Windows Anti-virus 2011 removal

J

Joker37

New Member
How do I remove this from my computer? Anybody know?

In my other computer account it stops me from accessing the internet in that account.
 
You will need to download these files from a non infected computer to a flash drive and then run transfer them to the infected computer.

You will need to run rkill first, it will put up a log when its done running and then you can install malwarebytes, update it and run it.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com but DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
 
johnb35 said:
You will need to download these files from a non infected computer to a flash drive and then run transfer them to the infected computer.

You will need to run rkill first, it will put up a log when its done running and then you can install malwarebytes, update it and run it.

Please download Malwarebytes' Anti-Malware from here or here and save it to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version. Please keep updating until it says you have the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • A log will be saved automatically which you can access by clicking on the Logs tab within Malwarebytes' Anti-Malware

If for some reason Malwarebytes will not install or run please download and run Rkill.scr, Rkill.exe, or Rkill.com but DO NOT reboot the system and then try installing or running Malwarebytes. If Rkill (which is a black box) appears and then disappears right away or you get a message saying rkill is infected, keep trying to run rkill until it over powers the infection and temporarily kills it. Once a log appears on the screen, you can try running malwarebytes or downloading other programs.



Download the HijackThis installer from here.
Run the installer and choose Install, indicating that you accept the licence agreement. The installer will place a shortcut on your desktop and launch HijackThis.

Click Do a system scan and save a logfile

Most of what HijackThis lists will be harmless or even essential, don't fix anything yet.

Post the logfile that HijackThis produces along with the Malwarebytes Anti-Malware log
Click to expand...



This is good info but make sure you run it while your computer is in safe mode.
 
johnb35 said:
You will need to download these files from a non infected computer to a flash drive and then run transfer them to the infected computer.
Click to expand...

Do I have to use a different computer?

I can still access the internet with one of my accounts without the virus popping up and block internet connection. And I tried this on the infected computer (which I'm using right now) and I already have malewarebytes but for some reason it's not working. When I click the icon nothing happens. I also can't uninstall or reinstall a new one for some reason too. Could it be because of Windows Anti-virus 2011?
 
Joker37 said:
Do I have to use a different computer?

I can still access the internet with one of my accounts without the virus popping up and block internet connection. And I tried this on the infected computer (which I'm using right now) and I already have malewarebytes but for some reason it's not working. When I click the icon nothing happens. I also can't uninstall or reinstall a new one for some reason too. Could it be because of Windows Anti-virus 2011?
Click to expand...

if you still have internet access on the infected computer and can download files then yes you can use it. If you don't have internet access then use a different computer that isn't infected which should be easier then using an infected computer. The reason why you can't open malwarebytes is because the infection is stopping it from opening, hence the reason to download and run rkill.

Joker37 said:
And what do you mean by flash drive?
Is that just a fancy word for a USB?
Click to expand...

Usb flash drive so that you can transfer files between computers.
 
Boot to safe mode and then download and run combofix from another computer and put on a flash drive and transfer it to the infected computer and run it.

Download and Run ComboFix
If you already have Combofix, please delete this copy and download it again as it's being updated regularly.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.


In your next reply please post:
  • The ComboFix log
  • A fresh HiJackThis log
  • An update on how your computer is running
 
johnb35 said:
Boot to safe mode and then download and run combofix from another computer and put on a flash drive and transfer it to the infected computer and run it.
Click to expand...

Johnb35, I went to my local library about an hour ago and tried downloading those things but I couldn't. Instead in a new window the following message showed up:

-
YOUR ORG NAME Access to the page:

http://download.bleepingcomputer.com/grinler/rkill.scr

... has been denied for the following reason:

Banned extension: .scr

Categories:

Banned extension



You are seeing this error because what you attempted to access appears to contain, or is labeled as containing, material that has been deemed inappropriate.

If you have any queries contact your ICT Coordinator or Network Manager.
 
johnb35 said:
Boot to safe mode and then download and run combofix from another computer and put on a flash drive and transfer it to the infected computer and run it.
Click to expand...

I tried downloading all those things, saving them on a USB using an uninfected computer and then transferring them to my infected computer. However they don't seem to be running on my computer.

rkill sort of worked, the black window does show up but it keeps closing.

Do you know whether there is anyway to get rid of this infection my computer has?

By the way it's called "XP Anti-virus 2011" not "Windows Anti-Virus 2011". I made a mistake in the post above. I think I also have "Animalware" but how can I get rid of these? Is there any other possible way?

What should I do?
 
When you run rkill and it immediately closes, all you need to do is keep running it until it overpowers the infection and then completes. It may also help to boot to safe mode and run rkill. However, download this version of rkill and see if it runs without the infection stopping it.

http://download.bleepingcomputer.com/grinler/iExplore.exe

NOTE: DO NOT reboot the machine after running rkill or you will reactivate the infection. Immediately after running rkill and getting a log, run malwarebytes making sure you update it first.
 
johnb35 said:
When you run rkill and it immediately closes, all you need to do is keep running it until it overpowers the infection and then completes.
Click to expand...

Are you sure about this?

And how many times am I expected to run rkill before it completes.
How do I know it's working on my computer?

Whenever I double-click the rkill icon on my desktop 3 error messages pop saying the installation failed. But then the black box appears and then the message "Access is denied" appears a lot in the black screen. Are you sure this is normal? And I have to keep running it how many more times?

I think maybe it's not working, but I'm not sure and I don't know how I'm supposed to know.
 
Last edited:
It could take several times of running it in succession until it works. Did you try the last link I posted? Have you also tried in safe mode?
 
if you change the .exe file name to something different then the mbam it will install and do the update... I tried it today and it worked for me!
 
You must log in or register to reply here.
Back
Top