Nasty malware! AVG free not killing it.

[jigsawpuzzl]

Hi, New member and no pic etc as I'm now paranoid! I have had miscellaneous problems with 2 new pcs with W7 since April...and have found Adware180.Solutions repeatedly now on the 2nd (a 32 bit - the 1st was a Dell 64 bit) and deleted it (as it was already in the virus vault of AVG 9 free and I couldn't see how to delete it from there). It seems to be hijacking a number of my other programs (if that's the right term..) they act up in odd ways and eg, my Clickfree transformer (used for back up) instals (is meant to I believe) an autorun download on the pc so that the back up starts when I plug in the gadget and an external hard drive to the pc. As it is misbehaving (sending me a reminder everytime I boot) I went to clear this...and found duplicate applications for other things in my download folder..eg Rapport (Bank etc protection), and my Netgear wizard (which had also been behaving oddly, eg cutting in and reconnecting the wireless internet connection on booting up) - but I can find NO Clickfree application in downloads or programs. My photoshop Elements 8 has also played up from the start - this also has an autorun I think to check the registry for new photos...
As I delete Adware.180Solutions shut down the pc and then reboot (manually) and run a scan straightaway and it reappears I know it must be something nasty...it may be attacking my hard drive too as after previous problems booting, the local shop replaced the hard drive (and had ghosted the data across - so all the data was the same) and it seemed to work fine for a while - can "a virus" destroy a hard drive as well as corrupt files?
The virus file is a registry key. SDK type "core".HKU\S-1-5-21-1305305394875-2801006857-1732038897-1001\software\SAC. It is very clever as it hides any evidence from the event logs and also turned off the "check for enhanced unwanted programs" in AVG free. Dell spent months and my time and money telling me it wasn't Malware (if it was on that pc too) - so I bought a new pc...and they didin't think it was Malware either! But this weekend has convinced me once and for all...
The local shop told me it started innocuously but the company has been shut for over a year and it has been corrupted.....I suspect I need professional help here - but any tips anyone?? Have you heard of it? I've always had a McAfee protection then AVG more recently when I continued having problems. It seemed this got through...is it a rootkit and what should be done now? I will of course be upgrading to a full version of eg. AVG when the shops open but would that get rid of this? Should I avoid using the pc as more files will be corrupted? (I'm doing this on my old Vista pc which has come up clean on the AVG scan)
Sorry this is SO long. I'd be grateful for any advice from some techies out there!
Cheers

Jigsawpuzzl

 

[roban]

AVG Free does not give you real time protection. Install Malwarebytes and Microsoft Security Essentials after uninstalling AVG.

 

[TrainableMan]

Before you bother trying to uninstall and install new anti-virus you need to get rid of any infections. I have heard of some viruses that do effect the harddrive controller, so yes it's possible to harm the harddrive. Viruses can also be designed to attach themselves to valid programs and when you run the program it branches to their code, does its' damage and then transfers control back to the program.

I would suggest you read about and then try RKill. Also know that a virus can be stored in memory, on a CD/DVD, on a flash drive, and on a harddrive, or be in a webpage so any media you plug in can infect (or reinfect) you. That is why you need an active virus scanner as Roban is suggesting; but as I said get clean first.

 

[jigsawpuzzl]

Thanks trainable man...this is scary stuff...I didn't realise AVG free didn't have real time protection - and will get the full version which I hope does...I DO have Malwarebytes though and nothing at all has come up in those scans yet...I think I must take the pc back to the shop as I'd prefer them to have the responsibility...- and hope they really find it this time rather than wiping the hard drive and getting me to rebuild again...as I've done that so many times since April I've lost count! I'll pass on the Rkill suggestion. The virus seems to have attached itself to something I use all the time, such as the Netgear..or My Microsoft office or Clickfree at least...as these were the only things running when it wouldn't reboot after the last strip down and I'd only reloaded my emails, eg Outlook - though 2 windows PAT files (I think) did come across from Clickfree - and these were in different categories in various back ups which struck me as odd eg once they were classified as artwork and another as email.....(Clickfree uses categories to store, view and restore files eg text, photos, spreadsheets etc). How I long for a trouble free life!!!
I've been scanning any memory sticks, and hard drives I plug in..though I think I forgot to check the camera memory cards...and they showed clean but I guess you are saying that AVG may not be working properly...and McAfee wasn't either...and I did try Avira I think for a while...SIGH! Thanks anyhow for your help. I'll avoid the pc for the rest of the day.

Jigsawpuzzl

 

[TrainableMan]

No virus protection can be 100% effective, that is why it has to be updated regularly. I have never used AVG personally and I'm sure some users may use it w/o problem but others on this forum have seen AVG can itself cause system slowdowns and Blue Screens. Your system may not be infected at all but instead is experiencing problems with AVG; that is why roban told you to uninstall it and I believe that is where you should start.
This forum does not recommend purchasing the paid AVG either. The official forum recommendation is exactly what roban said. I was simply suggesting that you run rkill first to see if it could find an already existing virus before you then install Microsoft Security Essentials.
I think the store may well find nothing and simply charge you more money. There are very few guarantees in computer software because they can simply say you got it off the internet or from a flash drive, camera, etc they didn't have; you need to step up and take charge. Try uninstalling AVG. Try running rkill and see if it finds anything. Then install MSE. Run a complete MSE scan. Run a malwarebytes scan. Come back and tell us the results.

 

[catilley1092]

AVG, although I realize it's a very popular downloaded software, is NOT recommended for Windows 7, regardless of what program that says it is. I've read way too many forum posts the last couple of years, where the computer can hardly run, and the AV that's usually installed is AVG. I've even personally repaired a computer that AVG had rendered almost useless.

I myself run and recommend MSE, along with Malwarebytes, and have only had one problem, and that was from viewing porn sites with an unknown browser to me at that time (Safari). I mistakenly placed my trust in their "Safe Search" function, and paid dearly for it. It won't happen again.

roban and TrainableMan gave you good advice, if you step up to the plate and take charge of your computer issues yourself, you can save big money, and learn while doing it. You shouldn't need to go to a shop for virus removal, I personally believe that you're being taken for your money, I can see the grins on their faces as you're approaching the shop. An honest computer repair shop doesn't need to rely on crooked methods to make big bucks, they stay busy doing honest work.

Download MSE & Malwarebytes, uninstall AVG, run RKill, then install MSE & Malwarebytes, update them and run them until they report it's clean. It's very simple to do.

And welcome to the forum, jigsawpuzzl! I just noticed that you're a new member. You can really learn a lot here, if you really want to. Computers can appear intimidating to some, but when you learn to do your own maintenance, you're in control. It is not difficult to uninstall an AV and install a new one. There are many tutorials on this site for your use, check them out, and save some money.

Best of Luck,
Cat

 

[Elmer BeFuddled]

I'll go along with all that the others have said but I'd just add that when uninstalling AV products, if they leave any "bits" behind (they will!) these can interfere with your new security programs.

You need to make sure all traces of the removed program have really been removed. You can get total uninstaller tools for most AV programs, you'll need to run the AVG one (obviously). This link has a list of most AV uninstallers with links to downloads. This is the latest listing I found with a quick Google search.

 

[jigsawpuzzl]

Oh dear! Thank you for your advice guys...but I've only just got into see your posts...the shop first thing in response to my email last night said they would wipe everything again and I'd be best to stay away from my back ups as it was reinfecting...ie I had to lose all my data! I couldn't believe this and didn't think yet another rebuild was the answer...so I contacted my bank's Rapport help (Trusteer) and they told me it wasn't really their issue and to go for Microsoft essentials so I was ready to do that, especially after your advice but didn't feel comfortable when they said "programs don't clash" when I asked if it was compatble with AVG...so I phoned AVG who said yes it would of course conflict...and I bought their full package for a year with their help to remove the virus....3 hours, theychecked lots of sections of the pc visually on a screen share and manually deleted various temp and other files and ran a pcsafety clean and it does seem to have gone (it had attached to an application - or copy of one, that was legitimate) they then checked if my recent issues remained (they didn't) The help was very thorough - and with the tweaks to my start up apps (ie restricting them to the minimum) the pc seems much quicker at the moment..... I felt a bit more cash was worth saving my data when it was offered....I suspect if I'd been on this forum more I'd have grown in confidence and felt like tackling it with your suggestions (I almost did...)...and I'll keep in mind what you suggested for when my license runs out...especially if AVG DOES slow the pc. As the misc problems seemed to grow back over a few weeks after previous"cleans" I'll relax after a month I think! The full AVG version has the real-time scanning that was mentioned...I guess that may slow the pc, but we'll see...I've gone and done it now
Thanks again and I look forward to getting to know you better!

 

[jigsawpuzzl]

Forgot to say I have had Malwarebytes for a little while and nothing was showing on those scans.....

 

[TrainableMan]

No you cannot run AVG and MSE together.

Also if you have flash drives or external HDs you need to disable autorun and thoroughly scan the contents, otherwise you will likely reinfect yourself. Also disable autorun on your CD/DVD and scan and backup CD/DVDs or just toss them in the trash if you can do without them.

For anyone else reading this post trying to decide what to do, please just try the MSE solution; do not pay the people who left a virus get on your machine in the first place, money to upgrade.

 

[Mychael]

For the O/Ps reference here is a link showing what features you get with the various versions of AVG.

http://www.avg.com.au/landing/adwds/free.cfm?gclid=CNjulKWx9KMCFQczbgodwCkE3Q

MSE is very good and recommended by just about everyone on here. I 'personally' have no issues whatsoever running AVG and MSE together but that is under XP and Win7 seems to be a bit more picky.

 

[jigsawpuzzl]

disabling autoruns...?

Thanks for that trainable man - I have scanned my external hard drives now and they came up OK. AVG explained I must scan them before opening (and I will with any camera memory cards, memory sticks etc too) (silly question but I assume memory sticks are the same as flash drives??)
There is autorun in my Photoshop Elements 8 program so I will find out how to disable that...
Clickfree works by autorunning as soon as it is plugged into the pc - it opens a welcome screen then an autorun screen with a countdown to back up which you can stop. I guess I'll have to ask them about that? It is such a gem for easy incremental back ups each day that I'd prefer to carry on using it at least until my pc has settled down and I feel less scared of a fatal crash...
I don't think I have anymore autoruns...and the support guy closed anything from running at start up other than my wireless connection and AVG.......does that sound about right?

By the way - I phoned the Rapport (bank protection) people on the advice of my bank after I'd had to check my balance was OK...

I'm an old neurotic babe in the woods of IT I'm afraid but learning all the time! - and it is good that you were all able to clarify re Microsoft security essentials and how good it is and also re compatibilities in Windows 7. Thanks again,

 

[jigsawpuzzl]

desktop helper?

Thanks Mychael for the link re AVG. I have the full internet security package now with a year's 24/7 phone support with Virgindigital help... Incidentally they mention "download a desktop helper to help your pc run more smoothly" in the receipt/welcome email. Has anyone any experience of this? (Should I start another thread?) I don't want to click the link and start it until I'm sure what I'm doing...see I AM neurotic!

 

[Mychael]

A lot of software packages/browsers/links etc etc try to get you to download other stuff to quote "make you Pc run better" unquote. My advice is DON'T DO IT. There are very few really safe PC tuners around, most will give you grief in one way or another.
The only one consistently recommended by most members here is Ccleaner, it's also a free download.
Anything that tells you it will make your computer run faster/better etc etc. Improve your sex life all that stuff is generally snake oil and best left alone.

 

[jigsawpuzzl]

I did have ccleaner before on the Dell pc to try to get my PSE8 to work properly but haven't redownloaded it - I assume it is compatible with AVG internet security and Malwarebytes then??? Dell support did recommend running it weekly so I'm interested to see it crop up again. I will download it as long as it is compatible..I guess my AVG phone support should tell me when I ask re the other little niggles that remain in my programs...(the package covers all software support...so I may as well get my money's worth!) Thanks for the tip re not downloading the potential snake oil!!!! Maybe it is THAT that causes probs on other people's pcs with AVG...

 

[Mychael]

I have Ccleaner + Malwarebytes + AVG +MSE but remember I am on winXP not Win7.
For the guys using Win7 there seems to be an issue with AVG and it's not popular but many are running Ccleaner + Malwarebytes.

 

[jigsawpuzzl]

Thanks Mychael - perhaps I'll wait and see if anyone is running AVG full and ccleaner and malwarebytes with windows 7! Incidentally my new AVG firewall seems to keep creating new rules...probably to stop autoruns, so I'll check with the support chaps in due course... actually going out to see if I can get some new business now! ie having a break from the pc...

 

[jigsawpuzzl]

too many scans at once...

after problems with various programs jamming today AVG (Virgin digital help) found it was probably caused by the default setting AVG optimisation scan trying to run at the same time as a Windows 7 default defrag.....or even just their own scan own its own may have caused it!...so we've cancelled the routine defrag as "new hard drives don't need it and they can overheat and become unstable"...WHY is is set as default?? One optimization scan and that is done for good too...ooohhh hope it will all work out now...

 

[TrainableMan]

I bet they have a 30-day guarantee, just tell them you aren't satisfied with their answers or their product and you would like a refund. Then install MSE.
Defragging HDs is still recommended, except the new SSD (solid state drives); how often this is needed totally depends on how much and how often you delete files. I could probably defrag once every month or two.

 

[catilley1092]

Defragging HD's are an important part of keeping your computer operating at peak performance. That's why I got Perfect Disk 11 Professional, it not only defrags your OS(s), it optimizes it, too. If you can't afford the Perfect Disk app, Auslogics Disk Defrag is the next best thing, it also optimizes your drive(s), too.

I've never ran any form of AVG with Windows 7, but on my notebook where I have Windows 7 Home Basic (32 bit) installed, CA Internet Security has been better than expected for me. It's an AV & Firewall in one. And for the first time ever, I didn't have to configure the firewall to install it. Everything downloaded & installed itself.

I got this free package from Time Warner Cable, just for being a customer.

PS: It must be doing it's job, because if it weren't, Malwarebytes would find what the AV doesn't. Also, Windows Defender is in use, it too hasn't found any infection. I'm keeping my fingers crossed. If CA Internet Security can continue to prove itself to be good, I may consider installing it on Ultimate 64 bit (my evaluation version of 7 from TechNet).

Cat