My grandson and a friend were on my daughters’s PC looking for music downloads. Somewhere on the www they got ambushed. I had previously installed avast home edition on her PC but it did not stop the bad guys(I don’t know if grandson was directed to disable avast by ambusher). ECO Antivirus is on the PC all the time with warnings and such and avast wont run or start during reboot. I wanted to do a boot scan but can’t schedule it. I found a file, using windows safe mode, in Documents and Settings\All Users\Application Data\8de96d5\WI8de9.exe and deleted it, but during restart it all reappeared. When I tried to get to www.avast.com the browser was like disabled by the ambusher. Her PC is using windows XP. I put avast home edition and mozilla firefox on it previously and it all was running fine. Not going to pay ransom.

You can’t run two antivirus at a time. avast won’t install properly. I never heard about ECO Antivirus.
If you uninstall it (disable is not enough), you can install avast (at least test).
Is her PC with XP x64 or x32 bits?

ECO Antivirus/Additional Guard has taken over PC uninvited. It is not listed on control panel’s add or remove software. I cannot uninstall it or disable it. I do not know if 64 or 32 bit.

found this via google:
Eco Antivirus, also called as Eco Antivirus 2010, is a revamped version of the notorious Green AV, which was tremendously popular a few months back. Just like it’s predecessor, Eco Antivirus shares the premise of being an eco-friendly anti-virus program, which reduces energy emission by making the system more efficient. Eco Antivirus is already popular, which begs the question of whether the eco thing is what people are looking for these days when they choose security software. Thankfully for the human race, Eco Antivirus is not usually downloaded and installed like a normal AV would, but rather distributed by trojans, which come in the form of fake downloads online. This parasite is not unlike any other rogue in the sense that it uses misleading information to trick people into purchasing it’s “licensed version”.

Once inside, Eco Antivirus does a number of things to protect itself from removal. It blocks legitimate security software, hijacks the browser, and disables useful system services, including Task Manager, System Restore, Safe Mode, and Registry Editor. After doing that, Eco Antivirus is free to sell promote it’s product, which it does by displaying popups and fake system notifications, and performing fake system scans. The popups and the scans convey one message – the system is supposedly infected and in desperate need of security software. Eco Antivirus’ scans find tons of worms, trojans, adware, spyware, etc., and the punchline is this – want them removed? – pay money.

Hi drjones46, wElcome to the forum

According to this removal guide, Malwarebytes AntiMalware is able to remove this rogue…
http://www.bleepingcomputer.com/virus-removal/remove-eco-antivirus-2010

So follow the steps outlined by essexboy regarding MBAM:

Hope this helps,

-Scott-

Eco Antivirus 2010 is a rogue malware application, see http://roguedatabase.net/RogueDL.php.

If you haven’t already got this software (freeware), download, install, update and run it and report the findings (it should product a log file).

• 1. MalwareBytes Anti-Malware, On-Demand only in free version http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe, right click on the link and select Save As or Save File (As depending on your browser), save it to a location where you can find it easily later. - 2. SUPERantispyware On-Demand only in free version.

Don’t worry about reported tracking cookies they are a minor issue and not one of security, allow SAS to deal with them though. - See http://en.wikipedia.org/wiki/HTTP_cookie.