Antivirus Software Is Destroying My Computer

Discussion in 'Virus Information' started by Rebecca Chung, Mar 4, 2010.

  1. I'm not sure what exactly is causing this, but Windows Defender keeps popping
    up messages like this:
    "Application cannot be executed. The file wuauclt.exe is infected. Do you
    want to activate your antivirus software now?"
    When I click on it, it opens up something called "Antivirus Soft", which
    pretty much tries to get me to buy it without solving anything.
    "Antivirus Soft" icons keep multiplying (I've let it multiply up to fifteen
    of them) on my notification area, but if I move my mouse over them, they all
    disappear.
    I cannot run any programs (i.e. Microsoft Word, Ultimate Zip, etc.), because
    the same message keeps popping up that whatever application cannot be
    executed, because the file is infected, do I want to activate my antivirus
    software... yeah.
    The only thing that works at least, thank goodness, is Firefox.

    I've run my Windows Defender scan on my computer, but it tells me nothing is
    wrong (when obviously something is).
    When I tried downloading other virus/spyware/malware software, such as
    Ad-Aware and Spybot, I AGAIN got the message that the application cannot be
    executed.

    So I'm in a bind. I can't do anything. I don't know if everything actually
    IS infected or if my Windows Defender software has some kind of malware on it
    - this "Antivirus Soft" thing, which I've never seen before - and I can't
    seem to remove it anyway.
    I can't uninstall programs either or use Task Manager...

    Anyway, I'm not tech-savvy at all, so I would appreciate it if someone could
    help me out... or if I should just head straight to the nearest computer
    doctor...
     
    Rebecca Chung, Mar 4, 2010
    #1
    1. Advertisements

  2. No, it didn't work. The same thing happened when I tried installing other
    malware software. The malware software couldn't be executed because the file
    was "infected".

    At this point, I'm pretty much resigned to shelling out the money to have
    someone repair it, as this malware is specifically preventing me from using
    software to remove it...
    But thanks for the suggestion. :)

    -Rebecca
     
    Rebecca Chung, Mar 4, 2010
    #2
    1. Advertisements

  3. For future reference, I found this link useful:
    http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft

    It looks like I have to do a bunch of other stuff before I can use the
    Malwarebytes software, so I'll try this once I have access to another
    computer and I'll report back. :)
     
    Rebecca Chung, Mar 4, 2010
    #3
  4. Rebecca Chung

    Jordon Guest

    Have you tried running Malwarebytes with Windows in Safe
    Mode?

    BTW, it would be beneficial if you'd quote the post you're
    responding to. Or at least the relevant parts of it.
     
    Jordon, Mar 4, 2010
    #4
  5. Rebecca,

    You could try running a antivirus rescue scanner from a WinPE boot disk.
    Antivirus has a poor track record (< 20%) when it comes to current malware.
    I have had better luck rescanning after a month. However, if it was my
    computer I would back up my personal data and then wipe the entire drive
    (including HPA or DCO, if any). Then reinstall. The only problem is, if
    you backup to a USB thumbdrive or like that may be infected in the process.
    So your fresh install will become reinfected when you restore your personal
    data. A better approach would be to ZIP your personal data up and then
    netcat the archive to another computer over the network. If you don't
    understand what I am saying then, yes, you need to hire someone.

    Regards,

    Rossetoecioccolato.
     
    RossettoeCioccolato, Mar 4, 2010
    #5
  6. Rebecca Chung

    David Kaye Guest

    That's not Windows Defender; that's malware putting up that message.
     
    David Kaye, Mar 4, 2010
    #6
  7. Rebecca Chung

    David Kaye Guest

    If you want to do it yourself, download Malwarebytes on another computer and
    copy it to a CD or memory stick or something and then install it on your
    computer while in safe mode. If it's the infection I think it is, safe mode
    is not affected. Then run Malwarebytes (without the update first) and clean
    things out. Then go back to regular mode, run Malwarebytes again and update
    it before scanning a second time.
     
    David Kaye, Mar 4, 2010
    #7
  8. Rebecca Chung

    David Kaye Guest

    That's now what *I* do. I remove these kinds of infections all the time
    without reinstalling Windows. By all the time I mean well over 95% of the
    time. It just takes some doing. It's such a hassle to reinstall programs and
    try to get everything back to the way it was that I specialize in removing the
    malware without reinstalling Windows.

    Sometimes you need to use the installation disk and boot to the recovery
    console or use an outside program (OS) such as BART-PE.
     
    David Kaye, Mar 4, 2010
    #8
  9. Rebecca Chung

    David Kaye Guest

    Typo. I meant to say that this is NOT what I do. Windows seldom needs to be
    reinstalled.
     
    David Kaye, Mar 4, 2010
    #9
  10. That's what I'm going to do (but Safe Mode with Networking).
    However, Antivirus Soft is not letting me download anything onto my infected
    computer, or run any programs I have, so I'm going to have to download rkill
    and Malwarebytes on a friend's computer later and transfer it with a flash
    drive to my computer...

    Sorry for not quoting properly!

    -Rebecca
     
    Rebecca Chung, Mar 4, 2010
    #10
  11. Rebecca Chung

    Leythos Guest

    It might not work - from a USB drive or other.

    I ran across a AV 2010 infected computer today, nothing would run (MBAM,
    SBS&D, SAS, TRJ6.8.1).... Strange thing what that it only infected
    domain user profiles, not the local admin/user profile - booted as local
    admin in safe mode, edited registry, rebooted in safe mode + networking,
    ran MBAM, it cleaned up some, rebooted - still hacked, could not open
    Task Manager, anti-malware tools... Uninstalled Symantec Corp 10 AV.

    Safe mode + networking again, installed Avira Antivir, set to highest
    detection modes, did a full scan, removed several trojans, rebooted, ran
    a full scan in normal mode, MBAM reinstall, update, run, removed about a
    dozen thigns... Loaded and ran SBS&D, no signs of anything now...

    3 Hours to clean a PC that could have been wiped and rebuilt in 2 hours.
     
    Leythos, Mar 5, 2010
    #11
  12. Rebecca Chung

    Phyllis Guest

    I have the same thing on my computer and I just completed the steps from
    Bleeping Computer website. No joy, when I went back into normal mode, here
    came the Antivirus Soft and all its warnings. You can't run any of
    antivirus, malware, spyware programs you have. It won't even let me update
    my TrendMicro antivirus. I guess my next step is to completely wipe it
    clean. I do have some personal files I would like to salvage but am afraid
    the crap will come with them. Don't know what to do next. This only
    happens when working in Internet Explorer. I can use Firefox just fine.
     
    Phyllis, Mar 5, 2010
    #12
  13. Rebecca Chung

    David Kaye Guest

    MalwareBytes will install in Safe mode and get the current database if you
    invoke Safe mode with networking. Forget Trend. Trash it. Install Avast
    when you're done. Run MalwareBytes at least twice to be sure it got
    everything. Dunno why it happens; maybe MB uncovers some kind of layers of
    malware or something, but sometimes you have to run it twice.

    But in most cases MB will operate just fine in Safe mode no matter what the
    malware says. The other day, "System Security" malware tried to tell me that
    it couldn't launch MB, but MB was running right under the warning box!

    It helps if you can roll back the registry MANUALLY (using an external boot
    disk) back to at least a week before the infection. Remember to get all 5
    files: system, security, software, sam, and default.
     
    David Kaye, Mar 7, 2010
    #13
  14. Rebecca Chung

    Leythos Guest

    I've found that the latest malware will not let any of the major players
    run at all, including MBAM.
     
    Leythos, Mar 7, 2010
    #14
  15. Is rkill ineffective yet?
     
    FromTheRafters, Mar 7, 2010
    #15
  16. From: "Leythos" <>



    | I've found that the latest malware will not let any of the major players
    | run at all, including MBAM.


    Copy MBAM.EXE to sominthing other like leythos.com
    Then run leythos.com
     
    David H. Lipman, Mar 7, 2010
    #16
  17. Rebecca Chung

    Leythos Guest

    Doesn't matter, name them anything, still won't run. Seen this on about
    a dozen machines in the last 2 weeks.
     
    Leythos, Mar 7, 2010
    #17
  18. Rebecca Chung

    David Kaye Guest

    I ran across that a couple times but not lately. I found that renaming the
    installer and then renaming the real executable helps.
     
    David Kaye, Mar 7, 2010
    #18
  19. Rebecca Chung

    David Kaye Guest

    Then try rolling back the computers to way before the infection started.
    Again, do it manually by copying the files since chances are that the malware
    isn't going to allow you to use the restore tool.
     
    David Kaye, Mar 7, 2010
    #19
  20. Rebecca Chung

    Phyllis Guest

    So what can one do? It won't let me system restore. I was going to wipe it
    clean, but I have to do that from Factory PC Restore that is also on my
    computer and it won't let me do that either. This is my old desktop that I
    have had for 5 or 6 years and if I made a restore CD when I got it, I don't
    know where it is at this point. Whatever this thing is it has complete
    control of my computer. It won't let me open anything, says files are
    corrupt. TrendMicro Internet Security keeps blocking Win 3/Nugel.E virus
    also. Can I do the PC Restore thing in Safe Mode?
     
    Phyllis, Mar 7, 2010
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.