Removing Antivirus killer viruses

A new wave of virus such as Win32/Sality and many others attacks almost every famous antivirus and sabotages it in every possible way.

I have seen Kaspersky antivirus 7, Kaspersky 2009, norton 360, and mcafee burn to the ground because of these attacks.

The irony is that in some cases even the antivirus executable gets infected

The solution I found to clean your sorry system is as follows:
Technorati Profile

Uninstall any antivirus corps from your system (if you could), just keep it if it is kaspersky.

if you don’t have kaspersky download it and install it.

After installation you won’t be able to configure kaspersky. now you are at the same stage as someone with a dead kaspersky.

Start your system in safe mode with networking.

Go to your kaspersky installation directory (generally c:\program files\kaspersky lab\kaspersky 2009) you will see all your kaspersky files.

Select all files in the installation directory and copy them.

Create a new folder in your system drive and name it Angrybyte (c:\angrybyte) Paste all the files you copied there.

Inside Angrybyte folder find avp.exe (the one with the red K logo not the,rename it to angrybyte.exe

start angrybyte.exe
If this is a new installation you will able to configure your kaspersky and restart to safe mode with networking again.

after that fully update you kaspersky antivirus (or should I say angrybyte antivirus) and run a complete system scan. luckily, you will be able to disinfect your system.

From the start menu select run and write “msconfig” and hit enter.

Remove any suspicious entry from the startup tab (and no, system processes such as services.exe, svchost.exe, and csrss.exe are not supposed to be there)

Reboot your system normally. Luckily your kaspersky will load and you can consider your system clean.

If for some any reason you start having error messages about missing system files such as ComRes.dll or ctfmon.exe, copy them from the system32 folder of a clean windows and copy them in your own.

Finally I want to say that these viruses are very nasty and most of your system files are modified by them. So even after this removal instruction your system will not be as good as new, and you should consider a system reinstall as soon as possible. And next time keep your AV up to date.

Leave a Reply