To all,
Anyone had a run in with the malware Antivirus GT? I use the free version of Avast and it did not detect this virus. Do you know of anyway I can remove it without a lot of pain?
Blue Chip
The Windows Live OneCare safety scanner is suppose to be able to get rid of this.
http://onecare.live.com/site/en-us/default.htm
https://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=AntivirusGT
You can also check your computer for malware with Malwarebytes’ Anti-Malware (MBAM) and complete disinfection:
· Download free http://www.malwarebytes.org/ for an on-demand scanner.
· Double Click mbam-setup.exe to install the application.
· After install, click update so you have latest database before scanning.
· Under Settings:
o General: Automatically Save File After Scan Completes is checked off
o Scanner Settings: Check all boxes
o Updater: Download and install update if available is checked off
· Once the program has loaded, select “Perform FULL Scan”, then click Scan.
· The scan may take some time to finish, so please be patient.
· When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
· Click the “remove selected” button to quarantine anything found. You will find the infection details under the Quarantine tab.
· The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
· Copy & Paste the entire report in your next reply. We will analyze the report.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts – Click OK to either and let MBAM proceed with the disinfection process; If asked to restart the computer, please do so immediately.
Hey SafeSurf, From looking at this thread, It doesn’t look like MBAM can find this yet.
http://forums.malwarebytes.org/index.php?showtopic=59451&hl=Antivirus+GT
That’s why I suggested The Windows Live OneCare safety scanner
Maybe they haven’t updated the definitions yet. Good catch. Thanks.
No Problem, Glad to help.
Look here…
http://www.anti-malware-blog.com/2010/07/07/antivirusgt-adware-removal-instructions/
asyn
To all,
Thanks. I was not able to get the Windows Live One Care to work. I think the malware keeps the software from running the protection and removal modes. Blue Chip
@SafeSurf, You were right, I guess MBAM can get rid of this, Sorry
@Blue Chip, Follow this guide and see if it helps:
http://www.bleepingcomputer.com/virus-removal/remove-antivirusgt
If that doesn’t help, I’ve asked essexboy to take a look at this thread.
Came across this myself last week on Windows 7 32bit which was protected by Avast 5 Free version. Could not detect it or get rid of it. Downloaded and ran the MBAM anti-malwarebytes tool and while it did remove the virus, MBAM also removed some critical system files and then system would not startup (even in SafeMode). System Restore no use either as it was corrupt/disabled!
Was wondering has anyone forwarded this spyware/virus called AntiVirusGT to Avast virus lab for testing/addition to detection? ???
Use the following instructions to remove AntivirusGT or Antivirus GT (Uninstall instructions)
Step 1. Disable malicious add-on.
Run Internet Explorer. Click Tools → Manage Add-ons. Select UpdateCheck.dll addon and you will see an image.
Manage Add-ons
Click disable, click OK and click OK to close Manage Add-ons window. Close Internet Explorer and run it once again.
Step 2. Stop AntivirusGT process.
You need stop a core process of AntivirusGT, after that, you will be able to remove this malicious program and any associated malware without any problem.
Right click to Windows task bar, select Task manager. Task Manager window opens. In the list of processes select the AntivirusGT.exe and you will see a screen similar to the one below.
Task Manager
Click End process button and click Yes for confirm. Close Task Manager.
If Task Manager is blocked, then go to My computer, open your system disk (disk C by defaults), then open System32 folder. Copy file taskmgr to your desktop. Right click to taskmgr icon on your desktop and select Rename. Type explorer and press Enter. Then repeat the step 2 once again.
Step 3. Remove AntivirusGT.
Download MalwareBytes Anti-malware (MBAM). Close all programs and Windows on your computer.
Double Click mbam-setup.exe to install the application. When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings and when the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes’ Anti-Malware and Launch Malwarebytes’ Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded you will see window similar to the one below.
malwarebytes-antimalware1
Malwarebytes Anti-Malware Window
Select Perform Quick Scan, then click Scan, it will start scanning your computer for AntivirusGT infection. This procedure can take some time, so please be patient.
When the scan is complete, click OK, then Show Results to view the results. You will see a list of infected items similar as shown below. Note: list of infected items may be different than what is shown in the image below.
Malwarebytes Anti-malware, list of infected items
Make sure that everything is checked, and click Remove Selected for start removal process. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
Note 1: if you can not download, install, run or update Malwarebytes Anti-malware, then follow the steps: Malwarebytes won`t install, run or update – How to fix it.
AntivirusGT creates the following files and folders
C:\Program Files\AVGT
%Temp%\MICROS~1.DLL
C:\Program Files\AVGT\antivirusGT.exe
AntivirusGT creates the following registry keys and values
HKEY_CLASSES_ROOT\CLSID{3304F17F-732C-4AC6-BF67-DBDC8B88C11F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{3304F17F-732C-4AC6-BF67-DBDC8B88C11F}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AVGT
polonus
It looks like SAS will remove it…
ANTIVIRUSGT.EXE
http://www.superantispyware.com/malwarefiles/ANTIVIRUSGT.EXE.html
VirusTotal - 9/42 - ( Submission date:2010-07-31 )
http://www.virustotal.com/file-scan/report.html?id=822a7c2fff1b8caa2ff95df4e28b8825d77b25388ff4ce7d53daaaf2aef350e3-1280578075
Remove AntivirusGT (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-antivirusgt
Hi Polonus, very detailed post- thank you but unfortunately while I did manage to get MBAM to scan and remove AntiVirusGT- the removal left my system unable to startup. Hence my question as to why Avast 5 did not detect or clean it and has this AntiVirusGT been now added to the Avast virus signature database?
One other thing- I know that Avast it not perfect, but I do find it strange that we are in Avast Forum discussing how to remove malware using a different tool - MBAM? Maybe Alwil will add MBAM to its product range now?
Fake antivirus overwhelming scanners
http://news.techworld.com/security/3203072/fake-antivirus-overwhelming-scanners/
The reason for the growth in numbers is what is known in technical terminology as ‘polymorphism', an old defence technique which involves changing the binary checksum of every copy (or download) of a piece of malware. This makes it much more difficult for antivirus programs to detect the programs.
Pondus are you basically saying Avast 5 will never be able to stop ‘polymorphic’ malware? The folks at SAS now appear to have cracked it - so are you indicating that Avast team will not attempt to follow suit?
an old defence technique which involves changing the binary checksum of every copyNo, avast! and everyone else are are doing the best they can.......and so are the bad guy`s