Hijacked by AntiVirus Gold

Hey,

If i was being honest too , I also fell for the codec trick
(www.vcodec.com or something, DO NOT DOWNLOAD) whilst needing to watch
"Amusements". Looking through a few replies here none of you have it
as bad as you do (might not have read a post that has this problem).
The website that the warning is linked to in the desktop might or it
might be one of the viruses shoved in, is constantly crashing my active
desktop leaving me with no time to get 3 clicks in before i get the
"Send Error Report" window from Windows before it crashes and flicks up
again and crashes, it continues doing this until i rapid click the
shutdown buttons before it crashes again . Turns out also that my
brother was going to change our antivirus software but 'didn't get
round to finishing the job'. And with this problem i cant even install
new software or even have enough time to pay the criminals (that's gotta
be able to be dealt with?). Help asap please.

veliko Wrote:
Hello Terry,

I had the EXACT same problem as you (with ANTIVIRUS GOLD) and solved
it
as detailed below.

I read the follow-up posts to your original email and it seems that
some of the responses missed the nail in helping you out (one guy even
criticized you for installing "off-brand" antivirus... - he missed the
WHOLE point of your email for help not realizing that you DID NOT
install ANTIVIRUS GOLD ant that it simply took over your system).

In any event, I went to antivirus-gold.com customer service and emiled
a complaint asking how to get rid of this. But of course they never
responded.

I WAS able to get rid of it though and mayby this will help you to.

I'm running under XP Pro.

In Windows "Help and Support" (accessible via Start button), I clicked
"Undo changes to your computer with System Restore".

I then selected "Restore my computer to an earlier time". When the
calendar came up, I selected an available restore point a few days
BEFORE the time when this whole problem started, rebooted as
requested,
and it's fine now.

How it happened: In my case, I let my guard down by stopping both
McAfee Vscan and McAfee AntiSpyware. I stopped these because I was
burning DVD's for my business. When the burning completed, I forgot to
re-arm these guys and went surfing. I hit a site that needed to load a
CODEC to run the video. I run a film to DVD business and I try to make
sure I always have all the latest CODECS and so I loaded the new
"codec" and that's when the problem started. (ok ok, it was a porn
site
;-)

I would appreciate you letting me know if this solution help you at
all.

Veliko



Kerry Brown wrote:
"Terry Smythe" wrote in message
...
I have now verified that my desktop has been hijacked by
"desktop.html" It resides in c:\windows I've tried
deleting it and editing it, but can't get rid of it. Keeps
coming
back from somewhere, no matter what I do.

It has imbedded within it a command to visit the Antivirus Gold
web
site. It appears to be extremely malicious marketing, planting
3
virus that only it can remove, and itself. Its message is, 'if
you
want to remove these virus, then buy me'

A search for this file on my computer reveals only 1 copy. If I
delete it, it is replaced upon reboot. If I edit it, it is
replaced
upon reboot.

A 'net search suggests an incredibly convoluted procedure for
getting
rid of it. Surely there must be an easier way.

Along with SpyBot, AdAware, Microsoft's new parasite
detector/remover
fails to see it. They see all kinds of things, but won't touch
this
one. Registry First Aid finds only a single entry, deletes it,
and
upon reboot, it's back again. It's not in Startup.

I'm hopeful of finding some kind of specific utility to remove
this
ugly parasite.

Regards,

Terry Smythe


Go to the following link and download HijackThis.

http://www.aumha.org/freeware/freeware.php#hjt

Run it and then post the log it generates to one of the forums
dedicated to
it's use. A good place to start is he

http://forum.aumha.org/viewforum.php?f=30

http://www.techsupportforum.com/forumdisplay.php?f=50

http://castlecops.com/forumx67-0-50.html

Don't post the log here. Some malware hides very deep in the system
and
isn't detected by any of the spyware removal programs. Hijackthis and
other
tools will assist in it's manual removal. Barring that you could
backup your
data and reinstall Windows and all your programs then restore the
data. If
you are unable to do either I recommend you take your computer to a
professional to have it fixed.

Kerry


--
sir robPosted from http://www.pcreview.co.uk/ newsgroup access

I have the same problem as sir rob with one of the t888ers at work who
has managed to get it on his laptop. I am going to just wipe his
system. I can't find anyway around it. The annoying thing is we have
Symanted v9 all fully updated and on auto monitor but somehow this
rubbish still got through.

BTW I checked out the AV Gold website and they aren't far from me in
central London, I have a goood mind to go round there and have a
serious "discussion". I can't believe the useless putrid little
whores.


--
konarobPosted from http://www.pcreview.co.uk/ newsgroup access

Hi,

Try this first.
How to remove Antivirus Gold or AVGold
http://www.bleepingcomputer.com/foru...ld-t22397.html

--
Regards,
Bert Kinney MS-MVP Shell/User
http://dts-l.org/


konarob wrote:
I have the same problem as sir rob with one of the
t888ers at work who has managed to get it on his laptop.
I am going to just wipe his system. I can't find anyway
around it. The annoying thing is we have Symanted v9 all
fully updated and on auto monitor but somehow this
rubbish still got through.

BTW I checked out the AV Gold website and they aren't far
from me in central London, I have a goood mind to go
round there and have a serious "discussion". I can't
believe the useless putrid little whores.

I had AV Gold on my computer too,and tried to do as quoted bellow,but in my case there was no winnook.exe there,but there was a process called hookdump.exe. I unchekked it,and after reboot,the red little button in the lower right corner is gone.then I ran Spybot and removed the files that was found.rebooted and ran spybot again,I don't know much about computers,but it seems to me like I have got rid of this mess.

Quote:

Originally Posted by Olson

Hi janu,
just yesterday i stumbled into the same problem. My 13 year old cousin
caught this proggy but of course... "i didn't do anything".
Whatever.
I tried to track down how antivirus-gold kept sticking on the system
and found that on startup a process called winnook.exe got started.
That one was responsible for the red X in the taskbar (bottom right)
telling you that your computer was infected. You can remove that one by
starting msconfig from the run menu and unchecking it.
Antivirus-gold was actually found in the software panel and could be
uninstalled. But after the uninstall process was done it immediately
started the internet explorer going to it's website. So i checked IE's
settings and found some IE helper objects (sorry, forgot the name.).
But the fact that AV gold got re-installed right after that made me
think that it must have been one of those browser helpers (thank you
microsoft!). So i de-activated the suspicious ones.
The website on the desktop can be removed by settings - system panel
- display - desktop - customize desktop (dont know if thats the
correct english term) - web. There you can remove that website from
the active desktop.
After all it did not come back. But of course you never know. Today i'm
gonna deep check that machine for virii with knoppicillin.
I hope this will help you.

regards
Olson