Creeping Death/Pure Evil

Talk about anything and everything
Post Reply
Terra
Pro but Noob
Posts: 118
Joined: Sun Nov 02, 2008 8:47 am
Location: Sunny England

Mon Mar 16, 2009 12:12 pm

:help: I am having serious problems with cascades of creeping death [AKA av360] in my computer, this thing is pure evil and i cant get rid of it - its a virus that keeps hiding from me and overriding my firewall and antivirus so it can do whatever it wants, [stealing personal info and passwords, modifying files and installing things without my permission] i know little about viruses, im told its similar to the attack on facebook recently and will destroy my C Drive if i dont destroy av360 first, ive been battling :boxing: this filth for like four hours today and got nowhere - please can anyone help? :help:
Image
DW_Damaged
DW Clan Member
Posts: 798
Joined: Fri Feb 22, 2008 12:00 am

Mon Mar 16, 2009 12:42 pm

Download combofix and run it. That should get rid of it. Make sure you follow the on screen prompts and let the program reboot your machine and when done it will display a report. Once this is done your av360 problem should be gone. It's more of a spyware issue than virus and annoying as hell but not as bad as some of the viruses that are out there.

http://www.combofix.org/
-1PARA-Queenie
1337 Haxor
Posts: 275
Joined: Sun Apr 20, 2008 11:00 pm

Mon Mar 16, 2009 12:53 pm

If damages thing doesnt work read this, cause i tried that when i had one and it didnt find the thing.

I got a virus/spyware/thing that acts exactly the same as AV360 does n it took me about a day n a half to get rid of it. Which involved raiding around my pc trying to find the files that were the virus/spyware/thing and deleting some registry keys it had created. My anti virus, which is AVG, my anti spyware and several things including combofix could not find it which is why i had to manually do it. After i done all that my pc went back to being normal. Aslong as you didnt actually go to the website it tells you to go to and buy the thing getting rid of it is fairly easy.


I found the files in C:\Program Files\Google there were 2 files in that folder that were part of the virus, they had like a little brick wall like icon. After i found them i managed to find the registry keys aswel which had part of the same file name in them. Where the files are on your pc may be different but id look there first. If they are not there try running a search for av360.exe and see if the pc finds it, AV wont find it as it just shows up as a normal .exe to the AV usually.

I use Hijack this ( http://majorgeeks.com/download5554.html ) to check my registry keys but i do not suggest doing things to your registry files without being 110% sure that it is the correct key you are deleting and know what you are doing.

If you do manage to delete the files n registry keys if your still getting pops ups saying "you have been infected blah blah blah" then there is still some part of the virus/spyware/thing on your pc.

Anyway i suck at giving instructions so maybe someone else can be of more help but hope this atleast gives you somewhere to start.
:compress:

:queen:
Image
DW_Damaged
DW Clan Member
Posts: 798
Joined: Fri Feb 22, 2008 12:00 am

Mon Mar 16, 2009 1:46 pm

RocketQueen wrote:If damages thing doesnt work read this, cause i tried that when i had one and it didnt find the thing.

I got a virus/spyware/thing that acts exactly the same as AV360 does n it took me about a day n a half to get rid of it. Which involved raiding around my pc trying to find the files that were the virus/spyware/thing and deleting some registry keys it had created. My anti virus, which is AVG, my anti spyware and several things including combofix could not find it which is why i had to manually do it. After i done all that my pc went back to being normal. Aslong as you didnt actually go to the website it tells you to go to and buy the thing getting rid of it is fairly easy.


I found the files in C:\Program Files\Google there were 2 files in that folder that were part of the virus, they had like a little brick wall like icon. After i found them i managed to find the registry keys aswel which had part of the same file name in them. Where the files are on your pc may be different but id look there first. If they are not there try running a search for av360.exe and see if the pc finds it, AV wont find it as it just shows up as a normal .exe to the AV usually.

I use Hijack this ( http://majorgeeks.com/download5554.html ) to check my registry keys but i do not suggest doing things to your registry files without being 110% sure that it is the correct key you are deleting and know what you are doing.

If you do manage to delete the files n registry keys if your still getting pops ups saying "you have been infected blah blah blah" then there is still some part of the virus/spyware/thing on your pc.

Anyway i suck at giving instructions so maybe someone else can be of more help but hope this atleast gives you somewhere to start.
:compress:

:queen:
Just an FYI, before you do anything that will modify your registry make sure to backup it up first. Click on Start/Run and type regedit and press enter. When the rgistry editor opens click on file then export and name the file backup (or whatever you want) and save it somewhere like your desktop. This way if you delete the wrong reg key you can always restore your registry.

I had the AV360 on a machine at work last week and combofix got rid of it.

Good Luck.
Terra
Pro but Noob
Posts: 118
Joined: Sun Nov 02, 2008 8:47 am
Location: Sunny England

Mon Mar 16, 2009 2:10 pm

I reinstalled spybot search and destroy since it wasnt workin properly and managed to eliminate the spyware problem, now i hav 3 infected files left and theyre all critical seriousness, I have now managed to move 2 of these to quarantine and they should be dealt with by tonite, but the other is a file which apparently is in permanent use and antivirus wont touch it until its inactive.
I have searched for said file where it should be but simply cannot find it, after removing the spyware my spybot asked permission to restart computer so as to render this file inactive but it fail everytime it tries - its something called RichVideoCodec ,what is this and why would it be in permanent use?

since this is an infected file i dont want it being used at all.
Image
DW_Damaged
DW Clan Member
Posts: 798
Joined: Fri Feb 22, 2008 12:00 am

Mon Mar 16, 2009 3:11 pm

Terra wrote:I reinstalled spybot search and destroy since it wasnt workin properly and managed to eliminate the spyware problem, now i hav 3 infected files left and theyre all critical seriousness, I have now managed to move 2 of these to quarantine and they should be dealt with by tonite, but the other is a file which apparently is in permanent use and antivirus wont touch it until its inactive.
I have searched for said file where it should be but simply cannot find it, after removing the spyware my spybot asked permission to restart computer so as to render this file inactive but it fail everytime it tries - its something called RichVideoCodec ,what is this and why would it be in permanent use?

since this is an infected file i dont want it being used at all.

The RichVideoCodec.OCX is a DLL file that is registered when your computer is started.

Try running Combofix to see if this can remove the file or files.

If not you will need to unregister the file or files before they can be removed. There are several ways to do this but you will need to know where they are located. Double click on My computer and then your C drive. Then click on Tools on the menu bar and scroll down to Folder options. On the view tab make sure Show hiden files and folders is selected. If its not then select it. Then click OK and close out the window. Do a search for RichVideoCodec.OCX.DLL to see if you can find it. Once you find it click on Start/Run and type CMD and press enter. You should be at the command prompt C:\

Now type in the full path to where the file is located
example
c:\cd documents and settings
now your command prompt will be
C:\Documents and Settings>
type cd all users
now your command prompt will be
C:\Documents and Settings>All Users
type cd application data
now your command promtp will be
C:\Documents and Settings>All Users>Application Data

If the file was in this directory path C:\Documents and Settings>All Users>Application Data then you would type this at the end of the path regsvr32 /u RichVideoCodec.ocx.dll

example
C:\Documents and Settings>All Users>Application Data regsvr32 /u RichVideoCodec.ocx.dll

a message should popup saying the file has been unregistered. You should now be able to either manually remove the file or run spybot to get rid of it. However if Spybot wants to reboot your computer the file will reregister itself and again Spybot will not be able to remove it.

I know it sound like a lot but its really not. But as always please be careful doing any of the steps as you can accidently make the problem worse. If you are not comfortable with doing these types of things find someone who is.

Hope this helps.
DW_Bomzin
Site Admin
Posts: 2241
Joined: Mon Dec 26, 2005 12:00 am
Xfire: bomzin
Location: Layton,Utah

Wed Mar 18, 2009 11:34 pm

My boy contracted that , got it off facebook I believe . Gave me a hard time for a bit , finally used Malewarebytes to get rid of it .

One click problem solver .

http://www.malwarebytes.org/
Damnidge
1337 Haxor
Posts: 611
Joined: Mon Dec 26, 2005 12:00 am

Thu Mar 19, 2009 12:32 am

I can't add much more here, other than encourage you to install and keep Spyware Blaster up to date. You can get it here:

http://www.javacoolsoftware.com/spywareblaster.html

This is not a scanner or active program, rather it "plugs" known areas these things exploit.

Also, I second Bomzin's Malwarebytes recommendation. It is a solid choice. I would also get a solid anti-virus. The top two in terms of recognizing and preventing are actually free - they are avast! and antivir. I prefer avast! because ti does not have a nag screen like antivir, although antivir has the highest scanning rating - esp for "wild" viruses which are ones not yet in definitions.

I've never really been a huge fan of spybot - a lot of people like it but there are better choices out there.

If nothing fully gets rid of it, you may have to go medieval on its ass. I got "spyware quake" about 4 years ago and had to use hijack this, killbox, and some other really down and dirty programs to finally get it all out.

Even if you do eliminate it, I would pout a system rebuild on your things to do list, because most of these nasties never really get fully eliminated.

In the end prevention is the best case scenario. You may want to use tools to limit your flash, java, etc. and how it runs in your web browser as these are often ways things get in. Also, which web browser are you using? Firefox is a good one for security, esp with a lot of the solid add-ons.

Good luck.
Cheers, Damnidge
tapydisuza
Posts: 1
Joined: Wed Oct 15, 2014 6:44 am
Xfire: tapydisuza

Wed Oct 15, 2014 7:32 am

To fix any types of malware related problem you have to read the malware removal guide. This will help you to defend from any type of malware.
Post Reply