How Do I Get Rid Of Win Antivirus??
I keep getting this message saying:
Windows Security Alert
Warning Potential Spyware Operation.
You computer is making unauthorised copies of your system and Internet files. Run full scan now to pervent any unathorised access to your files! CLick YES to downloard spyware remover.
The fact that there are spelling errors in the message told me that it is probably dodgy and the research that i have done online had led my to believe that it is a Win Antivirus program.
I have used AVG and Spybot with no success and when i tried to use Adaware my computer kept crashing.
I have tried to follow other forums with instructions on how to remove it manually but i havent been able to do it. Mostly because the virus seems to disable all regedit, control panel and task manager functions.
Here is the hijack this log: Somone please help!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:03 PM, on 9/25/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\printer.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\Googl…
C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\My Documents\My Received Files\HiJackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 – HKCU\Software\Microsoft\Windows\CurrentV… Settings,ProxyOverride = 127.0.0.1
F2 – REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\printer.exe
O2 – BHO: (no name) – {53707962-6F74-2D53-2644-206D7942484F} – C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: &Google – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – c:\program files\google\googletoolbar1.dll
O4 – HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 – HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [!AVG Anti-Spyware] “C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe” /minimized
O4 – HKLM\..\Run: [Winmplayer] “C:\WINDOWS\System32\KB_963491.exe”
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSC… /auto
O4 – HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\Googl…
O4 – HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot – Search & Destroy\TeaTimer.exe
O4 – HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User ‘Default user’)
O4 – Startup: system.exe
O4 – Global Startup: autorun.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: Wireless Configuration Utility HW.51.lnk = C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe
O6 – HKCU\Software\Policies\Microsoft\Interne… Explorer\Restrictions present
O6 – HKCU\Software\Policies\Microsoft\Interne… Explorer\Control Panel present
O7 – HKCU\Software\Microsoft\Windows\CurrentV… DisableRegedit=1
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCE…
O9 – Extra button: PartyPoker.net – {F4430FE8-2638-42e5-B849-800749B94EED} – C:\Program Files\PartyGaming.Net\PartyPokerNet\RunP…
O9 – Extra ‘Tools’ menuitem: PartyPoker.net – {F4430FE8-2638-42e5-B849-800749B94EED} – C:\Program Files\PartyGaming.Net\PartyPokerNet\RunP…
O16 – DPF: Yahoo! Pool 2 – http://download2.games.yahoo.com/games/c…
O16 – DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=3…
O16 – DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) – http://www1.snapfish.com/SnapfishActivia…
O16 – DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) – http://upload.facebook.com/controls/Face…
O16 – DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) – http://go.divx.com/plugin/DivXBrowserPlu…
O16 – DPF: {A7196C8E-35A5-4FF0-9E46-E28918B5CAF6} (GameDesire Domino) – http://67.15.101.3/g_bin/eng/domino_2_0_…
O16 – DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) – http://ax.emsisoft.com/asquared.cab
O16 – DPF: {BFA1F11D-3121-AFE1-4112-983219421AEF} (GameDesire 1Player Word Games) – http://67.15.101.3/g_bin/eng/wordssingle…
O16 – DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) – http://a532.g.akamai.net/f/532/6712/5m/v…
O16 – DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) – http://www.candystand.com/assets/activex…
O16 – DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 
– http://67.15.101.3/g_bin/eng/billard8_2_…
O20 – AppInit_DLLs: C:\WINDOWS\System32\systems.txt
O20 – Winlogon Notify: efcbx – C:\WINDOWS\System32\efcbx.dll (file missing)
O20 – Winlogon Notify: tustr – C:\WINDOWS\System32\tustr.dll (file missing)
O20 – Winlogon Notify: vtuurop – vtuurop.dll (file missing)
O20 – Winlogon Notify: winfiy32 – winfiy32.dll (file missing)
O20 – Winlogon Notify: winkoh32 – winkoh32.dll (file missing)
O20 – Winlogon Notify: winlxj32 – winlxj32.dll (file missing)
O20 – Winlogon Notify: winxrn32 – winxrn32.dll (file missing)
O20 – Winlogon Notify: xxwvs – C:\WINDOWS\System32\xxwvs.dll (file missing)
O23 – Service: AVG Anti-Spyware Guard – GRISOFT s.r.o. – C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 – Service: AVG E-mail Scanner (AVGEMS) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 – Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) – SEIKO EPSON CORPORATION – C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 – Service: Google Updater Service (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: iPod Service – Apple Inc. – C:\Program Files\iPod\bin\iPodService.exe
O23 – Service: LightScribeService Direct Disc Labeling Service (LightScribeService) – Hewlett-Packard Company – C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
–
End of file – 7271 bytes
WinAntispyware removalhttp://www.castlecops.com/postitle146598…
Winfixer/WinAntispyware popups removalhttp://forums.techguy.org/t401748.html
Smitfraud Variants including PestCapture, WinAntivirus Pro 2007,
and other similar Malware Removal Instructions and Helphttp://www.pchell.com/support/smitfraud.…
Best Answer – Choosen by Voters
Hi,
You should use “NoAdware”. It’s extremely effective. I don’t have anymore problem with spyware, pop-up, Trojan or computer viruses. I came across this software in PC World Magazine. Featured as the top spyware/ Trojan remover. Now, you can download and try for FREE. Check it out here:
http://tighturl.com/5z9
Someone doesn’t know what Google is. Here is the first result that popped up after searching “win antivirus”:
How to Remove Win Antivirushttp://www.spywareguide.com/spydet_2731_…
go to control panel
add/remove programs
then remove
Before your computer shows the Startup screen, press F8 and choose safe mode. Then go to add/remove and remove the trojan/virus. that’s probably why there’s spelling errors in windows alerts.
WinAntiVirus is a rogue anti-spyware program which is mostly ineffective at detecting and removing malware, which is usually marketed like something this:
“Many may have been surfing the net, going through mail, or just working on the internet when a popup like the ones below appear out of nowhere. Adware such as ErrorSafe and WinAntiVirus try to disguise themselves as a windows security prompt to trick people into downloading their software. ErrorSafe, WinFixer 2006, WinAntiSpyware, System Doctor 2006, WinAntiVirus Pro 2006, SysProtect, and similar software are ROGUE anti-spyware programs. They pretends to be a program that will help you fix windows problems, but really it reports false information to try to get you to purchase the program. It is a SCAM.”http://www.aceviper.net/WinAntiVirus_Pro…
The trojan that usually causes or caused these phony Windows Security alerts is usually a Vundo (AKA Virtumonde) trojan A good tool for removing it is VundoFix. Free at:http://www.atribune.org/content/view/24/…
MESSENGER SPAM !
you have messenger spam
NOT to be confused with your instant messenger/s
start
all programs
administrative tools
services
all services are in alphabetical order
Alerter–
right click
select properties
from drop down menu
select disable
Messenger–
same thing as above
these are ports left open in the XP windows version but closed in Vista.
hackers know this and ping for these open ports to install messenger spam spyware.
after disabling,run anti-spyware program/s