I make no guarantee of any kind for any purpose and am not liable for any loss of anything of any kind due to following or attempting to follow these instructions.
The daughter got caught by what one would call scareware or hostageware: it’s an app that pretends to be an anti-virus program.
This app tells you all about any number attacks on your computer, and then it asks you if you want to purchase a license. I have no idea what the end result of this “purchasing” a license is, and I know I have no intention of finding out.
This particular app calls itself “AV” and is quite sneaky. It makes use of official looking warning messages, installs itself in your computers start up list, puts itself in the quick start bar (MS Vista) and uses microsoft look alike icons and even tries to get you to install it as the system firewall.
I finally found the executable in the following directory:
C:\Users\[user_name]\AppData\Local\ktvbpysxb and it is named knxgpottssd.exe
THIS APP INTERFERES WITH THE NORMAL WORKINGS OF AT LEAST Norton Internet Security! I don’t know if it does the same with others.
You will have to do the following to remove it manually:
1) Start computer in ‘safe mode’. Do this by COMPLETELY SHUTTING DOWN and then starting the computer and tapping the <f8> key until you get a screen asking how you want to start Windows. Choose safe mode without networking.
2) Once you are at the safe mode desktop go to ‘Start’ -> ‘Run’ and enter ‘msconfig’ and look for suspicious entries. These entries could have ‘Manufacturer’ listed as ‘unkown’, be in directories that don’t look similar to other entries, etc.
3) Uncheck any suspicious looking entries so they’re not run at start up.
At this point you need to reboot the computer and see if the scareware AV is showing again. If it is forget the amateur manual thing and get some professional help.
BUT
if the above process worked, go back to start -> run -> msconfig (you don’t have to reboot), check on the startup tab and find out where that file exists you unchecked.
as long as you are comfortable with what you are doing REMOVE THE FILE AND DIRECTORY ENTIRELY … DO NOT RELY ON THE STARTUP SETTINGS! Make sure you empty any recycle bins … do not leave copies of this file running around your computer.
If you are not comfortable GET SOME GOOD HELP!
This process did the job for me. WHAT EVER YOU DO DO NOT RESPOND TO ANY ANTI-VIRUS MESSAGES THAT ARE NOT COMING FROM AN APPLICATION YOU INSTALLED ON YOUR COMPUTER YOURSELF! AND BE ABSOLUTELY SURE OF WHATEVER YOU INSTALL “FOR FREE” FROM THE INTERNET!
Also not I make no guarantee of any kind for any purpose and am not liable for any loss of anything of any kind due to following or attempting to follow these instructions.