GMT -8:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:&... Read more

A:antivirus action/fake antivirus software

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The application window will appear Click the Disable button to disable your CD Emulation drivers Click Yes to continue A 'Finished!' message will ap... Read more

Read other 15 answers
RELEVANCY SCORE 54.8

My apologies for being unable to provide the starting information as requested in the readthisfirst thread, but under the circumstances, it can't be helped. I run a PC, Windows XP SP3.

This evening my computer was hit by a antivirus.net fake antivirus virus. This was not my first experience with false antiviruses, so I stayed calm, loaded up spybot (before the virus blocked all programs), and tried to get rid of it. I failed, and tried to reboot in safe mode as normal. Unfortunately, I can't even do that. As my computer tries to load windows, a few seconds into the loading, it flashes a blue screen with error text for a split second (I can barely make out something about a critical error and windows is being shut down to protect the computer) and then the computer restarts again.

This is baffling, and frankly, a nightmare. I've never before been unable to enter safe mode (or any mode of windows), and if I can't even *get* there, how am I supposed to run programs to counter the virus or even give you all more detailed information?

I appreciate any and all help that you can give me in fixing this, and will answer any questions I can to the best of my ability!
 

Read other answers
RELEVANCY SCORE 54.4

Hi all,

My Dell Inspiron 6000 laptop is on the older side (purchased in 2005), but was running just fine up until a few days ago. I booted up my computer and got an error message saying "STOP: C0000218 {Registry File Failure} The registry cannot load the hive (file):\System Root\System32\Config\DEFAULT or its log or alternate. It is corrupt, absent, or not writable"

I tried rebooting in safe mode, to no avail. I also saw on a thread on this site something about pushing CTRL and F11 during reboot. That has now led me to a new issue. Now I can't even get it to come back to the other "STOP" error screen because every time I boot up my computer follows this progression:

1) Dell screen
2) black screen with "Loading PBR 3 ...done" and some other text which includes an error but flashes by too quickly for me to read,
3) a window pops up labeled "Dell PC Restore by Symantec" and states "The Dell system recovery tool has detected an unsupported change in your master boot record. The tool cannot run at this time."

Is there anything I can do to deal with these issues and get back to the way my laptop was? I'm hoping to be able to recover the documents (and most importantly photos) that were saved on my computer, though I am scared that may not be possible.

Any help would be greatly appreciated!
 

A:STOP:C0000218 error leads to a problem with my master boot record? Help?

Error Message When You Install Windows XP: "STOP: c0000218 {Registry File Failure}"

Did you make any changes to your system or add hardware that isn't compatible with your system? The Microsoft article suggests either incompatible hardware or a damaged hard disk drive (even though you didn't just install XP as the article suggests).
 

Read other 3 answers
RELEVANCY SCORE 53.6

Websense Security Labs? ThreatSeeker Network has detected that Google searches on terms related to iPhone SMS information are returning results that lead to rogue Antivirus software.



Read more -
iPhone Blackhat SEO Poisoning Leads to Total Security Rogue Antivirus - Security Labs Blog

Read other answers
RELEVANCY SCORE 51.6

Back when I had XP, all I had to do was to hit the Esc key to STOP an action, but with Windows7, whenever I hit the Esc key, nothing happens, and the action continues to load, or display, or whatever.

Does this WIN 7 even have such a key? or do you have to hit Ctrl-A-Delete to stop?

A:Where is the Esc to STOP an action, or viewing, like XP used to do?

If you have a dialogue open with "cancel" or something similar already highlighted, you can hit the space bar or enter to initiate cancelling the operation. Otherwise ESC doesn't function the same under 7. Ctrl + Alt + Del will bring you to a menu that will allow you to open the task manager, which you can also use to kill a process or end a program.

Read other 1 answers
RELEVANCY SCORE 51.2

After many trouble free years of use my laptop has become infected with Antivirus Action. Unfortunately I only discovered your site after trying to delete masses of "apparently" infected files!
However, I have since tried several ideas gleaned from your site's removal instructions with the following results:-
1. Tried getting into safe mode using F8 key. This was unsuccessful as no promp comes up now prior to windows loading. Even without the prompt I have tried using F8 constantly but still no access to safe working.
2. Tried msconfig to gain access but the malware blocks my attempts.
3. Tried connecting to the internet but the only website it will allow me into is the one advertising Antivirus Action at $69.99 with no viable alternative. It seems that the only intelligent thing I have done to date is not to pay for the download!
4. Have tried to access system, program and many other files but, again, I am blocked from doing anything which has the slightest effect on this virus? Trojan? or whatever it is?
5. Tried to run recovery and system discs but it won't let me do that either: It will however allow me to open these and load them as individual files to my documents folder. I hasten to add, but to no avail!

Being a novice (as will be patently obvious to you by now, if not before!) to this type of problem, several questions come to mind.
a. Can safe mode be accessed in any other way?
b. Is it possible for me to clear everything from... Read more

A:Antivirus Action

Hi, I contacted you yesterday with the following query:-

After many trouble free years of use my laptop has become infected with Antivirus Action. Unfortunately I only discovered your site after trying to delete masses of "apparently" infected files!
However, I have since tried several ideas gleaned from your site's removal instructions with the following results:-
1. Tried getting into safe mode using F8 key. This was unsuccessful as no promp comes up now prior to windows loading. Even without the prompt I have tried using F8 constantly but still no access to safe working.
2. Tried msconfig to gain access but the malware blocks my attempts.
3. Tried connecting to the internet but the only website it will allow me into is the one advertising Antivirus Action at $69.99 with no viable alternative. It seems that the only intelligent thing I have done to date is not to pay for the download!
4. Have tried to access system, program and many other files but, again, I am blocked from doing anything which has the slightest effect on this virus? Trojan? or whatever it is?
5. Tried to run recovery and system discs but it won't let me do that either: It will however allow me to open these and load them as individual files to my documents folder. I hasten to add, but to no avail!

Being a novice (as will be patently obvious to you by now, if not before!) to this type of problem, several questions come to mind.
a. Can safe mode be accessed in any ot... Read more

Read other 3 answers
RELEVANCY SCORE 51.2

Hotsperm only flashes black one time quickly and doesn't appear to download. Also what are the exact steps to removing the c:\windows\system32\drivers\etc\hosts.

A:Antivirus action

hostperm.bat, when run, will quickly flash a black window and then exit. If that's what you saw then it probably finished correctly and you may proceed to step 19.

Deleting the hosts file is just like deleting any other file. Locate the file at either: C:\Windows\system32\drivers\etc\ (for Windows Xp, Vista, and 7) or at C:\WinNT\system32\drivers\etc\ for Windows NT and Windows 2000.

After deleting the hosts file, download the replacement hosts file for your operating system from the links in the guide and put it in the same folder that the old hosts file was in.

Read other 1 answers
RELEVANCY SCORE 51.2

I need additonal help in getting rid of the Antivirus Action rogue. I have followed the malwarebytes Anit-Malware instructions but did not work. Is there an alternative solution that seems to work. My system is basically unusable. Cannot connect to internet. hve to use second PC and copy downloads to flashdrive and copy to desktop.

Have spent many hours trying to remove, multiple scans. Very frustrating.

Read other answers
RELEVANCY SCORE 51.2

I run XP Service Pak 3, use IE, MS Office, Photoshop and HP Multi Machine Manager, have Comcast cable connection.
Infected with Antivirus Action. It's putting the stops on about anything I try to do. Says .exe infected, get their software to fix it. I want a simple eradication tool. Thanks Steven

A:Antivirus Action

Hello,

There is a removal guide for this infection here: http://www.bleepingcomputer.com/virus-removal/remove-antivirus-action

Orange Blossom

Read other 1 answers
RELEVANCY SCORE 51.2

About two weeks ago, "Antivirus Action" infected my computer. I read a few different forums on how to remove it. First, I purchased Spyware Doctor...while helpful, I'm not sure it removed what really drew my attention. Per Spyware Doctor's recommendation, I have only ran it in normal mode. Then I found another tutorial that said to end any processes in task manager that looked strange, so that I would be able to remove infected files without interruption. That happened to be "usrpmkytsbl.exe" for me. After stopping that, I went into regedit...looked for the antivirus action files to delete, but none were to be found.

And yet another forum. This one said to use Combofix in conjunction with AVG and another one I can't remember. Combofix was the only one I downloaded because I had problems with the first one and I did not try/download AVG, yet. BEFORE I found out about you guys and not running combofix until instructed to do so...I already ran it in safe mode(with networking). After running this program and checking out normal mode, Antivirus Action popups, messages and it's fake scanning tool never started up again. Clearly combofix managed to take care of this problem. But...in normal mode: the speed of my computer has dropped significantly, it will not run any applications/software (acts like its going to, but never does),only Firefox works (some of the time and its extremely slow) and forget internet explorer,usb inputs do not w... Read more

A:Antivirus Action

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the instructions that pop up for posting... Read more

Read other 2 answers
RELEVANCY SCORE 51.2

I have this on my computer. It will not let me start firefox or internet explorer. I am running avg in safe mode as well as super antispyware. What else do I need to do to get rid of this?

A:Antivirus action

See here: http://www.bleepingcomputer.com/virus-removal/remove-antivirus-action

Read other 1 answers
RELEVANCY SCORE 51.2

Thank you so much. I got infected even though running McAfee Total Protection. McAfee wanted me to pay ?60 to remove it. Not possible just before Christmas. I found your website and followed your very thorough, precise instructions to remove Antivirus Action. It worked! I'm so pleased. I had to reinstall McAfee afterwards because it had got damaged, however I've got the free 90 day trial from Orange, so I'll stick with it for the moment Thank you for this brilliant free service. The guidance was so good. I hope I don't get anything like this again, but if I do, I'll know where to come.

A:Antivirus Action

Your welcome.

Read other 1 answers
RELEVANCY SCORE 51.2

My daughters laptop is infected with the Antivirus Action malware. I followed your directions for removing it using Mbam. The malware wouldn't let me run the program and i tried renaming it but that didn't work either. I also tried using rkill but it blocked that, too. I then went into safe mode and was able to run the scan and quarantine and delete the program but when I restarted the malware file was still on the computer. I don't know what to do now. Is there anything else I can try?
Shelly

A:Antivirus Action

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 51.2

Got the Antivirus Action on my laptop. Was told to reboot into safte mode but when I shut down my computer to reboot, it won't let me reboot into safe mode. It says that the registery file is either corrupted or missing. It won't go off of this screen. What should I do?

A:Antivirus Action

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 12 answers
RELEVANCY SCORE 51.2

I need additonal help in getting rid of the Antivirus Action rogue. I have followed the link http://www.bleepingcomputer.com/virus-removal/remove-antivirus-action but did not work. Is there an alternative solution that seems to work. My system is basically unusable. Cannot connect to internet. hve to use second PC and copy downloads to flashdrive and copy to desktop.the one part i dont know how to do is save the host file to the drivers/etc file.19.We now need to delete the C:\Windows\System32\Drivers\etc\HOSTS file. Once it is deleted,(i deleted it) download the following HOSTS file that corresponds to your version of Windows (i downloaded XP hosts file) and save it in the C:\Windows\System32\Drivers\etc folder. (I dont know how to do this) If the contents of the HOSTS file opens in your browser when you click on a link below then right-click on the appropriate link and select Save Target As..., if in Internet Explorer, or Save Link As.., if in Firefox, to download the file.Windows XP HOSTS File Download Link

A:Antivirus Action

(i downloaded XP hosts file)Locate the HOSTS file that you downloaded. Right-click on it and select "Cut".Now navigate toC:\Windows\System32\Drivers\etc <<< folderIn the folder "etc", find a blank area and right-click there, and select "Paste".Done!How's that now?

Read other 31 answers
RELEVANCY SCORE 51.2

I've been working on my computer (windows XP) the last couple days after getting infected with Antivirus Action. I have run the entire removal process posted online. The oinly thing I can't seem to get rid of and free up my permissions is \\.\globalroot\device\svchost.exe\svchost.exe

Wheni run SAS it comes up detected as TrojanDropper.SVCHost-Fake; then when i go to remove it; it shuts SAS down and makes it unresponsive. So after using Inherit.exe to restore SAS; I am back to it being detected but I know for a fact as soon as I go to remove it; it will be wiped again.

I've tried renaming all my spyware programs like spybot, sas(only one able to detect it), malwarebytes, Combofix.

I'm on my way to work so sorry if this is a short notice post.

I've also replaced the hosts file and removed all the registry keys manually and still i'm at this roadblock.

A:Antivirus Action just won'tn let go

bump

Read other 3 answers
RELEVANCY SCORE 51.2

hey guys i have been infected with antivirus action and need help to remove it. i have recieved various advice from other sources that havnt worked so i hope this hasnt done more damage. i have tried malware bytes and hijack this with no success. please help

A:antivirus action help

Hello,I have deleted your duplicate topic on this issue. Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 51.2

This is so frustrating, I admire you guys? impressive patience and abilities, too bad it can?t be transferred ...

My antivirus Avira AntiVir Personal keeps showing the following message every few seconds:

Guard: Malware found
Date/Time: 2010-11-02, 06:50:27
Type: Detection
A virus or unwanted program ?BSD/TDSS.VE? was found in file ?CWINDOWSsystem32ernel32.dll?.
Access to this file was denied.
Please select a further action:
Remove or Details

When I try to access Internet, I get a new page with the following message:
Internet Explorer Warning ? visiting this web site may harm your computer!
Most likely causes:
? This website contains exploits that can launch a malicious code on your computer
? Suspicious network activity detected
? There might be an active spyware running on your computer
What you can try:
? Purchase for secure Internet surfing (Recommended)
? Check your computer for viruses or malware
? More information
I am having another problem that is less important and doesn?t seem to be related: intermittently, the research engine is redirected.

I followed the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help but I am having problems with GMER. After I uncheck IAT/EAT and I click on Scan (Figure 13), a page similar to Figure 14 shows for about a second and disappears.

I have copied and pasted DDS.txt and attached the Attach.txt file, however I don't seem to be able to find Ark.txt log.

Thank you so much for your ass... Read more

A:Antivirus Action

Hi,Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

Please reply to this post so I know you are there.The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.Once I receive a reply then I will return with your first instructions.Thanks

Read other 15 answers
RELEVANCY SCORE 51.2

Hi,

I am not that great with understanding computers and virus' but I had the Antivirus action virus infect my laptop yesterday and I followed bleepingcomputer.com's spyware removal instructions (thanks heaps for that)and it seems everything is now working ok. But how do I know for sure that the virus is gone?? McAfee security never picked up the virus when it hit so when I do a scan using McAfee and it says my computer is safe and everything is ok, I'm not so sure I should believe it.

Also, I followed all of the instructions to remove the virus and the only part I couldn't exactly follow was at the end (step 19). For some reason I could not save the Hosts file download link in the C:\Windows\System32\Drivers\etc folder, the computer would only let me save it in my C:Users folder. Is this ok?

A:Antivirus Action

Hello are you running XP or another?? This will help with the Hosta issue.Let.s also do an online scan.Please perform a scan with Eset Online Antiivirus Scanner.This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.Click the green button.Read the End User License Agreement and check the box: Check .Click the button.Accept any security warnings from your browser.Check Check Remove found threats and Scan potentially unwanted applications. (If given the option, choose "Quarantine" instead of delete.)Click the Start button.ESET will then download updates for itself, install itself, and begin scanning your computer.If offered the option to get information or buy software at any point, just close the window.The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.When the scan completes, push Push , and save the file to your desktop as ESETScan.txt. Push the button, then Finish.Copy and paste the contents of ESETScan.txt in your next reply.Note: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.If you did not save the ESETScan log, click > Run..., then type or copy and paste everything in the code box below ... Read more

Read other 10 answers
RELEVANCY SCORE 51.2

My computer got infected by Antivirus Action and I can't get rid of it. It's asking that I pay $49.99 to get rid of the virus, but Antivirus is the problem. Please help!!!

A:Antivirus Action

Hello and to the BC forums.Please follow the removal guide at the following link:Remove Antivirus Action (Uninstall Guide)The MBAM log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.Please post the log and let us know how the system is running now.

Read other 1 answers
RELEVANCY SCORE 51.2

We have the malware Antivirus Action on my computer. We have run Malwarebytes and McAfee and neither have these programs said that the virus was on the computer. But is has taken over everything on the computer, including internet explorer. There have also been porn ads popping up on the computer and no one has ever been on a porn site on this computer. I have been able to get rid of similar programs but cannot get rid of this one. The gmer scan came up with nothing.

DDS (Ver_10-11-10.01) - NTFS_AMD64 NETWORK
Run by crystal at 20:05:27.16 on Sat 11/13/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2546 [GMT -8:00]
============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Common Files\McAfee\... Read more

A:Antivirus Action

Hello , And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.I will be working on your malware issues, this may or may not solve other issues you may have with your machine.Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen. Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.-----------------------------------------------------------If you have since resolved the original problem you were having, we would appreciate you... Read more

Read other 2 answers
RELEVANCY SCORE 51.2

I am infected with antivirus action and have the removal instructions. Just my luck, the 2nd step is to start in safe mode and I cannot. If I just press the button on the computer to shut it off and reboot, I can get the screen with the options to start in safe mode, but, it is like my keyboard is disabled and I can't highlight safe mode. Is there a way to fix this?

Thanks in advance for your help!!!

P.S. Please give me instructions in simple terms, I'm new to this! Thanks!

P.S.S I have WINDOWS XP

A:Antivirus Action

my keyboard is disabled and I can't highlight safe mode. Is there a way to fix this?This is probably due to a combination of 2 factors:You are using a keyboard connected via USB (a small rectangular plug/socket)The computer's BIOS is not configured to recognise USB (USB devices will not work until Windows starts)Solution: Use a keyboard connected via PS2 (a small round plug/socket with several pins inside ... often marked with a purple color), and plugged into the back of the computer box near the top, alongside the PS2 connection for the mouse. (There is chance, depending on the make/model of your computer that it will not have PS2 socket connections at all.) If you don't have a PS2 keyboard, you may be able to borrow one, or you may have to buy one (but there are usually plenty of old ones laying about the place).If you continue to experience a problem, please post the make and model of your computer. We may be able to find more explicit instructions.Remove Antivirus Action (Uninstall Guide)Posted by Grinler on October 10, 2010http://www.bleepingcomputer.com/virus-removal/remove-antivirus-actionEdit: to the BC forums!

Read other 1 answers
RELEVANCY SCORE 51.2

I have tried the suggest of running antimalware, but it is still infeted with antivirus action.. only thing i couldnt seem to get done on the directions after running malmare, was deleting host & reinstall. can anyone help me?

A:HELP PLEASE with antivirus action

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 1 answers
RELEVANCY SCORE 51.2

So I have just spent the last few hours getting rid of the incredibly annoying Antivirus Action. I am stuck on the last step of uninstalling it. I have been using the instructions from bleepingcomputer.com. The last step is to delete C:\Windows\System32\Drivers\etc\HOSTS and then download and resave a new one. My computer says I need to contact the administrator to save in that location. Problem is . . . I am the administrator and am logged in as such. Any ideas? What will happen if I can't save it? Can I save it somewhere else? How do I make it save in that location? . . . ugh stupid malware.

Thanks in advance.
Aly

A:Antivirus Action

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

Read other 3 answers
RELEVANCY SCORE 50.8

Hi
I am probably one of the least pc wise people on this forum and i have a virus infection called antivirus action that has taken over large parts of my laptop
it has hijacked google and keeps telling me i am infected with pop ups that require me to purchase antivirus action and it stops me doing virually anything
the only reason i can do this is by using my second user side of the pc which still appears to be fuctioning
The logo that it uses is a shield in yellow and blue similar to windows shields and it is alongside many program keys
i have run macafee and windows security and both come up with nil
PLEASE HELP but be prepared to be frustrated with a virtual luddite

A:antivirus action infection

Hello and welome.Please follow our Removal Guide here Remove Antivirus Action .You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 3 answers
RELEVANCY SCORE 50.8

Hi everyone, this is my first time on here and am nearly at my wits end to resolve my issue.I currently have the Antivirus Action malware on my system and cannot remove it.It won't allow me to reinstall McAfee.I've got a Dell Inspiron with Windows 7 Home Premium.I've installed and updated MalwareBytes Antimalware, Super AntiSpyware, Spyware Doctor and SpyBot Search and Destroy.All scans have been run in Safe Mode and whilst quite a few things were picked up, Antivirus Action wasn't removed.When running HijackThis, I get the following log file:Logfile of Trend Micro HijackThis v2.0.4Scan saved at 11:01:00, on 27/01/2011Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.16700)Boot mode: NormalRunning processes:C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exeC:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exeC:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\PC Tools Security\B... Read more

A:Antivirus Action Removal

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.If you have already posted a DDS log, please do so again, as your situation may have changed.Use the 'Add Reply' and add the new log to this thread.Thanks and again sorry for the delay.We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scrDDS.pifDouble click on the DDS icon, allow it to run.A small box will open, with an explaination about the tool. No input is needed, the scan is running.Notepad will open with the results.Follow the ... Read more

Read other 3 answers
RELEVANCY SCORE 50.8

Hi there!

My computer has been taken over by Antivirus Action. I tried using the Uninstall Guide from bleepingcomputer (http://www.bleepingcomputer.com/virus-removal/remove-antivirus-action) twice but it didn't work.

Please help!

Thanks,
myjunoli

A:Antivirus Action Infection

Hello,Please follow the instructions in ==>This Guide<==. If you cannot complete a step, skip it and continue.Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues and what you have done to resolve them.If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.Orange Blossom

Read other 2 answers
RELEVANCY SCORE 50.8

I'm a newbie and possibly an idiot, however I am unsure how to submit my HijackThis file log for analyzation. Do I post it within this topic or submit elsewhere? I am currently running in safe mode and have another laptop available for additional tasks. Please advise how I am to post this log. I have searched topics and don't seem to find the info I need. Hoping for "Submission for Dummies." Thanks!

A:Antivirus Action Malware...

Hi,How to post HijackThis log?Regards,Max

Read other 3 answers
RELEVANCY SCORE 50.8

I have use the instructions posted (http://www.bleepingcomputer.com/virus-removal/remove-antivirus-action) to Remove Antivirus Action. My issues is that I could not login as the original user (where the malware occurred) when I boot in safe mode. XP only appears to be presenting administrator logins not limited users. It knows about the user but does not let you log in as that use. I completed the removal process as an administrator and it appeared to work. But logging back in as the user the malware was still present. Did the removal fail because I could not run the full process under the user experiencing the malware? How do I proceed to remove the Antivirus Action malware?

A:Remove Antivirus Action

Problem is resolved. I logged back in normally as admin (given the malware was not executed yet this worked). Changed the account with the problem to an admin account. Booted into safe mode, logged in under the problem account, and continued the removal process. Note I had to run the Rkill program multiple times (3x) to stop all processes. Then ran Malwarebytes' Anti-Malware program. Also note I had to update teh Malwarebytes' Anti-Malware program prior to booting in safe mode (once in safe mode I could not access the internet over my home network). After the last step of replacing the HOST file. The system appears to be operating properly -- Thank you Bleeping Computer.com!

Read other 1 answers
RELEVANCY SCORE 50.8

Hi all, I'm totally non-techie, and desperately need help. Yesterday, my PC suddenly displayed a message about an ANTIVIRUS ACTION. At first I thought it was a real antivirus message, so I clicked on scan but later realized that it wasn't because the next message said that the Antivirus software was evalution version. Note the incorrect spelling of evaluation! Also, Windows warned me that my msfeedsync.exe, svchost.exe, hpswp.clipbook.exe, mcshell.exe, etc files were infected. I've turned off the PC and unplugged it from the internet but when I reboot it similar ANTIVIRUS warnings appear on the screen. I know they are fake because the browser bar shows adult.com! Help, please! I have absolutely no idea what to do. Thanks in advance. Mikki Dagel

A:Need Help re:ANTIVIRUS ACTION virus (?)

Hello and Welcome.

Windows7 System Restore is very robust. I wonder if you've tried that yet? If not, try going back to a point a day or so before the event, and see how things are. I would use Method 2, Through System Recovery Options at Boot, for running System Restore.

http://www.sevenforums.com/tutorials...m-restore.html

Next......


We want all our members to perform the steps outlined in the link I'll give you below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

---------------------------------------------------------------------------------------------

Please follow our pre-posting process outlined here:

http://www.techsupportforum.com/f50/...lp-305963.html

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed. I currently have as many open topics as I can effectively handle; this will have you back in queue with the proper logs so an available helper would be able to assist.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

Read other 1 answers
RELEVANCY SCORE 50.8

I have an HP Pavilliondv3000. I noticed this new program icon in the bottom right corner named, Antivirus Action. It started popping up alerts that my programs were all infected and could not be executed. Then it would offer me the opportunity to buy a virus program for 50 dollars... I politely declined. I opened up my program list and this new friend of mine is not listed. I can't open any other program due to them all being infected. Please help - I have no idea what to do.

A:Antivirus Action lies!

Hello and welcome.Please follow our Removal Guide here Remove Antivirus Action (Uninstall Guide) .You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 1 answers
RELEVANCY SCORE 50.8

So my Action center flag at the bottom popped up with a notification that said, "fine a program online." I have avast up to date and on, it says it doesn't recognize any programs. It just started happening. I have had avast on here for about 2 months. It happened last night. OTHER than just turning off that feature, why isn't it recognizing it?

A:Antivirus and Action Center

Its a known bug that when you do not use Microsoft Security Essentials, your AV is not recognized. Why you did not have a problem to now, I cannot answer. But, many have turned off that warning. You are protected.

It is my suggestion, not because of this problem, but because it is one of the best for Windows, use Microsoft Security Essentials.

Read other 2 answers
RELEVANCY SCORE 50.8

I just used your guide to remove 'Antivirus Action' and then ran Hijack This to see if I could see anything. Can you take a look at it and see if I have anything else wrong.

Hijack This log attached.

A:Antivirus Action Removal

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!Please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.In order for me to see the status of the infection I will need a new set of logs to start with.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.DeFogger: Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
The ... Read more

Read other 14 answers
RELEVANCY SCORE 50.8

Hi! I am running Windows Vista. We picked up the Antivirus Action virus and I can't get rid of it. Everything seems to be fine under my administrator profile, it pops up under my daughter's profile. I've tried running all the anti-virus software we have under my profile and it's not working. We have SUPER Antispyware and AVG. I can't run anything at all or access any applications under my daughter's profile, the virus keeps blocking everything. How do I get rid of this?

A:"Antivirus Action" Virus - Need help please!!

Hello and welcome... There are some specific steps needed to kill this. You also may need to run this from your profile if you still cannot from hers.Did your SAS scans come back clean?Please follow our Removal Guide here Remove Antivirus Action (Uninstall Guide) [/url] .You will move to the Automated Removal InstructionsAfter you completed that, post your scan log here,let me know how things are.The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Read other 9 answers
RELEVANCY SCORE 50.8

Came home tonight to find my computer under attack. A browser window opens two tabs -- one of which has "cannot display page" error and the second tab opens to a porn site (first it was porno.org, later it was adult.*). And a couple other windows open. One says a file is infected and asks if you want to launch antivirus. The other pops up like antivirus software does (in the lower right) and reveals that computer is under attack. I noticed the name BankerFox.A.
I run Norton 360 which had expired while I was out of town last week, but computer was turned off. Last night I installed and activated a new copy I had purchased before I left (was just waiting to not have my subscriptions overlap) and everything was fine, even as recently as this morning. Ran the Norton scans and it finds nothing, while constantly being attacked at the same time. Also when I try opening any program or even control panel I get the file __.__ is infected. Do you want to launch antivirus? I say no, but if I try saying yes, it just wants to sell me a program called Antivirus Action. I also ran Spybot, and it claims to have found nothing, either. Yet I can't do anything except combat these messages.
I was able to follow all the "Before you Post" instructions by using safe mode with networking. However, the last one (GMER.exe) caused a reboot before I got to save the results file. I will do that one again, but in the meantime, here are the first three items:

HijackThis log:

Logfi... Read more

A:Antivirus Action/BankerFox.A

Solved it myself.
 

Read other 1 answers
RELEVANCY SCORE 50.8

Hello,

My computer has been taken over by Antivirus Action. I cannot access mozilla and we get pop ups of ie with inappropriate material. Also, whenever we're trying to open windows pertaining to changing anything like the firewall, I am blocked out with a security warning pop up. I tried using the Uninstall Guide from bleepingcomputer (http://www.bleepingcomputer.com/virus-removal/remove-antivirus-action) twice but it didn't work. I then went to the prep guide. Following the directions I tried to open the LAN prop page, AA wouldn't let me. I cannot open mozilla or ie to download programs directly from the internet so I tried moving the downloads from another computer and AA won't let me open them... I tried this in safemode and I was able to open Defogger but when I click "disable" it pops up "unable to create log." I was able to run DDS and save a copy of that... I was also able to rum gmer BUT couldn't save it because the screen was too big in safemode and I couldn't get to the save button. I tried to make it smaller by going to control panel desktop to resize fonts but that hardly helped. The only log I was able to save is below and attached.

Thanks,
myjunoli

DDS (Ver_10-11-10.01) - NTFSx86 NETWORK
Run by Administrator at 12:33:00.85 on Thu 11/18/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.331 [GMT -5:00]

AV: AntiMalware *On-access scan... Read more

A:Antivirus Action Infection

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 17 answers
RELEVANCY SCORE 50.8

hey team here is the dds log as requested. i am currently sending from a clean pc as my infected one is in safe mode and i dont want to exit from this as i am unable to perform any actions at all in standard mode because antivirus action keeps blocking it.
thanks again for the help.

DDS (Ver_10-10-21.02) - NTFSx86 NETWORK
Run by Owner at 15:41:34.78 on Mon 25/10/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1673 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
E:\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.imesh.com/
uSearch Bar = hxxp://search.imesh.com/sidebar.html?src=ssb
uInternet Connection Wizard,ShellNext = hxxp://freevideomaster.ourtoolbar.com/SetupFinish
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:28091
uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
mSearchAssistant = hxxp://search.imesh.com/sidebar.html?src=ssb
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program f... Read more

A:infected with antivirus action

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 2 answers
RELEVANCY SCORE 50.8

Hello there!

So I followed the Antivirus Action removal guide(MalewareBytes and RKill), it found some things but when I restarted with the new host file and everything the Antivirus Action was still there in full swing. So I tried Mcafee's stinger, and Nortons Power Eraser. Both of those came up with nothing bad on the computer. I also ran AVG 8's scan nadathing. So final desperate act is to post my dds, and gmer logs for someone with better specialization than me can help me.

Thanks!

DDS.txt log:

DDS (Ver_10-11-27.01) - NTFSx86 NETWORK
Run by Administrator at 14:46:42.18 on Sat 11/27/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1553 [GMT -6:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrat... Read more

A:Infected with Antivirus Action

Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review your topic an do their best to resolve your issues. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan:Download DDS by sUBs from one of the following links. Save it to your desktop.DDS.scr DDS.pifDouble click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that... Read more

Read other 6 answers
RELEVANCY SCORE 50.8

Hi, I would really appreciate any help... I have a problem with a laptop running Windows 7 with Avast antivirus on it - is displaying various hoax virus notifications.....has installed a red shield in my system tray....at various times i have seen antispyway.com and antivirus action mentioned along with links to antispyway.com. I can not access the internet though am showing as connected......also cant run MBAM or spybot which I have installed.

I have run CCleaner and managed to run both Superantispyware and MBAM from a flashdrive - neither show any problem......am struggling to run any other scans recommended for download as no access to the net on the infected machine.

I have run HJT from flashdrive and have attached the log below ...........I hope someone can advise me please:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:35:28, on 21/10/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
G:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQNOT/2
R0 - HKCU\Software\Microsoft&#... Read more

A:antispyway.com ~ antivirus action

Hello and welcome to Bleeping ComputerWe apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.We need to create an OTL report,Please downloa... Read more

Read other 1 answers
RELEVANCY SCORE 50.8

My husband has XP and ended up with the whoe Antivirus Action virus. I have performed all of the steps that all the forums have suggested. I started in safemode with networking, unchecked the Use proxy setting, accessed the internet, downloaded and ran rkill and malwarebytes. Ran rkill out of safe mode and it worked. Stopped all the virus processes successfully. Ran malwarebytes, which worked the first time. It removed 32 files successfully. I rebooted and Antivirus Action was still there. This time it would not let me run rkill or malwarebytes.

I right clicked on the antivirus action icon in the corner and created a shortcut to it, which showed me the file path. I rebooted in safe mode once again, and typed the file path which begins wiht lvns://C:\DOCUME~1. . . . . . . . When I began typing it, there were 3 file paths to choose from each with a different ending. It would not let me open any of them because it said I didn't have the proper permissions.

Now, it will not let me access the internet in safe mode.

Now, I am stumped. haha

A:Another Antivirus Action Issue

Please run the following tools:OTL-----Please download OTL from one of the following mirrors:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.Click the "Scan All Users" checkbox.Push the Quick Scan button.Two reports will open, copy and paste them in a reply here:OTListIt.txt <-- Will be openedExtra.txt <-- Will be minimizedPlease Download Rootkit Unhooker Save it to your desktop.extract RKUnhooker to your desktop
Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
you can get a free one from here - http://www.7-zip.org/Now double-click on RKUnhookerLE.exe to run it.Click the Report tab, then click Scan.Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.Wait till the scanner has finished and then click File, Save Report.Save the report somewhere where you can find it. Click Close.Copy the entire contents of the report and paste it in a reply here.Note** you may get this warning it is ok, just ignore"Rootkit Unhooker has detected a parasite inside itself!It is recommended to remove parasite, okay?""just click on Cancel, then Accept".

Read other 14 answers