Mother's computer infected with "AV Security Suite"

Hello everyone, I recently got my computer fixed with help from this forum, thank you guys so much! :slight_smile:

But just yesterday, my mother’s netbook got infected with something called “AV Security Suite.” It basically said that every web page she visited (including google, out internet provider’s website, etc.) was infected, and it would redirect her to pornography sites at random.

I managed to download MalwareBytes and run a quick scan (the log is attached to this post) and the AV security suite seemed to go away, but then she could not get onto internet explorer. So just a few minutes ago, I installed Firefox on her computer by transferring the install setup file via a flash drive from my computer to hers and we can now access the internet again.

I also ran an OTL scan - the two logs produced from that are also attached from this post.

I would like to know whether or not my mother’s netbook is still infected, and if it is, what I should do to get rid of whatever is infecting it.

Thank you :slight_smile:

How to remove AV Security Suite (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-av-security-suite

see step 4-5-6-7

did it work ?

you should also update MBAM and scan again to see if it comes up clean

Hi lets remove the proxy and see if it works ;D

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1039
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\Temp\~os12.tmp\pmropn.exe"=-
"C:\WINDOWS\Temp\~os6.tmp\pmropn.exe"=-
"C:\WINDOWS\Temp\~osE.tmp\pmropn.exe"=-
"c:\program files\premieropinion\pmropn.exe"=-

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS] 
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Hello, here are the logs that were produced. One of the logs popped up immediately after the computer rebooted, and the other is from the OTL quick scan (I forgot to input any custom parameters for the quick scan, I can go back and redo it if you want).

Also, I uninstalled Internet Explorer 7 (what my mother had installed during the virus attack) and installed Internet Explorer 8 before essexboy posted his reply.

The scan came up clean :slight_smile:

What problems do you have remaining ?

I don’t see any more problems, but I will know more by tomorrow. How do the logs look?

P.S. - Mom says thank you :slight_smile:

Not to bad - MBAM took most of it out

Once you are happy run OTL and hit the cleanup button and it will disappear ;D