AV Security Suite software interfering with programs running

Question

I keep getting a popup with the title 'antivirus software' as well as a fake antivirus app getting run called 'AV Security Suite'.

But the most crazy thing is, I can't start or run any app. Trying to navigate to any website gets me

Internet Explorer Warning
Visiting this site may harm your computer!

If I try to run a program, any program, it says

Application cannot be executed, the file (filename.exe) is infected, do you want to activate your antivirus software now?

I can't even download mbam or anything like that.

Answer 1

It does sound like your computer is well and truly compromised.

What to do if my computer is infected by a virus or a malware? has some standard steps you can try, but ultimately it might be simpler to reformat your hard-drive and re-install Vista.

When you do make sure that the first thing you do is install some anti virus software.

Answer 2

Follow these removal instructions and it should be fine.

Once that is done, install an anti-virus application and make sure you keep it updated. Most will automatically update themselves periodically by default.

Some suggestions:

• Microsoft Security Essentials
• Avast! free edition
• AVG free edition

Answer 3

First of all, do a backup of all your important files. Grab a Linux Live CD, burn it and boot your machine from it. With a flash or external disk drive, copy everything you need to save to another computer that has an antivirus installed.

IMHO, saving the files is the most important thing. I wouldn't trust in the machine anymore. If you don't have "esoteric" software on your machine that you couldn't live without and can't install it anymore, I suggest to format it, install your OS and an antivirus and copy the backuped files. After formatting, create an image from your hard disk using an utility like Norton Ghost and keep it with you if you need to format again.

I'm not saying that it's not possible to clean your machine, I just don't think it's worth to do it because you lose a lot of time cleaning everything and you can never be sure that you completely desinfected your machine.

(Remember that favorites, personal configurations in applications will be lost when formatting if you don't backup them)

Answer 4

You may use a rescue live-CD virus scanner. As a boot CD it's autonomous and doesn't use your Windows system.

I suggest using Avira AntiVir Rescue System because it gets updated several times a day and so the download CD is up-to-date.

Answer 5

a program called mcaffe stinger is made specially for these cases when virus removal software will not run because of hostage-ware.

you may need to get it on another computer and put it on a flashdrive.

also some of them do not block other extensions, i have forgotten some of these extensions, but lifehacker had an entire post on these viruses.

Answer 6

I have manually removed this from three four macines by chasing the "random" filename keys and filnames in the registry and in the %TEMP% folder. In fact the first thing I do from a command prompt is to delete all .exe files from the %TEMP% folder, making a note of the filenames. Searching for these .EXEs with random names in the registry and deleting the entries cleans it up.

Also while the face AV screen is being displayed although it looks like a "regular application window" if you start the task manager and terminate iexplore.exe , the fake "you are infected" screen will close.

It's tedious but do-able. You might have to switch to safe mode to get it done. As suggested earlier, if there is cleaner tool, it should be faster than chasing registry entries of random names :)

What i'd really like to know is if IE is more likely to "pick those up" than Firefox. So far the occurences I cleaned up took place on machines that IE was being used as the browser.