Richhs Posted November 23, 2010 Share Posted November 23, 2010 (edited) I recently worked on a computer infected with the rogue anti-virus application Antivirus 8 that corrupted several operating system files and disabled the task manager.The machine wouldn't boot into normal mode of Windows and was hanging while booting into safe mode as well.See this thread : posts number 8 & 9.After I got into safe mode, I navigated to the C:\Program Files\AV8\ directory and renamed the file av8.exe to av8.RID.The process was still running in the memory so the bogus pop-ups kept occurring, but it's easy to work around that.I then deleted the registry values :HKEY_CURRENT_USER\Software\A88547 (or something similar might be listed)HKEY_CURRENT_USER\Software\WinAE (or something similar might be listed)HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "AV8"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform "WinNT-A8I 23.09.2010"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe "Debugger" = "C:\Program Files\AV8\av8.exe -d" Then I deleted directories :C:\Program Files\AV8\C:\Documents and Settings\All Users\Start Menu\AV8\Here is some more info on files and registry keys associated with this nasty rogue, some of these files were not on the machine that I worked on :Uninstall Antivirus 8 ProcessesAntivirus8.exeAV8.exeDelete Antivirus 8 Files%Documents and Settings%\All Users\Start Menu\AV\Antivirus8.lnk%Documents and Settings%\All Users\Start Menu\AV\Uninstall.lnk%Documents and Settings%\[userName]\Desktop\Antivirus8.lnk%Program Files%\AV%Program Files%\AV8%Program Files%\AV\Antivirus8.exe%Program Files%\AV\Av8.exeRemove Antivirus 8 Registry FilesHKEY_CURRENT_USER\Software\Antivirus8HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “Antivirus8?HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antivirus8HKEY_CURRENT_USER\Software\A88246HKEY_CURRENT_USER\Software\WinFDHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AV8″HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform “WinNT-A8I 23.09.2010″HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe “Debugger” = “C:\Program Files\AV8\av8.exe -d”HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “AV8″=”C:\Program Files\AV8\av8.exe”HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exehttp://www.freeremovalofspyware.org/remove-antivirus-8Then I took care of the task manager problem :To re-enable the Task Manager I did this : 1. Click Start 2. Click Run 3. Type REGEDIT 4. Click OK The Registry Editor will now open 5. Browse to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Policies\system 6. In the right pane, look for the value: DisableTaskMgr 7. Right click DisableTaskMgr and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes. 8. Now browse to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\policies\system 9. In the right pane, look for the value: DisableTaskMgr 10. Right click DisableTaskMgr and select Delete. (When prompted with "Are you sure you want to delete this value", select Yes. 11. Close the Registry by choosing File | Exit 12. You should now be able to access Task Manager. If not, reboot into Safe Mode and repeat the steps outlined above. http://antivirus.about.com/od/windowsbasics/ht/taskmanager.htmAfter that I rebooted into the normal mode of windows and everything started as normal. More than likely, the system will be infected with other parasites as well... so the next step is to install and run several anti-malware apps to finish the job.Malwarebytes, Spybot Search & Destroy, and Emsisoft Anti-malware are a few of the anti-malware apps that I like to use.Hope this helps some of you out of this mess. Edited November 23, 2010 by Richhs Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now