E-Set Antivirus 2011 Removal

I've been given a machine by a family member which is infected with E-Set Antivirus 2011. I would normally re-install XP on this machine but don't have the luxury of an XP disk. This is what I have done so far,

Visited Remove E-Set Antivirus 2011 (Uninstall Guide), and have followed the instructions, but no success. Whenever I try to run r-kill, it just goes into this loop where internet explorer opens then can't open a page, if you close IE, it restarts this loop. One thing I have noticed though, is RKill is running in task manager, but no windows are visible for RKill.

I've tried installing MalwareBytes but don't have enough privileges. I can't run system restore, can't create any new user accounts. Basically, can't do anything, can't manually delete files, only some of them will delete.

Would I be able to burn a linux live cd, run this, and then delete the files from there, although, I woudn't be able to access the registry, so may be pointess?

I do have access to the internet, do you think an online scanner would work?

I'm pretty much at a dead end as to what to do, any help would be greatly appreciated.

 

Online scanner will just detect a virus and not remove it.

On an infected system, the best bet usually is to format and install fresh again ensuring you have an Antivirus to install the first thing after the OS has been installed and update it.

I myself using ESET Smart Security and have never been infected with a virus for 6 years, but being prevented is one thing, and being infected is another, who knows what has that virus actually done to the operating system. IMO, it may have messed many things up that its not even worth wasting your time trying to remove it. Just backup, and format

my 2 cents

 

As much as I'd love to re-format, as it's completely messed xp up, I don't have any disks to do so, so am looking for a way to get shot of this!!!

There must be someone out there with the knowledge......

 

I've managed to get rid of the actual infection (I think), but now have an issue. There was only one user account on the system. Due to the infection, this account no longer has admin rights, no other accounts are on the system, how on earth can I do anything to rectify this, anything I try to do is met with access denied, or login as administrator.

 

Try this:

1) Restart you PC

2) keep pressing F8 until you get a menu

3) log into safe mode

4) the Administrator account should be there, see if you can logon to it (hoping these is no password set as usually there isn't)

 

A user account never has admin rights. Thus no malware has removed those rights.
Also, run HitmanPro (version 3.5.9.127) to remove lingering malware, see my sig for a download link.
Have you been given an infected computer as in, you can have it?
Or as in, please clean it and then return it?
I'd ask the family member for the admin password in order to continue. I'm sure they will provide it in order for you to clean it.

 

All is good (hopefully), full marks to microsoft, I remember reading somewhere a while ago about someone who managed to remove this via windows update, may have been through defender but can't remember, anyhow, ran windows update, e-set 2011 has gone. Managed to run malware bytes, found in the region of 200 threats, so it's removed them, managed to install MSE, and this is now working as it should, updated etc. Going to run a scan with this later, but so far so good, just need to do a very good clean-up, very good scan, and all is good and cleaned up.

If I could rep myself I would lol, as i've always had a nightmare with these sorts of infections, but pat on the back to me hehe

(Also managed to access the administrator account after E-set had gone)

 

Make the Kaspersky Rescue CD on an Uninfected PC,

Boot from it on the Infected PC and update the software (best to be connected to internet using ethernet cable, so it can get the latest updates before scan.)

Scan for nasties and remove what it finds.

How to Use the Kaspersky Rescue Disk to Clean Your Infected PC - How-To Geek

 

cheers for the input, all is now well, I guess this flies against rules in some way, but as I fixed it, and want to have a glory song, here it is, lol, love this song:

<param name="movie" value="http://www.youtube.com/v/UAWcs5H-qgQ?version=3&amp;hl=en_GB"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/UAWcs5H-qgQ?version=3&amp;hl=en_GB" type="application/x-shockwave-flash" width='560' height="349" allowscriptaccess="always" allowfullscreen="true"></embed></object>