• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

My dad's computer has AntivirusGT!

Travis

Misanthrope of the Mountains
Travis
Joined
Mar 31, 2007
Messages
24,133
It's proven to be a real bugger. It disabled his real anti-virus system and Malwarebytes can't seem to do anything with it. It blocks access to any website with anything antivirus related content.

I think my dad's comp might be royally screwed. It's older and I don't think he has any recovery discs.
 
Have you tried downloading some antivirus software on another computer, putting it on a flash drive, and using that to install it on your dad's computer?
 
at start up
hit control alt del keys
go to task manager
stop every program you can

keep stopping them
some will restart themselfs a few times
once they stop 5 10 minutes
try malwarebytes again
or hijack this
 
SkeptiChick said:
Have you tried downloading some antivirus software on another computer, putting it on a flash drive, and using that to install it on your dad's computer?
Click to expand...

If I were to do that what would be the optimum program to use?
 
Open a command prompt (cmd.exe) and try
reg del HKEY_CURRENT_USER\software\EVA50C

reg del HKEY_CURRENT_USER\software\WinV2

reg del HKEY_CURRENT_USER\software\Microsoft\Windows\CurrentVersion\Run, "AVGT"

Then delete: paste the first bit into explorer then delete the named file
%ProgramFiles%\AVGT AntivirusGT.exe
%AllUsersProfile%\Start Menu folder called AVGT
%UserProfile%\Desktop\ AntivirusGT.lnk


eta: for some reason there's a rogue space in "Current" when I view this post but not when I edit it
 
The majority of these fake AVs can be defeated by booting into safe mode and running Malware Bytes.
 
If all else fails...
If you can get into the BIOS, reset the computer to boot first from a CD.
Then get some nice person to make you a bootable Linux CD and use the Linux OS, running from the CD, to salvage any files from the PC to a USB drive.

Then reformat the hard drive and install Linux from the CD.

If you can get hold of an OEM XP disc (I guess that's the OS) install that instead.

Various bootable Windows discs can be made from the internet too.


ETA- A bootable Linux cd is an ideal way to give a not remotely computer savvy person a safe internet experience.
The CD cannot be written to by malware, so a simple reboot clears any memory infestation and it's good to go.

Downside is that every bit of software on the net wants to upgrade itself every ten minutes. Obviously that ain't going to happen.
If your dad's usage is restricted to basics, that may be no problem
 
Last edited:
have you tried system restore? It worked with me.

If that fails, then go for a reformat.
 
Good luck Travis, it looks like Wudang told you the files to knock out in safe mode. Playing with the registry can be deadly but effective. I would try zapping the processes in safe mode and then running M-bam, but you may not have much luck.

There is this at Bleeping Computer

So in safe mode I would delete

C:\Program Files\AVGT\

but first you have to stop the process
antivirusGT.exe

Bleeping says these are the files
c:\Documents and Settings\All Users\Start Menu\AVGT\
c:\Documents and Settings\All Users\Start Menu\AVGT\AntivirusGT.lnk
c:\Documents and Settings\All Users\Start Menu\AVGT\Uninstall.lnk
c:\Program Files\AVGT\
c:\Program Files\AVGT\antivirusGT.exe
%UserProfile%\Desktop\AntivirusGT.lnk


and these are the registry entries
HKEY_CURRENT_USER\Software\EVA246
HKEY_CURRENT_USER\Software\WinFD
HKEY_CLASSES_ROOT\CLSID\{3304F17F-732C-4AC6-BF67-DBDC8B88C11F}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3304F17F-732C-4AC6-BF67-DBDC8B88C11F}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AVGT"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-EVI 05.07.2010"


But first just see if you can zap that process in safe mode and then run M-bam.

http://www.prevx.com/filenames/X2265270113941131437-X1/ANTIVIRUSGT.EXE.html

Would indicate it is a keylogger but it doesn't make remorte calls.
 
I recently used ultimatebootcd dot com to recover a hard drive.

It has the facility to do Anti Virus sweeps. Obviously you'll need to create a boot CD from a clean PC.

Good luck.
 
Download HiJackThis (HJT) and scan. Then join the Maleware AntiMalware Bytes forum and post the HJT scan result in the help forum. If you don't receive a reply in three days post only a link in the Bump Room to your original post.
As suggested you can run MBAM in safe mode without interference.

Unless you know exactly what you are removing by editing the registry don't edit. You can cause yourself much greater headaches if you do. Viruses place files all through the registry and deleting them manually may or will not get rid of the virus.

I recently caught a nasty virus and I am receiving help. Let knowledgeable people assist you.

BTW if you've not defraged this harddrive in some time do so before running MBAM. The scan will take less time.
 
Last edited:
This is where I strongly recommend that anyone who has a Windows computer also have a Windows PE CD.
 
The Central Scrutinizer said:
Get a Mac
Click to expand...

Their day is coming, the reason they don't get viruses is not because they are better, it is because they are fewer, people break the MAC OS all the time, but you can't get as many credit cards or zombie minions with MACs, so they go for the money and the PCs.

Seriously that is why MACs don't get as many viruses, not because they are 'better', now that stated they are really cool.
 
Well, my dad says he is probably done with that pc and went out and bought a new one. He'd been wanting to upgrade for awhile anyways.

I, of course, gave him a list of anti-virus programs to install right away.....in the end he went with one provided by his ISP. I guess they use CA.
 
Let's face it, after a series of increasingly frustrating sessions on a PC- especially with "ghosty" problems that come and go- we all start thinking "Time to replace this".
And what gadget freak needs more than an excuse?
It must be the biggest single "selling point" in the PC business.
But these days I find it's increasingly a daft decision, because you don't get a clean machine anyway and if you do, it's impossible to keep it that way.

It's not malware that's the problem.

You unpack the box, pausing to inhale the unpolymerised monomers. You plug it in, turn it on...and what?
OS Registration. Go online. Immediately, M$ has half a dozen critical updates. Adobe need to download the latest version of Reader. Which you should register. But you can't, because you need the latest version of Flash and Java and Javascript and you have three popups telling you about upgrading an HP printer driver and...and... you go to the pub and just leave the damn thing to chat to it's friends on the internet.
 
You must log in or register to reply here.

Back
Top Bottom