Green AV infected boss' cpu & Norton unaware

I have done searches in safe mode for gav.exe, mgrdll.exe and GAV folder (as recommended by various websites, to delete them) and cannot find these files. Many references in Google for several weeks now to this Green AV as being a virus but we are stuck on how to fix. HELP!
 

billowen:

 

Please try Malwarebytes.  Download it, install, update and run a full scan.  You will be able to post the log here using the "add attachments" link under the orange post button.

 

http://www.malwarebytes.org 

Message Edited by delphinium on 08-30-2009 07:56 AM

I downloaded the program you recommended and ran a full scan and found 13 infected objects which I had removed. Then I restarted. Unfortunately the Green AV is still on board.

 

In reading your message again, maybe I just don't understand what you said here: "You will be able to post the log here using the "add attachments" link under the orange post button."

You can add attahments to posts now.AddAttachments.PNG


billowen wrote:

I downloaded the program you recommended and ran a full scan and found 13 infected objects which I had removed. Then I restarted. Unfortunately the Green AV is still on board.

 

In reading your message again, maybe I just don't understand what you said here: "You will be able to post the log here using the "add attachments" link under the orange post button."


 

The add attachments link is below the post button and the space where you can add tags to your post.

 

attachments.PNG

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

It is what is circled in red. Please submit the log that MBAM created after the scan completed as an attachment. This way delphinium and the few other members of these forums who are proven experts at removing malware can better assist you.

 

edit: woops, looks like dbrs for the lack of a better term beat me to the punchline.

Message Edited by pexley on 08-29-2009 10:29 PM

Here’s the log attached.

Malware bytes has found and removed 3 infected files and 1 infected registry entry. Is your Boss’ PC now behaving itself?

No. It must have found unrelated items. The Green AV stills pops up constantly.

OK. Can you post a screenshot of the Green AV so that we can see what it is.

GreenAV.JPG

 

[edit: Resized image to fit screen.]

Message Edited by shannons on 08-30-2009 02:10 PM

Billowen:

 

Take a screen shot of what you want us to see.  Open Paint and paste it there.  Save it to your desktop.  When you are ready to post it, click on the green tree icon near the smiley in the menu bar.  That will allow you to choose the file to insert.  Choose the "large" size, not full size.  It will take some time for the Mods to approve the picture before we will be able to see it.

 

Also

 

Please give us a Hijackthis log.

 

http://free.antivirus.com/hijackthis/

 

okay i will do the website tonight from work because i cannot get his computer signed into my home wireless network. everything i've done to date has been by 'sneakernet'

 

i will paste in the right sized screenshot now

GreenAV.JPG

Moved to own thread for better exposure.

ok, i ran the hijackthis and am attaching the log

 

thank you in advance!

 

Hi

 

With hijackthis

 

Remove these entries

 

 


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goodsearch.com/

 

O1 - Hosts: 208.43.47.212 a1.review.zdnet.com

O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk

O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com

O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com

O1 - Hosts: 208.43.47.212 reviews.download.com

O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk

O1 - Hosts: 208.43.47.212 reviews.pcmag.com

O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk

O1 - Hosts: 208.43.47.212 reviews.techradar.com

O1 - Hosts: 208.43.47.212 toptenreviews.com

O1 - Hosts: 208.43.47.212 www.reevoo.com

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll

O4 - HKLM\..\Run: [29837465982736455] C:\Documents and Settings\All Users\Application Data\gra\mradll.exe

O4 - HKLM\..\Run: [09803874569874596] C:\Documents and Settings\All Users\Application Data\gra\gra.exe


 

Quads 

THANKS QUADS! Deleting those 14 items through hijackthis vanquished the nasty green av!!!

Hijackthis just disabled it,  

 

 


O4 - HKLM\..\Run: [29837465982736455] C:\Documents and Settings\All Users\Application Data\gra\mradll.exe

O4 - HKLM\..\Run: [09803874569874596] C:\Documents and Settings\All Users\Application Data\gra\gra.exe


 

 

 

Download, install update the definitions then run a Full Scan with Malwarebytes

 

Quads 

 

 

Why doesn’t Norton 360 recognize this and fix it?


bsk713 wrote:
Why doesn't Norton 360 recognize this and fix it?
This is not your thread, you now have your own Green AV thread
 
Quads 

 

Could you assist in finding where that might be?