Some users on our network were infected recently with the AntiVirus Pro 2010 virus. The users disabled the anti-virus to install an application that resulted in AntiVirus pro being installed on the systems (we're unable to get a straight story as to where or why they tried installing this application).
The virus was removed by using BackTrack 4 to edit registry settings and delete the infected file. We then enabled the anti-virus (Avast) and ran a full virus scan, that returned zero results. We then attempted to use the Auto-update functionality of the anti-virus that resulted in a "Connection Failed" message.
Upon testing connectivity using PING and other tools that utilize ICMP, we were able to verify connectivity to servers within our LAN and WAN (and DNS lookups). However when attempting to connect to any website (via DNS or IP) within our LAN or WAN we received a "Connection Timed out". Additionally an FTP connection is possible as well as a major of other protocols. The system hosts (C:\WINDOWS\system32\drivers\etc\hosts) file has been checked and contains no irregular entries. It seems that specifically port 80 traffic is being blocked, we believe its remnants of the virus.
Are there any suggestions that resolve this issue? We have searched extensively and used all tools that are available specifically to remove this virus. We have even tried attempting to find a full list of modifications that the virus makes and have one of our developers running a simulation in an emulated environment to attempt to come up with this list.
Best Answer
The only solution to any compromised system is a wipe and reload. It's not your system anymore - regardless of what scans are made.