From: "wasted" <rubbish@xxnone.notreal.com>

| Greetings

| Daughter's laptop got hit by AntivirusGT. Constant "alerts" popping up about
| this, that and the other infection, and of course it would fix them if she
| paid out. She couldn't access antimalware websites because of redirects.

| She brought it to my house yesterday for me to try and fix. I downloaded
| onto my computer, changed name and saved to CD, both MBAM and
| SUPERANTISPYWARE.

| Installed MBAM, and ran it without updating (because I wasn't letting it
| link to my network at any cost) - it found nothing in normal mode, and
| during the scan there were the same incessant popup "alerts" from AVGT. Went
| to safe mode - no popups occurring, but MBAM still found nothing.

| Whilst still in safe mode, installed SAS, again without updating - and it
| found and removed stuff referring to AntivirusGT.

| Rebooted to normal mode - success, it's gone!

| Sent daughter home and from there she updated MBAM and SAS and ran both -
| nothing more found and all is OK.


| Questions:-

| 1. Should I have installed MBAM in safe mode?

| 2. If the answer to question 1 isn't relevant, any guesses/info on whether
| MBAM would have "worked" had I allowed it to update. I'm worried about this
| because I pay for the full version myself to have the real-time protection.
| I moved to it from SAS because at that time, on my 64bit system, SAS could
| only be updated by uninstalling and reinstalling

| 2. How does this AVGT get onto computers in the first place.

| Cheers

| JP



No. What you should have done is updated another computer.

Obtained the "rules.def" file (the latest signatures).
"C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes'
Anti-Malware\rules.ref"

And copied the latest rules to that infected computer then ran MBAM.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp