antivir64 taking over my internet screen

Viruses and worms
1

I left the computer for about two minutes this afternoon. During that time my son brought up a new screen and was met with this alleged scanner called antivir64 with options to download. Doesn’t matter what I click on “cancel” or the red x, every time I bring a new screen up there it is again going through it’s motions. I can click on something in my drop down, say ebay or whatnot, and it will go there. I can also bring up a new tab and I don’t encounter it. But if I bring up a new screen, here we go again. Tried to Google it but found nothing (http://scanner.antivir64.com).

Thus far I’ve done a quick scan with Avast and a thorough scan with SuperAntiSpyware and cleaned out with CCleaner. The only unusual thing is was there were 339 adware listings. Is it possible that this thing is downloading these? Don’t know much about this kind of stuff. I’d appreciate any help in fixing the problem.

Thanks!
Sandy

2

HI- Which OS
The System has an Administrator Account- Right
And YOU have a user account
And YOUR Kids have user accounts
RIGHT?
I just had my brother do the same drill :slight_smile:
http://www.dummies.com/WileyCDA/DummiesArticle/id-350.html

Superantispy found nothing?
(I tried google also- nada)

so lets update avast and schedule a boot time scan rt click the ball- move any hits to the CHEST

and do a scan with Malware bytes anti malware (MBAM)
select the check marks and move everything to quarantine

to cut down communications with the bad stuff phoning home install
Spywareblaster by Javacool (accept no look a likes)
and a Hosts file
I use MVPS but HPHosts is also good

are you using IE or Firefox?
which OS? if W98 use Spybot search and Destroy instead of MBAM

3

Strange, the program isn’t into the detected ones of RogueRemover.
http://www.malwarebytes.org/rogueremover.php

Can you try the general cleaning procedure?

  1. Disable System Restore and then reenable it again.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
4

Looks like a new one
if we can find it we can upload to virus total
Sandy
since you already tried SAS did you configure it to scan everything?
Using Tech’s list

insert this in around #4
I think maybe we should try a Kaspersky or other on line AV scan before or after Malware Bytes Anti Malware (MBAM)

here is a list
Kaspersky (very good detection rates) will not remove anything but may find “early adopters”
ESET NOD32
Trendmicro housecall
F-Secure
BitDefender (free removal of the malware)
post a log

on any of these Apps mentioned by me or TECH watch for False Positives
Quarantine/ Chest/ Vault do not Delete/ remove

now we’re at Tech’s #5