Solve : AVAsoft Antivirus trojan?

1.	Solve : AVAsoft Antivirus trojan?
Answer» I picked this up on my HP laptop at a hotrodding website. I may not have had any protection running but I assume I did. I think it's a phishing tool. It keeps popping up asking to get the full version of AVAsoft to remove the threats. You have to click on 'proceed unprotected' then your website will come up. One post at Microsoft said to boot in protected mode and search for AVAsoft. Then right click for file location and then delete all the items. I did this. It doesn't work. AVA blocks MalwareBytes and Ccleaner. I ran Malwarebytes in safe mode but this did nothing. It did find 10 threats that were removed but not the AVAsoft trojan.I'm not a MALWARE removal specialist. So, you may want to wait for advise from one of this forum's malware removal specialists. However, I will mention some info I found from a search on how to remove AVAsoft trojan. See http://www.slideshare.net/justinmabel/how-to-remove-ava-soft-antivirus-professional and http://malware-protection-steps.blogspot.com/2013/03/how-to-remove-avasoft-antivirus.htmlThanks I'll take a look but from my experience most of these don't work. They sound like they know what they're talking about but when you try it-zero!Save these instructions so you can have access to them while in Safe Mode. Please click here to download AVP Tool by Kaspersky. Save it to your desktop. Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter. Double click the setup file to run it. Click Next to continue. Accept the License agreement and click on next. It will, by default, install it to your desktop folder. Click Next. It will then open a box There will be a tab that says Automatic scan. Under Automatic scan make sure these are checked. Hidden Startup Objects System Memory Disk Boot Sectors. My Computer. Also any other drives (Removable that you may have) Leave the rest of the settings as they appear as default. •Then click on Scan at the to right hand Corner. •It will automatically Neutralize any objects found. •If some objects are left un-neutralized then click the button that says Neutralize all •If it says it cannot be neutralized then choose the delete option when prompted. •After that is done click on the reports button at the bottom and save it to file name it KAS. •Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply. Note: This tool will self uninstall when you close it so please save the log before CLOSING it.I ran the AVP tool. Kaverski or what's the name. But-I forgot to go safe mode when I started the scan and-even before I started the scan I noticed the AVAsoft trojan wasn't appearing. The Kaver. program found four threats and removed them. I saved the log but now it won't open for some reason and I haven't SEEN the AVAsoft since then. Quote I saved the log but now it won't open for some reason and I haven't seen the AVAsoft since then. AVP removed itself so that's probably why you can't open the log. Can you run MBAM and cCleaner now?Yes I can. I don't see how the trojan was removed. Like I said it seemed to be gone even before I ran the Kasperski. Could you please run MBAM and post the log along with these scanners? Please download AdwCleaner by Xplode onto your Desktop. Double click on AdwCleaner.exe to run the tool. Click on Search. A logfile will automatically open after the scan has finished. Please post the content of that logfile in your reply. You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number. ********************************************* I'd like to scan your machine with ESET OnlineScan •Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan •Click the button. •For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on to download the ESET Smart Installer. Save it to your desktop. Double click on the icon on your desktop. •CHECK •Click the button. •Accept any security warnings from your browser. Leave the check mark next to Remove found threats. •Check •Push the Start button. •ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. •When the scan completes, push •Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. •Push the button. •Push A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.04.05.09 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Guest :: CHEETAH [limited] 4/7/2013 8:46:08 AM MBAM-log-2013-04-09 (12-02-29).txt Scan type: Quick scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 158545 Time elapsed: 3 minute(s), 34 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|clippand (Trojan.RedirRdll4.Gen) -> Data: rundll32 "C:\Users\Guest\AppData\Local\Temp\complace.dll",CreateProcessNotify -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|cmmogman (Trojan.RedirRdll4.Gen) -> Data: rundll32 "C:\Users\Guest\AppData\Local\Temp\complace64.dll",CreateProcessNotify -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus (Rogue.AVASoftPAV) -> No action taken. Files Detected: 2 C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus\AVASoft Professional Antivirus.lnk (Rogue.AVASoftPAV) -> No action taken. C:\Users\Guest\AppData\Local\Temp\complace64.dll (Trojan.RedirRdll4.Gen) -> No action taken. (end) Please download AdwCleaner by Xplode onto your Desktop. No can do. I keep just getting the spinny wheel when I click on your link and I went to C net downloads with the same result. I have to reboot to get rid of the wheel. I'd like to scan your machine with ESET OnlineScan. Can't do this either. I just get the little yellow icon with the red exclamation mark/dead link isn't it? Looked at tools internet options and all that but I don't know enough about it. I put eset in the trusted sites but no results.Please run MBAM again and remove the infections. Quote No can do. I keep just getting the spinny wheel when I click on your link and I went to C net downloads with the same result. Please download and run MS Fix-it from here. Click on Internet Explorer** and see if that helps you with your downloads.

Answer»

I picked this up on my HP laptop at a hotrodding website. I may not have had any protection running but I assume I did. I think it's a phishing tool. It keeps popping up asking to get the full version of AVAsoft to remove the threats. You have to click on 'proceed unprotected' then your website will come up. One post at Microsoft said to boot in protected mode and search for AVAsoft. Then right click for file location and then delete all the items. I did this. It doesn't work. AVA blocks MalwareBytes and Ccleaner. I ran Malwarebytes in safe mode but this did nothing. It did find 10 threats that were removed but not the AVAsoft trojan.I'm not a MALWARE removal specialist. So, you may want to wait for advise from one of this forum's malware removal specialists. However, I will mention some info I found from a search on how to remove AVAsoft trojan. See http://www.slideshare.net/justinmabel/how-to-remove-ava-soft-antivirus-professional and http://malware-protection-steps.blogspot.com/2013/03/how-to-remove-avasoft-antivirus.htmlThanks I'll take a look but from my experience most of these don't work. They sound like they know what they're talking about but when you try it-zero!Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.
Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it KAS.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before CLOSING it.I ran the AVP tool. Kaverski or what's the name. But-I forgot to go safe mode when I started the scan and-even before I started the scan I noticed the AVAsoft trojan wasn't appearing. The Kaver. program found four threats and removed them. I saved the log but now it won't open for some reason and I haven't SEEN the AVAsoft since then. Quote

I saved the log but now it won't open for some reason and I haven't seen the AVAsoft since then.

AVP removed itself so that's probably why you can't open the log.

Can you run MBAM and cCleaner now?Yes I can. I don't see how the trojan was removed. Like I said it seemed to be gone even before I ran the Kasperski. Could you please run MBAM and post the log along with these scanners?

Please download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

***********************************************
I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•CHECK
•Click the button.
•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.05.09

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Guest :: CHEETAH [limited]

4/7/2013 8:46:08 AM
MBAM-log-2013-04-09 (12-02-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 158545
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|clippand (Trojan.RedirRdll4.Gen) -> Data: rundll32 "C:\Users\Guest\AppData\Local\Temp\complace.dll",CreateProcessNotify -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|cmmogman (Trojan.RedirRdll4.Gen) -> Data: rundll32 "C:\Users\Guest\AppData\Local\Temp\complace64.dll",CreateProcessNotify -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus (Rogue.AVASoftPAV) -> No action taken.

Files Detected: 2
C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVASoft Professional Antivirus\AVASoft Professional Antivirus.lnk (Rogue.AVASoftPAV) -> No action taken.
C:\Users\Guest\AppData\Local\Temp\complace64.dll (Trojan.RedirRdll4.Gen) -> No action taken.

(end)

Please download AdwCleaner by Xplode onto your Desktop.

No can do. I keep just getting the spinny wheel when I click on your link and I went to C net downloads with the same result. I have to reboot to get rid of the wheel. I'd like to scan your machine with ESET OnlineScan.

Can't do this either. I just get the little yellow icon with the red exclamation mark/dead link isn't it? Looked at tools internet options and all that but I don't know enough about it. I put eset in the trusted sites but no results.Please run MBAM again and remove the infections.
Quote

No can do. I keep just getting the spinny wheel when I click on your link and I went to C net downloads with the same result.

Please download and run MS Fix-it from here. Click on Internet Explorer and see if that helps you with your downloads.

Solve : AVAsoft Antivirus trojan?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment