hijack this... how can I get rid of this antivirus 2010?

xaznboitx · Nov 13, 2010

nevermind please delete

ddp · Oct 3, 2009

go into msconfig\startup to remove from there. check your all programs\startup to make certain it is not there. download, install update, immunize twice then check fpr problems with spybot search & destroy. http://www.majorgeeks.com/download2471.html#

xaznboitx · Oct 8, 2009

it stated that spybot got rid of it but it came back after I restarted the computer. Same with SmitfraudFix. I use SmitfaudFix on safe mode and normal mode and still comes back after restarting the computer. SmitfraudFix only gets rid of it on Normal mode til I restart again and the spyware comes back.

ddp · Oct 9, 2009

did you go into msconfig\startup to remove it from there & startup in all programs?

xaznboitx · Oct 10, 2009

yes I did. I tried to do a window restore it said that the restore feature is turned off. When I went to control panel to look at the restore feature, it's not there.

ddp · Oct 10, 2009

was it in msconfig\startup & startup in all programs? run spybot in safemode after you updated & immunize it twice.

sodaman · Oct 12, 2009

The problem using msconfig is that most new viruses can reload itself through DLLs and the prefetch. These are usually running in safemode too. Best way to remove any virus is to have a bootable OS CD. Make a UBCD4win CD and boot from this CD. Used the ezfix program to clean the temps,prefetch, and startup programs. you can also run spybot and superanti virus scans off this cd.

Delete Program Files\\AV2010\\AV2010.exe
Program Files\\AV2010\\svchost.exe
WINDOWS\\system32\\IEDefender.dll
WINDOWS\\system32\\wingamma.exe

Run regedit local and delete these registries:
HKEY_CURRENT_USER\Software\AV2010
HKEY_CLASSES_ROOT\AppID\{3C40236D-990B-443C-90E8-B1C07BCD4A68}
HKEY_CLASSES_ROOT\AppID\IEDefender.DLL
HKEY_CLASSES_ROOT\CLSID\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO
HKEY_CLASSES_ROOT\IEDefender.IEDefenderBHO.1
HKEY_CLASSES_ROOT\Interface\{7BC7565C-5062-43CE-8797-DC2C271140A9}
HKEY_CLASSES_ROOT\TypeLib\{705FD64B-2B7B-4856-9337-44CA1DA86849}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC8A493F-D236-4653-9A03-2BF4FD94F643}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0012
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0013
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Gamma Display"

Common hiding spots for viruses,malware, and trojans.
\windows\system32\
\document and settings\<user name>\application data\
\windows\prefetch\
\windows\temp\

Look for recently added files with wierd names. There usually exe, dll, or tmp files.

Log in or Sign up

hijack this... how can I get rid of this antivirus 2010?

xaznboitx Regular member

ddp Moderator Staff Member

xaznboitx Regular member

ddp Moderator Staff Member

xaznboitx Regular member

ddp Moderator Staff Member

sodaman Member

Share This Page

Log in or Sign up

hijack this... how can I get rid of this antivirus 2010?

xaznboitx Regular member

ddp Moderator Staff Member

xaznboitx Regular member

ddp Moderator Staff Member

xaznboitx Regular member

ddp Moderator Staff Member

sodaman Member

Share This Page

Useful Searches