Last week if you had asked me if I had ever heard of
Contra virus I would have said, “Contra what?”
I got a call from a local customer that had downloaded something called ContraVirus and she could not remove it. Lets clear something up. Contra Virus is not even a computer virus. It is just a deviously clever software package generally categorized under the term “malware” or (malicious software).
If you are here then most likely I do not need to elaborate on how annoying contravirus can be with all its system alert screens that attempt to scare you into purchasing a software license.
Lately I have been getting tons of phone calls and emails from people wanting to get rid of this ContraVirus that plagues the nation. You probably want to remove this thing right now. I know I would.
- Make sure you first have tried to remove the program via add/remove programs in the control panel.
So that didn’t work. Of course not. Why would they make it that easy to remove ContraVirus?
Repair Instructions
- Download the program Hijackthis from MajorGeeks.com http://www.majorgeeks.com/download3155.html
Run the program and REMOVE ANYTHING WITH REFERENCES TO CONTRAVIRUS
Here is an example of an infected computer’s hijackthis log file You will need to remove the highlighted entries
After infection with Contra Virus
Logfile of HijackThis v1.99.1
Scan saved at 8:19:10 PM, on 6/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ContraVirus\ContraVirus.exe
C:\Program Files\ContraVirus\ContraVirus.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Documents and Settings\CompCorp\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=27549
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 – BHO: IEExtension Class – {DBE5BEE8-F032-11DB-826A-C4BB56D89593} – C:\Program Files\ContraVirus\secieaddin.dll
O3 – Toolbar: &Radio – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Ad-Protect Toolbar – {EA038DDD-0FE0-41f5-BA60-FC3660529E71} – C:\Program Files\ContraVirus\ToolBand.dll
O4 – HKLM\..\Run: [ZoneAlarm Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe”
O4 – HKLM\..\Run: [ContraVirus] C:\Program Files\ContraVirus\ContraVirus.exe /s
O4 – HKCU\..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 – Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 – Extra button: Related – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra ‘Tools’ menuitem: Show &Related Links – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176684169564
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs, LLC – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
WARNING- IF YOU DO NOT KNOW WHAT YOU ARE DELETING THEN
DONT DO ANYTHING. YOU CAN DO DAMAGE TO YOUR OPERATING
SYSTEM IF YOU “FIX” THE WRONG ENTRIES.
IF YOU GIVE UP
Save a log file so if you can’t fix it yourself at least you can attach it and email it to me.
shane@fowlercomputer.com
Here’s some more help.
How to Analyze HijackThis Log files.
http://netsecurity.about.com/od/popupsandspyware/a/aahijackthis.htm
If you would rather not mess up your computer
Fowler Computer Repair offers support help via phone for a $25.00 donation to help keep this free computer repair website up and running.
paypal email adress: shanegfowler@yahoo.com
Mobile Phone Support: (603) 343-8331 (for paying customers only please)
Best of Luck
Pingback: Infected with ContraVirus Software? help removing Contra Virus « Fowler Computer- PC Support FAQ’s
how to remove contra virus form the system itself , after un-install its comes agioan .
please advise
Un-installed contra virus and it came back. I’ve used hijackthis, found & deleted only one file with Contravirus.
Help!
When i attempt to follow the instructions for removal of contravirus it says that access is denied…..
Well….I read to do this and I honestly didn’t think I would have success but it worked perfectly. I am not very computer savvy either. Try to access these programs and once you do you can wipe out this CONTRA VIRUS crap. The contravirus like said above is not a virus…it’s a simple software program.
To Fowler Computer, thanks for the simple solution to contra virus. I was able to eliminate the program without too much effort. I appreciate it! You must be getting alot of business removing contravirus from peoples computers.
This is what contra virus files look like.
C:\Program Files\ContraVirus\secieaddin.dll
C:\Program Files\ContraVirus\ToolBand.dll
C:\Program Files\ContraVirus\ContraVirus.exe /s
God bless you Fowler Computer! I am so happy THAT CONTRA VIRUS its finally gone!
I’ve tried twice to download HijackThis – each time I’ve gotten a warning from McAfee that it detected and deleted a worm.
And thank you Shane Fowler for the quick and easy solution to that contravirus crap. This Damn contra virus was messing with me and driving me crazy. It’s disturbing to see that all the first links on google link to other ‘spyware’ type software that don’t do anything. It’s good to see that there are people who really want to help out there. Thanks for your help in removal of the contravirus.
Pingback: Contra Virus Removal ***Secret Uninfection Tips « Fowler Computer- PC Support FAQ’s
Pingback: It’s Thursday. I’d like to bitch about it. « cool beans
THANK YOU THANK YOU THANK YOU SHANE..this contra Virus has ben driving me crazy for weeks. yOU WERE SO HELPFUL IN SECURING MY COMPUTER FROM FURTHER ATTACKS. I THINK you went way beyond the call of duty in not only removing the contra virus but also in deleting other pesky startup items such as realplayer msn messager, adobe updater, roxio easy start, quicktime, ipod helper, etc… thanks to your helpfull tips I was able to eliminate this from my computer and save many more headaches. I will definately call you before anyone else the next time I need computer assistance. Your instructions were clear and easy to do.
Thanks
Tim
Pingback: Top Posts « WordPress.com
Pingback: Remove Contra Virus or better yet dont install ContraVirus in the first place. « Fowler Computer- PC Support FAQ’s
I have the same problem as KM. I’ve removed the program and killed the processes identified by Hijackthis. It comes back every time, and no other program tells me there’s a process running.
What to do???
By the way, I’m still looking at the popup about my computer being infected every 2 seconds (literally), but Hijackthis doesn’t even show any processes associated with ContraVirus 2.0. I must still be missing some files that are associated with contra virus. I’m going to be calling you for some help removing this soon.
Shane
Thank you so much for your help with removing contra virus. I cant thank you enough for your help in getting rid of contra virus.