So my dad recently opened an email that seeeeemed like it was from one of his friends. Well, turns out it wasn't. Now he has a pretty freaky virus. I searched up on it and tried to help him out, but i came to the conclusion that the only thing that would fix the problem is reformatting the harddrive on his computer and reinstalling the os. It wouldn't actually do much harm, but It's basically not the best thing if there's an alternative to it, since he would have to do some crazy back ups and stuff.

Anyway, it's a malware type program called Anitvirus System Pro. If anyone has an easier fix to this, it would e appreciated. Also note that the program is resistant to all forms of antivirus, as it has a code built in, where it basically infected a differenet program to reinstall itself anytime an antivirus/antimalware is run.

Malwarebyte's Anti-Malware can repair any fake "anti-virus".
I know this from personal experience.

Additionally, if you googled "Antivirus system pro", you'd find this cool site that lists Malwarebtye's as a recommended way to remove it.
(though your browser could be hijacked or something)

I also knew about malwarebytes, and my dad tryed it. The problem was that the program ran once, cleaned and w/e. But once rebooted, the problem was still there. Once he ran malwarebytes 2 more times, every time it ran it found 5 different programs, all of which showed up, were reported as cleaned, but came back.

Please read pinned topics: http://www.staredit.net/62535/
There is a lovely Malware Removal Guide there.

Have you tried running a virus removal program in safe mode?

search for files which were created when he installed the program and delete them.

The safe mode thing was gonna be the thing i was gonna try next.

I managed to back up all the stuff my dad wanted backed up (he really didnt have that much stuff on the computer, it was a business comp and he does all of his stuff online). I scanned the files for viruses using a different program on a different computer, and they all came out clean, so i figure i'll just go and reinstall/reformat the windows on it. It'll take some time, but it will probably work out for the best.

That malware removal guide also explains that it basically uses a virus scan type software to go through and clean up. Like i've said, if you attempt to delete it, it uses your os or something to make a replication of itself in a file the comp already searched in, so no type of normal virus removal would work.


He didnt install the program, it installed itself, and the files are extremely spread out. Knowing this virus, it most likely thought of that and put itself in some unknown folder somewhere in the computer's os files and is untraceable.

There is no active virus that cannot be traceable. Viruses itself are essentially, executive files and run in process trees.
Also ,formatting is a lot easier than the hassle of antivirus programs. Atleast in my opinion. Unless you have files that you don't want to lose. You could choose to back some of them up, then format. It also cleans alot of programs you don't use, but don't delete. It isn't that bad to format.

found this today.

You have to execute a program for the virus to run. Unless, you think it "just happens". Did starcraft install itself onto you computer? All you did put in a CD, type in a code, and press enter a few times.

Now, open up explorer. Press f3. Press "L". Click on "when was it modified". Insert date you installed the program/the program was installed/your father clicked on omgwtfbbq.jpg.exe.

I didn't read the rest of the posts, but my parents had this exact same problem a couple of days ago. The program is scareware, and didn't do any actual harm to my parents computer -it was just annoying as hell. It hijacked a couple programs, wouldn't let me open any .exe files, and wouldn't allow any connections to the internet. About malwarebytes, it bites. Don't use it. It's never worked for me or anyone I've talked to that I trust.

If you know which processes are normal and which aren't, you can open up the task manager and delete the ones that are causing "virus detection" reports, and porn spamming. If you want, after you stop those couple processes, you can search for the .exe files that you just shut down using the windows search, and manually delete them, but you don't really need to. After I shut off the annoying processes causing things like porn spam, I popped in my flashdrive and installed Avast Antivirus Pro. After installation I ran a boot-time scan. Once the computer started up again, I updated Avast (internet connection during installation was disabled) and ran another boot-time scan. After that, I was fine. I uninstalled Avast and haven't heard complaints yet.

I've had nothing but success with that guide. My brother's computer was hardly running at all (too much pr0ns, I presume), and it cleaned up just fine. And it doesn't use a virus scan... It has a list of Add/Remove Software thingies to remove, CCleaner (which does make a difference), SuperAntiSpyware, MalwareBytes, and ComboFix. The other two things seem to just produce logs...

A virus doesn't need its own process tree to run. A "better" virus would inject itself into other open processes.

A reformat seems like the best option here if you're having trouble with anti-virus tools. Note that a "better" virus would also inject itself into other EXEs and DLLs, so don't back up any programs, just re-install them.

Well, i scanned the programs backed up, and they were perfectly fine. I even opened them on another computer i could easily reformat to check, and it didnt show its face.

The other problem with the virus is it won't let you explore anywhere in your computer. anytime you click anything it gives you a warnign and stops you from clicking.

I'm also about 2.5 hours away from my dad, so it's kinda hard to go there and do it myself.

I think this issue will be fixed, but only time will tell. I know how i can fix it and such, it'll just take about 2.5 weeks till i can get home again...

Hmmm shreddar not a pro at killing problems but i'm almost possible i contracted this same PoS mal-ware last week and i solved it today when i got back in town.

The problem i had was i couldn't turn on any programs at all. Most of them were deemed infected. It made it extremly difficult to run anything. Also I could nto visit certain web pages. This made it an ass pain to figure out what infected my computer.

I tried a solution i ran accross and it did nothing. What i ended up doing was downloading the old stand-by spybot search and destroy. This thing erradicates nearly every problem you come accross. I was able to get the updates in regular mode by running it before it could boot up and it shut down the piece of malaware not allowing me to open programs.

From there i ran search and destroy and eliminated the rest. If needed it can be run in safe mode as well.

It is a free program for destroying spyware, adware, malware, and a few other things. This is what i would reccomend.

I would highly recommend getting ComboFix, amazing program, and I've found that that virus actually will crash Malwarebytes if you try to scan with it, and ComboFix fixes that, make sure you get it from here, other sites are fake. That virus infects eventlog.dll, and that's why it's seemingly impossible to get rid of, because even if you get rid of all of its running tasks, when eventlog starts up again it'll just reinstall itself. It also disables AVG AntiVirus scans, IIRC.

so is this a virus that he is dealing with or malware or some other kind of ware?

The thing I like about the spybot S&D is it scans deep into everything. They have also added a new feature recently to help stop ware invasions by allowing you to cut off the paths some wares take into your computer. It has been a while since i've used it and i'm finding more new features every day.

also not trying to hijack but I was wondering what mine was as well. The windows security alert was i believe the main thing i had. It was called smitnfraud.

Malware pretty much covers the entire bad software range, this program is particularly nasty though, I had it BSOD my OS when I refused to let it scan/update, or in other words, download more malware.


That "new feature" has been in Spybot since I started using it 7 years ago, thing is, Spybot is getting a bit outdated, I still find it great for getting the old stuff, but it seems behind on anything new that comes out.

really? wow. I guess that just shows my inexpierence in dealing with these kind of problems. I will be looking into that program of yours. I think mine are fixed but I am not 100% sure.

Hey, usually malwarebyte's will remove the fake anti-viruses, and in this case it does, but it wont remove the spawner of the fake anti-virus. Short of sorting through Hijack this logs and manually deleting files (some with file assassin or tools like it) it seems only one program can remove it. My friend's mom got infected with this virus, and he could not get rid of it. So he ended up taking out the big guns and installed and ran the Kaspersky 30 day trial. It cleaned up his mom's computer and got rid of it.

Should you end up not being able to remove the virus, I'd recomend going to GeeksToGo.com They can guide you through the removal process including reading hijack this logs and registry entries for you.

Good luck!
-sharf