I need antivirus protection!

[NoCforMe]

Aaaargh; this is really pissing me off. Yesterday I started having computer problems. Specifically, Acrobat Reader (which I use a lot) stopped working, complaining about not being able to find an entry point in Advapi32.dll. Apparently something corrupted that DLL.

Through perseverance and black magic I've been able to somewhat track down the problem. Apparently I have some malware that's still lingering in my system, even after running a full Windows Defender scan that took several hours; the first time I ran it (yesterday) it found 3 pieces of malware that it quarantined. In order to restore the DLL I used the Windows system restore utility that restores the OS (doesn't touch any user files) to a saved restore point; this allowed Acrobat to work. At that point I though I had the problem licked, but no ...

So apparently I caught a virus. I thought that the Defender scan would have fixed it, but no, it's still there, somewhere, somehow, and it reinfects my system. Or else it's something being transmitted over the internet; when I disconnected my internet connection, I didn't experience any re-infection, but within an hour or two of reconnecting it it happened (can't use Acrobat).

This is a pain in the fucking ass.

So, what I would like to do is install a decent antivirus program which will 1) hopefully find and kill whatever malware is still hanging around my system and 2) prevent this from happening in the future. Windows Defender isn't up to the task.

I should mention that I'm running Windows 7, which of course is no longer supported, so I can't update the Defender virus definitions, so if I get infected by anything newer than what's already known to Defender I'm screwed.

I used to use AVG and liked it. Yeah, yeah, I know all about its hypersensitivity, how it likes to jump on our MASM-generated programs and all. But it is possible to manage all that; you can make exceptions so it'll leave programs alone. I use AVG on a Mac I use to watch movies on pirate sites, which are full of viruses, and it warns me in real time about such attempted attacks. It works well.

Problem is, I can't install AVG: it starts the installation process, then fails because one or more of its drivers aren't digitally signed (or aren't properly signed, or something). So forget that.

Does anyone know of any other FREE antivirus software I can use? I guess if I can't find anything free I might be willing to pay a little dough. Probably worth it to prevent all this crap from happening. But of course it would be nicer to get a free package.

[zedd151]

Well gee, that's a tough one. Do you have any idea how you got infected?
Worst case scenario is reformatting and a clean install of the OS. But, whatever caused the infection in the first place may still be on an external drive, if you normally have any attached. Even worse if the file is on another partition on the same drive. Of course reusing whatever the source of infection was will reinfect your system.

You mentioned acrobat reader, I am assuming an older version. PDF files can contain embedded malware, iirc. Do you visit fringe websites (other than Masm32.com, sorry stoo  ) and download anything questionable?

Sorry, I can't help with any tips for a decent free AV software. As I have mentioned on the forum in various places, I regularly reinstall a fresh copy of the operating system as my antivirus protection.

Look for some of hutch's posts, there were a few different AV softwares he had mentioned over time.

[NoCforMe]

0. No partitions here.

1. Don't know how I got infected. Possibly through a free app I installed (a WAV to MP3 converter).

2. No, very new version of Acrobat. Pretty sure that wasn't the route of infection (through a PDF).

3. No way am I going to reinstall my OS unless I absolutely have to. Unlike you I don't find that enjoyable at all.

[zedd151]

Check this...
https://masm32.com/board/index.php?msg=119077
KVRT.exe from kapersky, hutch used it to scan files. It doesn't need to be installed, iirc. Just run it when needed. Might be worth looking into.
The topic discusses Windows 10, but that tool should be usable on win7.


Edit:
Never mind. It seems it cannot be downloaded in the U.S. I just googled for it. 

Found another source for KVRT...
https://m.majorgeeks.com/files/details/kaspersky_virus_removal_tool.html
Well, that link gives me a '403 Forbidden' error

[zedd151]

Another source for kaspersky KVRT.exe
KVRT This link works. Using Opera browser with VPN enabled. I am downloading it now from there, I'll let you know how it goes when I run it.

later:
it downloaded fine, but it needs a security update 'kb4474419' from Microsoft (won't run otherwise) ... I'm downloading that right now...

still more later...
Well crap. While installing that update.. it only runs about 33% through and freezes. so looks like no dice at least for me.

[NoCforMe]

Thanks, Zedd, for saving me all that trouble.
Hopefully someone will come up with an AV solution.

[zedd151]

Thanks, Zedd, for saving me all that trouble.

No probs. I stopped the update install, now when attempting it again it throws some obscure exception. That's  MS for ya.

It sounded like a very good tool, and the virus definitions are updated regularly.

[NoCforMe]

Well, I found a temporary workaround: I told Adobe to go to hell and downloaded Foxit PDF Reader, which works for now. Of course, it's probably just a matter of time before some other application needs to use Advapi32.dll and blows up ...

[zedd151]

Well, I found a temporary workaround: I told Adobe to go to hell and downloaded Foxit PDF Reader, which works for now. Of course, it's probably just a matter of time before some other application needs to use Advapi32.dll and blows up ...

Are you sure that advapi32 is corrupt?
There are probably dozens of programs that need it.

Foxit reader is good. I haven't used acrobat for ages.
As for my corrupted update install, I'm gonna reinstall the OS in the morning. It's been a while since I treated myself to a fresh install.

[NoCforMe]

Are you sure that advapi32 is corrupt?

Can you think of another reason that a program (Acrobat) would fail with a message saying it couldn't find a certain entry point in that DLL? I can't.

[zedd151]

Have you updated acrobat? A new or updated version might need an API that win7 version of advapi32 doesn't have. If you haven't updated or installed a newer version, then probably you are right that advapi32 is toast.

[stoo23]

As an aside,.. I was always rather Suspect of Kaspersky as I had heard too many stories regarding Russian hackers etc, and being Russian, may well be Why you guys in the US can't get it  ?? might be wrong ofcourse,.. I was surprised that Hutch recommended it TBH 

Perhaps these may be useful in tracking down any remnants, (without the need to install) 

https://www.f-secure.com/us-en/online-scanner
Or
https://www.sophos.com/en-us/free-tools/virus-removal-tool

Sophos requires a program to Start the online Scans but it can be placed on and run from a usb etc.

[jj2007]

that advapi32 is toast

You can always place an older version in the executable's folder.

[jack]

I heard that hackers found a zero-day vulnerability in the Windows update system, but in order to be infected the hacker would need access to your PC either physically or remotely, it's very nasty if you ever get infected, watch the first minute or two of this video from Dave's Garage:
https://youtu.be/EmPfpqzeBqA?si=ecmmk07EpIsjkEr6

[NoCforMe]

Well, good news: I ended up installing a pretty good AV (Total AV), did a complete scan and it found a bunch of infected stuff that it quarantined. Of course, some of what it found were perfectly legitimate programs (like one of JJ's!) that it viewed with suspicion. But it seems it found some actual infected files; most of them were ones I didn't need or were in temp folders, so I just shitcanned them.

I've rebooted and reverted back to Adobe Acrobat, which (so far) seems to be fine, so we'll see. I shouldn't have asked y'all to do my homework for me, as it's pretty easy to find lots of online reviews of free AV software. Of course, if someone has a recommendation for a particularly good one, I'd like to hear about it.

One thing about Total AV is that if you want real-time protection you have to pay for it, unlike AVG which gives you that for free (or at least used to).

I really don't see how anyone here who does anything online can do without some kind of antivirus protection, as it's all too easy to pick up an infection even if one doesn't do anything stupid like open phishing emails or download sketchy software. What, do those folks like wiping their disks and reinstalling their OS?