Rogue - Antivir detection?

My friend has the rogue Antivir on his computer. So far he has not been able to remove it.
He has Norton on his computer, and it did not alert and has not detected it on a scan.
SAS detected and romoved some entries, but when he rebooted and went to the internet it blocked Major Geeks site to download Malewarebytes. I wonder if it may be in his Restore program?

Does Avast detect, prevent infection or remove antivir?
I am trying to find an AV that does that if any do. It may be that no Av catches it due to the type of malware it is, but SAS did find it on a scan while Norton did not.
Thanks,
Jerry

Malwarebytes does detects this rogue and removes it I have tested against Avast 5 IS and it failed to detect.

Try to download Malwarebytes from here http://www.filehippo.com/download_malwarebytes_anti_malware/

Remove Antivir (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-antivir

ICR and Pondus,

Thanks, we are working in that direction. The malware prevented downloading MBAM, but he is going to use his laptop for the download then put it on a CD and install it on his desktop.

Best regards,
Jerry

this works when malwarebytes fails which is rarely but i have used this, Remove Fake Antivirus 1.57 here is the developer Olzen’s blog page with download link, http://freeofvirus.blogspot.com/

I had been using the free version of MBAM, but decided to buy it.
Do you think MBAM would have caught and stopped the rogue antivir if it had been on his computer in real time?

Evidently AVs do not detect this one. That seems strange to me, and especially when AV suites are used.

Thanks,
Jerry

It’s still considered malware, and not a virus, so A/V’s can’t always detect them. Hopefully the suite’s or just the plain A/V’s will be able to detect these in the future. They’re becoming more of a problem, especially since many new ones are being created

Thanks for the reply. For some reason I had thought that suites included anti-malware modules in addition to AV modules. So I had thought that a suite pretty well took care of all types of malware. Obviously I was mistaken. For me the line is somewhat blurred as I am not very knowledgeable here, and do not know what separates one from the other.
I have asked the question as to whether the AV will do the job on this particular malware, and so far none have replied that their Av/suite will.

As a result, this morning I purchased MBAM to run alongside of my primary AV application. Thanks again. I had rather prevent infection than have to clean it.

Regards,
Jerry

:slight_smile: Hi Jerry :

In your friend’s situation, I would try “renaming” “mbam-setup.exe” during the
Download, but not after to something like “Igotyou.exe” . Then try running the
program in the usual way, but clicking on the “Igotyou” icon to install, then
updating the program PRIOR to running a Scan .

Thanks, Spiritsongs. I’ll pass that on.
I had not thought of that.
Regards,
Jerry

sometimes the malicious software knows not to run anything but windows core services, so trying to rename to something like winlogon.exe or something like that is the only thing that will allow MBAM to run. Igotyou.exe might work, but only for viruses that are just specifically looking for mbam-setup.exe, and nothing else.

I have never tried to rename an application, and am not sure how to do it.
Do I do it by changing the name when it asked me if I want to save, and then it gives a location and the name is in a block? After that it downloads.

When I open the exe will I have to rename again or is it OK as is?

Thanks,
Jerry

You can change the name when you first download the file, or just click the name of the file, then shortly after click it again.

or, right-click the file, and click rename.

Went to his house this morning with MBAM on a disk. We had no trouble loading it as we were not on the internet. It seems that the pop ups only occurred when on the internet.
We installed MBAM, and without going online to update, ran a quick scan. It identified the rogue and removed it.

Really easy when you get the right application.
Thanks for the help, All.

Regards,
Jerry

Glad you got him cleaned up. Although MBAM is right for most applications, sometimes it doesn’t work. Again, glad you got rid of it. come back anytime.