Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


17 posts

Geek


Topic # 14349 28-Jun-2007 22:30
Send private message

Hey guys,

I'm having massive trouble with a virus/adware program on my laptop. I'm having pop-ups about WinAntiVirusPro 2007 and WinGuard appear everytime I go online. I have encountered this problem before and used VundoFix to get rid of the .dll files causing the pop-ups. But when I run it this time, it gets nothing and says I'm clean...which I'm not! I've virus scanned with Avast and it too says I'm clean, but when I open IE7, it says it finds 2 Win32:HZS viruses in my temporary internet folder AND my application data folder! These are the only too virus's it finds each time. I use SuperAntiSpyware and it cleans up all the trojans etc that this is causing, then when its done, I scan again to make sure I'm clean. I use HijackThis also, and it cleans up any processes or .dll files that are running. But when I think I've got everything, as soon as I open IE7, or reboot my laptop, THEY'RE BACK AGAIN!! PLEASE HELP ME!! I'm at the end of my tether!

Much appreciated for any help guys.

Create new topic
4301 posts

Uber Geek
+1 received by user: 84

Moderator
Trusted
Lifetime subscriber

  Reply # 76254 28-Jun-2007 22:39
Send private message

What is the exact name of the infection?

Googling WIN32: HZS brings up a few results, have you tried following the instructions on the first one?



17 posts

Geek


  Reply # 76256 28-Jun-2007 22:47
Send private message

The virus's name that crops up is a different numbered version of tmp??.tmp.exe (the ?? being different numbers each time). Theres loads of them and they keep reappearing.



17 posts

Geek


  Reply # 76402 30-Jun-2007 20:06
Send private message

I'm 1 step away from going mental!! I've used Avast, SuperAntiSpyware, Ad-Aware, VundoFix, FixVundo, HiJack_This v2, Avast Virus Cleaner, AFT Cleaner and FD Fix. They find the Trojans (Trojan.Duncan, eZula etc) and Adware/Malware and go through the process of removing them all. I do this all in Safe Mode btw. I have uninstalled Java completely for the time being aswell. BUT, when I think its all cleared up, I GET THESE GOD DAMN POP-UPS APPEAR about WINCLEANER & WINANTIVIRUSPRO 2007 etc!!! Avast then picks up 2 trojans appearing in my temporary internet files and application data AGAIN!! I CAN'T GET RID OF THIS!! HELP MEEEEEEEEEEEEEEEE!

19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  Reply # 76412 30-Jun-2007 21:25
Send private message

reinstall of OS will fix it

99 posts

Master Geek


  Reply # 76435 1-Jul-2007 01:59
Send private message

I've dealt with this one recently.

WinAntiVirusPro 2007 is indeed a virus. The reason it keeps on coming back I'm afraid is because a rootkit iis installed as well. You can uninstall the WinAntiVirusPro part by simply doing Add/Remove programs, but the rootkit simply redownloads and reinstalls the virus. It also constantly downloads and installs other viruses.

How to tell? The computer I removed this from recently had a hard disk light that was constantly switched on from power up, and the hard disk was always running. Yours is likely to be the same.

2 ways of fixing :

Simple way : Reinstall your OS. Reformat your drive first. This is overkill really.

1. If you are technically competent : Download this : http://vundofix.atribune.org/. Don't bother running it yet.
 
2. After download DISCONNECT YOUR COMPUTER FROM THE INTERNET BY UNPLUGGING IT FROM THE WALL (the internet plug, not the power plug!!).

3. NOW, RUN YOUR REGULAR ANTIVIRUS FIRST. This gets rid of all the WinAntivirus stuff, but not the rootkit.

4. Run the vundofix you just downloaded. Follow its instructions exactly.

FOLLOW THE INSTRUCTIONS IN THE ORDER ABOVE.

Reboot, and then plug your computer into the internet again. Hopefully you are clean.



35 posts

Geek


  Reply # 76497 1-Jul-2007 18:58
Send private message

TallPate is right Win Anti virus is a fake anti virus and spy ware + ad ware and all the system notification are all ad's.
more info

i have experienced that some AV softwares are unable to remove system tray notification.

5 posts

Wannabe Geek
Inactive user


  Reply # 76832 4-Jul-2007 05:32
Send private message

yes its a rogue antivirus program. follow the procedure mentioned above or download and use "Rogue Remover" from www.malwarebytes.org/rogueremover.php

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.