• There seems to be an uptick in Political comments in recent months. Those of us who are long time members of the site know that Political and Religious content has been banned for years. Nothing has changed. Please leave all political and religious comments out of the forums.

    If you recently joined the forums you were not presented with this restriction in the terms of service. This was due to a conversion error when we went from vBulletin to Xenforo. We have updated our terms of service to reflect these corrections.

    Please note any post refering to a politician will be considered political even if it is intended to be humor. Our experience is these topics have a way of dividing the forums and causing deep resentment among members. It is a poison to the community. We appreciate compliance with the rules.

    The Staff of SOH

  • Server side Maintenance is done. We still have an update to the forum software to run but that one will have to wait for a better time.

Big Time Help Needed!

Status
Not open for further replies.
falcon409

falcon409

SOH-CM-2025
My granddaughter was here this afternoon with a friend and they spent time on the computer of course. Somewhere along the way they picked up either a true virus or something disguising itself as one.

I can access the internet, but it won't allow me to activate any programs. I was going to download and run Adaware, but it won't allow the executable to run.

If I restore to an earlier point will that work?
 
No. Restoring only restores system settings it won't get rid of any files.

Have you tried running a scan in safe mode?

Edit: Apologies if this is patronising, I am unaware of your level of knowledge!
 
Dang, sorry to hear that Ed! That is the main reason none of my family touch my PC. I got an Xbox 360 for my nephews, but they get bored with that and want to surf the web, not on this machine, I've seen how badly they treat their computers, LOL.
 
When I run the antivirus scan it says there's nothing there. I've checked all the firewall settings, defender, etc. everything is up and running.

I have an icon that says it's "Anti Virus Live" if I try to close it out it pops up with a scan in progress and appears to be locating virus threats. If I tell it to correct them, it says I'll have to purchase the license first (of course). I'm not sure it's a full blown virus, but a very annoying malware that has embedded itself.
 
When you try to run a executable what type of error does it give you. A screen shot may be needed. What do you mean by activate? Do you mean run an executable?

Check your browser history and see what sites they attended, provide a list and maybe we can help you.

Disregard you answered while I posted.
 
Just to double check, you are aware that Anti-virus Live IS the malware?

Your post doesn't make that completely clear!

It looks like this I imagine;

antiviruslive.jpg
 
Given your AV didn't find anything, going back to an earlier restore point might work if all that's happened is a setting change somewhere
 
TheOptimist said:
Just to double check, you are aware that Anti-virus Live IS the malware?

Your post doesn't make that completely clear!

It looks like this I imagine;

antiviruslive.jpg


On the computer in question make sure you're not connected to the internet. It messes with your internet security settings.
Click to expand...
That's the one!!
 
OOPS! I didn't read far enough down.

This sounds like a bogus anti-virus trojan. any program that forces you to pay to fix a computer it broke, is BAD.

If you have another computer Goggle the name of that program and see if there is a way to remove it.

A friend of mine got something like that. We found a fix online and he had to boot in Safe mode to remove the malware.
 
I had that or something similar and I think I used Malwarebytes to cure it in safe mode.
 
This is from Symantec:

Antivirus Live Removal Step By Step:
1. Kill processes: (random)sysguard.exe
2. Delete registry keys: (always backup first)
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\I… Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\W… Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\W… Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\W… "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\W… "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\W… "(random)"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\… "(random)"
3. Delete files:
%UserProfile%\Local Settings\Application Data\(random)\(random)sysguard.exe
4. Delete folders:
%UserProfile%\Local Settings\Application Data\(random)\
Once I finished the above steps, I used Spybot to scan again. I was able to completely remove the Antivirus Live trojan.
 
scottmm73 said:
This is from Symantec:

Antivirus Live Removal Step By Step:
1. Kill processes: (random)sysguard.exe
2. Delete registry keys: (always backup first)
HKEY_CURRENT_USER\Software\AvScan
HKEY_CURRENT_USER\Software\Microsoft\I… Explorer\Download "RunInvalidSignatures" = "1"
HKEY_CURRENT_USER\Software\Microsoft\W… Settings "ProxyOverride" = ""
HKEY_CURRENT_USER\Software\Microsoft\W… Settings "ProxyServer" = "http=127.0.0.1:5555"
HKEY_CURRENT_USER\Software\Microsoft\W… "LowRiskFileTypes" = ".exe"
HKEY_CURRENT_USER\Software\Microsoft\W… "SaveZoneInformation" = "1"
HKEY_CURRENT_USER\Software\Microsoft\W… "(random)"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\… "(random)"
3. Delete files:
%UserProfile%\Local Settings\Application Data\(random)\(random)sysguard.exe
4. Delete folders:
%UserProfile%\Local Settings\Application Data\(random)\
Once I finished the above steps, I used Spybot to scan again. I was able to completely remove the Antivirus Live trojan.
Click to expand...

I'd be slightly hesitant messing about in the registry.

As I said before this seems a fairly comprehensive process but there is less scope for error. In fact there is just about no scope for error;

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-live
 
You would think in this day and age with all the reviews of software/malware etc nOObs would finally get the point!

I see so many people getting nailed by this crap, and all I can say is do your homework and be skeptical of any program unless researched thoroughly! :mixedsmi:

Not attacking you falcon, just stating the obvious.
 
DX-FMJ said:
You would think in this day and age with all the reviews of software/malware etc nOObs would finally get the point!

I see so many people getting nailed by this crap, and all I can say is do your homework and be skeptical of any program unless researched thoroughly! :mixedsmi:
Click to expand...

That's all good and well, and my main computer is a fortress, but still bits and bobs get through.

We had a REALLY nasty one the other week.

There wasn't a scan on the internet that could touch it. My poor brother spent hours in the registry getting rid of the thing. It cross installed itself on two different user accounts. When you got rid of one and switched to the other user account, the infected account would reinstall it on the other one!
 
DX-FMJ said:
You would think in this day and age with all the reviews of software/malware etc nOObs would finally get the point!

I see so many people getting nailed by this crap, and all I can say is do your homework and be skeptical of any program unless researched thoroughly! :mixedsmi:
Click to expand...

Is he calling your grandkids "nOObs"?
 
Status
Not open for further replies.
Back
Top