02-11-2010 09:18 AM
Upon checking the HJT log file, I noticed that there's a malicious file that's running on the machine: C:\Documents and Settings\Vicky\Local Settings\Application Data\av.exe
You can manually stop this process via the Task Manager then manually delete the file. You can also run a scan using Housecall or any Trend Micro product and it should be caught as TROJ_NOSECUR.MCS.
02-16-2010 10:22 PM
I did the Task Manager and I think I manually deleted the trojan, but I am still having trouble with the XP Guardian. However, it is now called XP Antivirus Pro. It changed sometime ago.
02-18-2010 06:10 AM
Try running a scan using Housecall and check if the FakeAV infection will be fixed. If not, attach a new copy of the HJT log here so that we can check it again.
02-18-2010 04:16 PM
arath, have you read removal instructions at bleepingcomputer.com? If not, then i think you should.
And slightly different removal instructions in this blog post: how to remove XP Guardian.
I hope this will help you. Good luck!
04-08-2010 11:37 AM
This batch of FAKEAV uses the same binary but changes the presented GUI, its one more way for the bad guys to confuse cleanup. Try the instructions here, then post your new HijackThis results.