I have done searches in safe mode for gav.exe, mgrdll.exe and GAV folder (as recommended by various websites, to delete them) and cannot find these files. Many references in Google for several weeks now to this Green AV as being a virus but we are stuck on how to fix. HELP!
billowen:
Please try Malwarebytes. Download it, install, update and run a full scan. You will be able to post the log here using the "add attachments" link under the orange post button.
Message Edited by delphinium on 08-30-2009 07:56 AM
I downloaded the program you recommended and ran a full scan and found 13 infected objects which I had removed. Then I restarted. Unfortunately the Green AV is still on board.
In reading your message again, maybe I just don't understand what you said here: "You will be able to post the log here using the "add attachments" link under the orange post button."
You can add attahments to posts now.
billowen wrote:I downloaded the program you recommended and ran a full scan and found 13 infected objects which I had removed. Then I restarted. Unfortunately the Green AV is still on board.
In reading your message again, maybe I just don't understand what you said here: "You will be able to post the log here using the "add attachments" link under the orange post button."
The add attachments link is below the post button and the space where you can add tags to your post.
It is what is circled in red. Please submit the log that MBAM created after the scan completed as an attachment. This way delphinium and the few other members of these forums who are proven experts at removing malware can better assist you.
edit: woops, looks like dbrs for the lack of a better term beat me to the punchline.
Message Edited by pexley on 08-29-2009 10:29 PM
Here’s the log attached.
Malware bytes has found and removed 3 infected files and 1 infected registry entry. Is your Boss’ PC now behaving itself?
No. It must have found unrelated items. The Green AV stills pops up constantly.
OK. Can you post a screenshot of the Green AV so that we can see what it is.
[edit: Resized image to fit screen.]
Message Edited by shannons on 08-30-2009 02:10 PM
Billowen:
Take a screen shot of what you want us to see. Open Paint and paste it there. Save it to your desktop. When you are ready to post it, click on the green tree icon near the smiley in the menu bar. That will allow you to choose the file to insert. Choose the "large" size, not full size. It will take some time for the Mods to approve the picture before we will be able to see it.
Also
Please give us a Hijackthis log.
http://free.antivirus.com/hijackthis/
okay i will do the website tonight from work because i cannot get his computer signed into my home wireless network. everything i've done to date has been by 'sneakernet'
i will paste in the right sized screenshot now
Moved to own thread for better exposure.
ok, i ran the hijackthis and am attaching the log
thank you in advance!
Hi
With hijackthis
Remove these entries
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.goodsearch.com/
O1 - Hosts: 208.43.47.212 a1.review.zdnet.com
O1 - Hosts: 208.43.47.212 reviews.riverstreams.co.uk
O1 - Hosts: 208.43.47.212 d1.reviews.cnet.com
O1 - Hosts: 208.43.47.212 review.2009softwarereviews.com
O1 - Hosts: 208.43.47.212 reviews.download.com
O1 - Hosts: 208.43.47.212 reviews.pcadvisor.co.uk
O1 - Hosts: 208.43.47.212 reviews.pcmag.com
O1 - Hosts: 208.43.47.212 reviews.pcpro.co.uk
O1 - Hosts: 208.43.47.212 reviews.techradar.com
O1 - Hosts: 208.43.47.212 toptenreviews.com
O1 - Hosts: 208.43.47.212 www.reevoo.com
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [29837465982736455] C:\Documents and Settings\All Users\Application Data\gra\mradll.exe
O4 - HKLM\..\Run: [09803874569874596] C:\Documents and Settings\All Users\Application Data\gra\gra.exe
Quads
THANKS QUADS! Deleting those 14 items through hijackthis vanquished the nasty green av!!!
Hijackthis just disabled it,
O4 - HKLM\..\Run: [29837465982736455] C:\Documents and Settings\All Users\Application Data\gra\mradll.exe
O4 - HKLM\..\Run: [09803874569874596] C:\Documents and Settings\All Users\Application Data\gra\gra.exe
Download, install update the definitions then run a Full Scan with Malwarebytes
Quads
Why doesn’t Norton 360 recognize this and fix it?
bsk713 wrote:
Why doesn't Norton 360 recognize this and fix it?
This is not your thread, you now have your own Green AV thread
Quads
Could you assist in finding where that might be?