i have a virus that gose by the name of ''antivirus securty pro''.

Viruses and worms
1

hello. i have had a bad virus on my PC for some time now, and have removed it time and time. or so i thought. and it only comes back worse then before. now i can no longer use anything on my PC. every time i open any program, or even a flash drive, a small window by the name of ‘‘antivirus securty pro’’. comes up and stops the program. even if i restart my PC in safe mode it will always power down. pleas help me.

2

seems you are infected with a rogue security program

follow guide here and attach logs (not copy and paste). http://forum.avast.com/index.php?topic=53253.0

run in order listed
AdwCleaner / Malwarebytes / OTL / aswMBR

when done, removal experts will be notified
when finish, all tools used will be removed

3

Hi,

I don’t need the logs Pondus asked, let’s get straight to the point.

Go to this topic → http://forum.avast.com/index.php?topic=53253.0 , and follow the guideline that starts from If you cannot Boot the computer, and attach FRST report.

4

I’m sorry it took so long to reply and I thank you both for the speedy reply. I was wondering if it was at all possible if I could use a flash drive to boot from, instead of a cd. Thank you for any answer.

5

It is possible. Tell me what is the version of your system? Windows XP/Vista/7/8, and tell me the architecture x86 or x64?

6

It’s windows 7 and I believe it’s x64. I can’t get on the pc to double check, So I am sorry i can’t say for sure.

7

Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.

[*]Plug the flashdrive into the infected PC.
[*]Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer
[*]Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.

[*] In the command window type in notepad and press Enter.
[*] When notepad opens, click File and select Open.
[*]Select “Computer” and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter.

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run. When the tool opens click Yes to disclaimer.
[*]Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please attach it to your reply.

8

I’m afraid I might be wrong about which version of windows I have. I press f8 and it doesn’t take me to an advanced menu, it takes me to a boot menu.

9

Is only one system installed, or more of them? Is it branded computer, and which one? Did you try to repeatedly press F8 until menu shows?

10

My brother helped put the system togethor, and until recently I hadn’t been able to get in touch with him to ask some of these questions. But Now I can, and here’s what he said about the build.

Of course since he helped to build it, it’s not a branded computer, but the motherboard is a ASUS motherboard (M4A87T AM3 AMD 870) and it’s only one system, Which is windows 7 64 bit.

When I press f8, It takes me to the boot menu and I’m not exactly sure if that’s where I need to be or not. It wasn’t the advanced menu and it didn’t show anything that you were describing, so I figured that it wasn’t what I was supposed to be seeing. But I did press F8 until a menu popped up, and I tried it a few times.

11

There has been a lot of family health issues in my family as of late, but I’m happy to say that I’ve finally had the chance to grab a burnable dvd and boot from it. I ran the farbar scan tool and now have the log to show for it. Sorry it took me so long to get this back to you.

12

Open notepad.

[*]Click Start
[*] Type notepad.exe in the search programs and files box and click Enter.
[] A blank Notepad page should open.
[] Copy/Paste the contents of the code box below into Notepad.

HKLM\...\Run: [AS2014] - C:\ProgramData\7sXnp3Xs\7sXnp3Xs.exe [538112 2013-10-30] ()
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,,C:\ProgramData\7sXnp3Xs\7sXnp3Xs.exe -sm,
C:\ProgramData\7sXnp3Xs
HKU\Chase Maxwell\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\Chase Maxwell\...\Run: [AS2014] - C:\ProgramData\7sXnp3Xs\7sXnp3Xs.exe [ 2013-10-30] ()
C:\Users\Chase Maxwell\Desktop\Antivirus Security Pro.lnk
2013-12-09 17:06 - 2013-10-30 23:20 - 00000118 _____ C:\Users\Chase Maxwell\Desktop\Antivirus Security Pro support.url

[*] Save it to your USB flashdrive as fixlist.txt

Boot into Recovery Environment

Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens …

[*] Press the Fix button once and wait.
[*] FRST will process fixlist.txt
[*] When finished, it will produce a log fixlog.txt on your USB flashdrive.

Exit out of Recovery Environment and post me the log please.

Try to boot Windows normally…

13

Ok, I just got through running the FRST program and I’ve posted the fixlog down below. I also tried running windows and booted it up normally, which it seemed to do. Before it wouldn’t come on at all, this time it just took a few moments before it finally came on. It was a black screen for a bit.

14

Good, now run FRST from normal mode, make sure to tick Addition box and press Scan.

Attach both reports.

15

Alright, I ran the frst program in normal mode and have attached the files down below. I hope they help!

16

1. Open notepad and copy/paste the text present inside the code box below.
To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
C:\Program Files (x86)\Pando Networks
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Browse For Change - C:\Users\Chase Maxwell\AppData\Roaming\Mozilla\Firefox\Profiles\uqy4fjls.default-1369017205415\Extensions\browseforchange@browseforchange.com
C:\Users\Chase Maxwell\AppData\Roaming\Mozilla\Firefox\Profiles\uqy4fjls.default-1369017205415\Extensions\browseforchange@browseforchange.com
FF HKCU\...\Firefox\Extensions: [module@com.arcadesafari.firefox] - C:\Users\Chase Maxwell\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox
FF Extension: Arcadesafari - C:\Users\Chase Maxwell\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox
C:\Users\Chase Maxwell\AppData\Local\Arcadesafari\module@com.arcadesafari.firefox
CHR DefaultSearchKeyword: feed.helperbar.com
CHR DefaultSearchURL: http://feed.helperbar.com/?publisher={Publisher}&dpid={DownloadProvider}&co={CountryTwoLettersISO}&userid={InstallationHashID}&affid={affid}&searchtype=ds&babsrc=lnkry&q={searchTerms}&installDate={installDate}
C:\Users\Chase Maxwell\AppData\Local\Google\Desktop\Install
cmd: netsh winsock reset
cmd: ipconfig /flushdns

2. Save notepad as fixlist.txt to your Desktop.
NOTE: => It’s important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

3. Run FRST/FRST64 and press the Fix button just once and wait.
If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
Note: If the tool warned you about the outdated version please download and run the updated version.

17

Alright, I ran it from the desktop and it looks like everything worked out well. The fixlog is posted below.

18

Good, one final check:

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.

[*]Click on the Scan button.
[*]After the scan has finished click on the Clean button.

Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.

[*]After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
[*]Post logfile will also be saved in the C:\AdwCleaner folder.

Then…

Re-run FRST, press Scan and attach fresh report.

Then…

Please download Farbar Service Scanner and run it on the computer with the issue.
[*]Make sure the following options are checked:

[*]Internet Services
[*]Windows Firewall
[*]System Restore
[*]Security Center/Action Center
[*]Windows Update
[*]Windows Defender

[*]Press “Scan”.
[]It will create a log (FSS.txt) in the same directory the tool is run.
[]Please copy and paste the log to your reply.

19

Alright, I ran the programs and have attached the logs below. I was unsure if I needed to add the other adwcleaner file, but I still can if you need it.

20

Please download ESET Services Repair tool, available here, and save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.
http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe
Post here fresh created logreports.