Cannot Uninstall Bd 2009

I've picked up some viruses on the net while using bd 2009 av. Since it was not able to erase them i tried uninstalling it in order to try out some other av progs. Well, it wouldn't uninstall. I tried using that BD uninstall utility it uninstalled some things, most it did not.


Now I've got viruses on my comp. No av or anti spyware program I tried installing would start it's setup. Zonealarm and comodo forewalls i tried installing also wouldn't start their setups. Windows safe mode isn't starting at all, reverting the system to a previous date does not work... and I've still got the uninstallable bitdefender prog on my drive.


What do I need to do in order to manually uninstall it? And if you could offer any advice on the virus situation i'd be greatful - anything other then re-installing my xp.

Comments

  • Please provide more information about the problems you are having with the viruses.


    For that I've moved the topic to Malware Talk so that someone can help you with disinfection. After you're clean we can talk about uninstalling properly. :)

  • G'Day n48,


    By the words you use to describe your problem, I believe you had what looks like legitimate popup windows which warned you about an infection and invited you to click on a fix or download software to fix the issue ?? is this the case, did this happen to you ?


    Also need to know what your OS (operating system) is and what level it is.


    :ph34r:

  • Thank you for helping me out!


    My os is xp sp2 and I'm using an old p3 1000mhz rig with 128 megs of ram and a small 20gb disk. I got no security threat pop-ups from BD.


    The symptoms of virus presence that I'm having are these:


    The various free av and anti-spyware programs that i tried installing in order to solve this problem either immediately turn off by themselves when I try installing them or start installing but ctd at a random point. The same goes for 2 free firewalls I tried installing.


    On my c: drive there's now a new folder called Avenger. Inside of it is another, system (invisible) folder called m, this one's empty. When i erase the Avenger map it comes back when I restart my xp.


    The Malwarebytes antimalware prog that i've been using for a year now won't start up anymore.


    The only antivir prog I was able to install since things started going crazy is the demo of trojan remover 6.7.5. When I start scanning the c: disk with it it finds the first threat very fast:


    "this windows service appears to be hiding using this rootkit techniques:


    c:documents and settings/user name/application data/srosa.sys


    the program is loaded by the following (hidden) registry key:


    hklm/system/currentcontrolset/services/srosa


    this file has a known malware filename


    appears to contain: Trojan.Downloader.Bagle"


    I can open files ok but since this trouble began the rts game that i've been playing for a long time and I know plays smoothly suddenly started getting choppy and slow. When I checked the system processes I found this never before seen line: winupgpro.exe - it eats up around 5 megs of memory and when i turn it off my rts game gets a lot faster, almost as it was before.


    Earlier today when checking processes i found additional weird entries: flec006.exe and wintems.exe - but these haven't reappeared after i restarted xp.


    When I hit the f8 key at startup and choose windows safe mode, the computer immediatelly restarts and loads up regular xp again. I cannot revert the system to an earlier date because for some reason xp has stopped making restore points at some point in time - I had no idea about this, I switched on the feature when I installed xp back in august and never used or checked on this feature again.

  • edited January 2009

    G'Day n48,


    1. - The 1st major problem we have is the number of Internet Security, Ant-Virus, -Malware, -Trojan, etc. programs you have installed on your PC.


    You need to understand that in the majority of cases (yours is one of these) that attempting to install any type of a parasite (Virus, Trojan, Malware, Spyware, Adware, etc infection) protection or remover after the infection has already occurred, does not work in 99% of instances. The remaining 1% where it can be removed, is by downloading specific removal programs and being able to start the PC in safe mode and or from a special boot CD that contains the remover program.


    You already experience the problem by not being able to boot in safe mode, caused by one of the infector Trojans or any others that have since been downloaded and continue to add more infections.


    2. - The 2nd problem is by the detail you have given for the current infection, which contain multiple Trojan and Virus downloaders, some of which hide themselves in different folders everytime you re-boot your PC.


    A: "this windows service appears to be hiding using this rootkit techniques:


    c:documents and settings/user name/application data/srosa.sys


    B: the program is loaded by the following (hidden) registry key:


    hklm/system/currentcontrolset/services/srosa


    C: this file has a known malware filename


    appears to contain: Trojan.Downloader.Bagle"


    Details.


    A and B: srosa.sys


    SROSA.SYS is Trojan-Downloader.Win32.Bagle.cu.


    Related files:


    %System%\drivers\hidr.exe


    %System%\drivers\srosa.sys


    Click on this link for -> Details of the Trojan-Downloader.Win32.Bagle.cu and its Payload


    C: Trojan-Downloader.Bagle


    Name: Trojan-Downloader.Bagle


    Threat Level: High


    Description: Trojan.Downloader.Bagle runs in the background and attempts to download malicious files from the Internet without the users knowledge.


    Type: TT_Downloader, TT_Trojan


    Also known as: Trojan-Downloader.Win32.Bagle.ad [ Kaspersky ] Win32/TrojanDrop


    Click on this link for -> Details of the Trojan-Downloader.Bagle


    These will not be the only infections you have on your PC as there are 100's of variations of these and more than likely you will also have the Smitfraud, Vundo and others, all part of this scenario and the consequence of the Trojan Downloaders.


    In the majority of cases it is best to format the Hard Disk and re-install the XP Pro operating system from scratch, as the recovery and removal of your infections may not be easy. In fact it will take quite a few hours and good computing knowledge on your part to be able to follow instructions, E.G. knowledge of editing the registry etc.


    Unless one of the experts from BitDefender has a simple solution that we can try, the alternative is a very long session to remove the multiple infection from your PC.


    I am sure that one of the Moderators will be watching this and get involved if they have a solution which I will wait for! If we do not get a simple solution in the next 24 hours, I will come back and attempt to help you to remove the current threats. ( I have done so before! - but takes time and effort)


    :ph34r:

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.