From: "Quilljar" not on
Dear All,
I will now eat humble pie and apologize for my panic!
1. I got some information from the large number of warning windows that the
Trojan itself popped up.
2. Like anyone would I Googled for more. BTW when I Googled the name
''Anti-Virus Live' it took me straight to the Scam website NOT the usual
Google list, so I then prefaced my question with the word 'query' which
seemed to fool it. There is a lot of info on the net. I printed out six
useful pages of it.
3. However, thanks to all your reactions I tried yet again to get into
Windows 7 Safe Mode. This is not straight forward but eventually I got it.
Once there, things became much easier. I was able to do a full scan with
Malwarebytes at last, and It cleared the bloody thing out!
I have this morning, in gratitude, purchased the pro version of Malwarbytes.
Thanks to all for your patience and help.


"FromTheRafters" <erratic(a)nomail.afraid.org> wrote in message
news:hgl7p8$niu$1(a)news.eternal-september.org...
> "Quilljar" <Not(a)home.today> wrote in message
> news:tuWdnfblcJ_KhLPWnZ2dnUVZ8uqdnZ2d(a)bt.com...
>> Thanks all you guys, but you have not taken on board that this virus does
>> not allow me to do anything. I cannot run msconfig or get to safe mode or
>> any of the simple stuff you have kindly suggested. After half an hour on
>> the phone with two BT helpline engineers plus their supervisor, I have
>> been advised that I will have to send my machine back to the makers (not
>> Dell!)
>> I have 15 years experience of all the MS operating systems as well as
>> Acorn, Amstrad and Mac.
>> I have never come across a virus like this one. I hope none of you ever
>> do!
>> I will give one more try phoning the makers tomorrow, then I guess
>> I will have to re-install windows 7. I am sending this post on my old
>> Window XP machine. Thank God I still have it and everything backed up.
>
> Not a Dell - well, that narrows it down.
>
> ...may be called W32/NugelE (or W32/Nugel.E) and the file Windows7
> notification "came up with" is abjsysguard.sys? Where did you "come up
> with" anti-virusLive as a program (scareware?) name?
>
> Are you googling filenames as a troubleshooting technique?
>
> Had you tried to execute a rootkit detector such as a randomized GMER on
> the affected system?
> Have you investigated the possibility that whatever gave you the "malware
> name" associated with that "filename" was misidentifying a new entity as
> an older entity? Have you tried booting to another OS via cd-rom (LiveCD
> or Windows7 version of the recovery console)?
>
> It seems a shame to send the unit to the MFG for what practically *has* to
> be a software problem.
>
> In the end, reinstalling the OS on a cleaned up (wiped) drive is probably
> the best option, but that won't satisfy (y)our curiosity will it? :o)
>
> How did you obtain the information that you have given us so far?
>
From: Buffalo on


Quilljar wrote:
> Dear All,
> I will now eat humble pie and apologize for my panic!
> 1. I got some information from the large number of warning windows
> that the Trojan itself popped up.
> 2. Like anyone would I Googled for more. BTW when I Googled the name
> ''Anti-Virus Live' it took me straight to the Scam website NOT the
> usual Google list, so I then prefaced my question with the word
> 'query' which seemed to fool it. There is a lot of info on the net. I
> printed out six useful pages of it.
> 3. However, thanks to all your reactions I tried yet again to get into
> Windows 7 Safe Mode. This is not straight forward but eventually I
> got it. Once there, things became much easier. I was able to do a
> full scan with Malwarebytes at last, and It cleared the bloody thing
> out!
> I have this morning, in gratitude, purchased the pro version of
> Malwarbytes. Thanks to all for your patience and help.

Happy to hear that it all worked out OK.
Was there a particualr 'trick' you used to finally get into Safe Mode?
Cheers,
Buffalo
PS: Happy to hear you rewarded MBAM by purchasing the pro version. :)
It was a wise move.


From: VanguardLH on
Quilljar wrote:

> Thanks all you guys, but you have not taken on board that this virus does
> not allow me to do anything.

As mentioned, because you couldn't get into the boot menu doesn't mean you
tried correctly. So until it was determined that you did the correct
procedure to get into the boot menu and still couldn't would have progressed
to the next type of pest: MBR or boot sector infection. The solution there
could be as simple as using the install CD to go into Recovery Console mode
and using FIXMBR and FIXBOOT, or having to boot using a CD (that loads a
separate instance of an OS) along with the anti-malware utilities on it.

> I tried yet again to get into Windows 7 Safe Mode. This is not straight
> forward but eventually I got it.

What wasn't straight forward? How did you manage to get to the boot menu to
select Safe Mode? Is this a pre-built by a well-known brand, like Dell?
They tend to shove fluff in your face at boot that can be confusing to a
user.
From: John Mason Jr on
On 12/20/2009 8:40 AM, Quilljar wrote:
> Dear All,
> I will now eat humble pie and apologize for my panic!
> 1. I got some information from the large number of warning windows that
> the Trojan itself popped up.
> 2. Like anyone would I Googled for more. BTW when I Googled the name
> ''Anti-Virus Live' it took me straight to the Scam website NOT the usual
> Google list, so I then prefaced my question with the word 'query' which
> seemed to fool it. There is a lot of info on the net. I printed out six
> useful pages of it.
> 3. However, thanks to all your reactions I tried yet again to get into
> Windows 7 Safe Mode. This is not straight forward but eventually I got
> it. Once there, things became much easier. I was able to do a full scan
> with Malwarebytes at last, and It cleared the bloody thing out!
> I have this morning, in gratitude, purchased the pro version of
> Malwarbytes.
> Thanks to all for your patience and help.
>


Glad ypi were able to get the mess cleaned up in the future, you might
try a rescue CD like tej one from Avira

http://www.avira.com/en/support/support_downloads.html

There is an iso file as well as a exe that will create the CD for you.

Other AV companies have rescue CDs as well

There is a pretty good write up here
http://www.raymond.cc/blog/archives/2008/12/11/13-antivirus-rescue-cds-software-compared-in-search-for-the-best-rescue-disk/


John