Uninvited Programme

Howard Warehand · From: Hertford, United Kingdom

After browsing the web I realised that I had collected an uninvited small programme, an icon on my desk top and in the task bar(at the bottom of the screen). It is a link to "Antivirgear.Com" in Latvia!! trying to frighten me into buying their spyware products. I have successfully deleted the small resident programme and the desktop Icon but I am not sure how to delete the icon in the task bar. It still links me to their site and now and again produces a "Speech Bubble" describing how dreadful it would be without their protection!!!!. I run XP Home edition with Norton 2007 AntiVirus and a full system scan shows I'm clear so now it is just so annoying that I cant get rid of this intruder. Advice would be most welcome please.
Regards, Howard.

Dave Potter · From: Texas

Norton isn't seeing it as anything untoward, thus, no alerts. Adequate reason to dump Norton and download and run one of the better, and free, anti-virus apps, like Avast or AVG (which I use).

But, back to the point and your question, from your description, there's still something running in the background that needs eliminating. That's why it's showing up in your taskbar and doing the "bubble" thing.

I Googled "antivirgear" and got lots of hits. It's apparently related to a trojan variant, and it's invasive and pervasive, meaning you probably still have a lot of files and registry entries on your system you need to get rid of. Removal will probably be tedious and time-consuming.

Of the many Google hits I found, I looked at a few and thought this one looked like a good way to start. Good luck.

Howard Warehand · From: Hertford, United Kingdom

Dave
Very grateful for your advice and information links, looks like a midnight oil job. To be fair to Norton, the autoprotect log does show the following activities took place at the time of the "download":
Trojan.Zlob. Detected and Deleted.
Trojan.ZlobN. Detected and Deleted.
AntiVirGear. System access denied.
Does this alter things or am I still in trouble??
H.

Wiz Feinberg · From: Mid-Michigan, USA

Howard;
Download SpyBot Search and Destroy, install and thoroughly update it to current definitions, then "Immunize" then "Check for problems," then Select all problem files and "Fix selected problems." If you are unfamiliar with the program see my blog entries about Spybot and read the articles and my extended comments for directions.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog

Dave Potter · From: Texas

Wiz Feinberg · From: Mid-Michigan, USA

Spybot is able to rerun before the Windows "Explorer" desktop loads, after you reboot, after running Spybot the first time. By running a scan before the malware is able to load into memory access restrictions imposed by the malware are bypassed.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog

Howard Warehand · From: Hertford, United Kingdom

Dave/Wiz
My grateful thanks to you both, I reckon with this information I will be able to sort it out. Thanks again, Howard.

Al Marcus · From: Cedar Springs,MI USA (deceased)

This is good information for all of us relatiing to computers. Thanks Wiz....al. Smile

_________________
Michigan (MSGC)Christmas Dinner and Jam on my 80th Birthday.

My Email.. almarcus@cmedic.net
My Website..... www.cmedic.net/~almarcus

Forum Index > Computers		Next oldest topic :: Next newest topic

All times are GMT - 8 Hours	Jump to: