Yet another Antivirus2009 victim

Help and Discussion

Moderator: The Mod Squad

Yet another Antivirus2009 victim

Postby tedybear » Mon Jan 05, 2009 5:52 pm

Well, looks like this one should be upgraded to moderate/severe on the crap'o meter.

Not sure how much damage I'll be looking at, however my stepfathers computer pretty much did a belly up a few days ago. Right out of the box? (after an extreme long bootup time) it kicks up a very convincing "Antivirus2009" display making it appear he downloaded it and it wants the usual $$ to remove the nasties.

This things got guts. It nuked AVG fully. The firewall? Can't be found!?! And even after re-installing AVG? All it will do is a basic 'fast scan'.

I've found removal tools and such for this nasty, but this one takes the taco for doing a great job of 'faking' microsoft's style. Normally it's not hard to pick out the trash. This one fooled me for a while as well!

S-
tedybear
Black Belt 5th Degree
Black Belt 5th Degree
 
Posts: 7251
Joined: Sat Feb 14, 2004 12:55 am
Location: Fulton, New York, on Earth

Postby evasive » Tue Jan 06, 2009 3:27 am

We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby Copper » Tue Jan 06, 2009 10:25 am

found on adult websites.



I assume his wife was out at the time


:mb_rotfl::
"Only two thing are infinite, the universe and human stupidity,and Im not sure about the former." Albert Einstein (1879 - 1955)
Copper
Black Belt 5th Degree
Black Belt 5th Degree
 
Posts: 8640
Joined: Mon Jul 14, 2003 12:38 pm
Location: Midlands UK

Postby Mr T » Tue Jan 06, 2009 11:28 am

No, not just adult websites.....

Got it on my main system on a page from Google....

Removed by....

Downloading Malwarebytes Antimalware - run in Safe Mode...

Downloading SUPERAntispyware and running in Safe Mode.....

Reset IE to default settings... Disable system restore first....

Got through AVG, Spybot S&D didin't detect it either...
I have been programming on computers since the ZX81.
I am an apprentice trained Electronics Engineer with qualifications to back it up.
I have been repairing computers since 1996.
Yet to some people I still know nothing...
Mr T
Enlightened Master
Enlightened Master
 
Posts: 17087
Joined: Fri Jun 14, 2002 1:03 am
Location: England

Postby snakebite66 » Tue Jan 06, 2009 12:08 pm

Mr T wrote:No, not just adult websites.....

Got it on my main system on a page from Google....

Removed by....

Downloading Malwarebytes Antimalware - run in Safe Mode...

Downloading SUPERAntispyware and running in Safe Mode.....

Reset IE to default settings... Disable system restore first....

Got through AVG, Spybot S&D didin't detect it either...


Just changed over to Malwarebytes Antimalware and SUPERAntispyware to give them a try....
"Take counsel in wine, but resolve afterwards in water."
Benjamin Franklin (1706-1790)
snakebite66
Black Belt 2nd Degree
Black Belt 2nd Degree
 
Posts: 2098
Joined: Mon Aug 19, 2002 5:18 pm
Location: West Midlands UK

Postby TriAngle » Wed Jan 14, 2009 3:16 pm

I've been using ZoneAlarm's Internet Security Suite 2008 and SUPERAntiSpyware for the last 1.5 years, and haven't been bit yet on one Windows PC.
Using Comodo Internet Security and SUPERAntiSpyware on another Windows PC, and lucky there, also.
I'm running Linux right now, so that's pretty much safe.
Good luck.
Tri. PDT_Armataz_01_01
"Common sense is not so common." - Voltaire
TriAngle
Black Belt
Black Belt
 
Posts: 741
Joined: Fri Jan 23, 2004 3:18 pm
Location: over there...

Postby tedybear » Wed Jan 14, 2009 4:54 pm

Part of the problem is the fact he (my stepfather) can't stand, or can't figure out how important zonealarm is. He un-installed it...and windows firewall was turned off???

Needless to say the entire system was (and still is to some extent) a disaster. It's cleaned up fairly well, windows firewall installed and working.

For some reason? AVG, even with a clean install? Can't manage a full scan without shutting down all it's parts---re-activating 'em...and then it kicks up another scan which seems to work?

So I went with Anti-Vir (or var....Kim Komando's recommendation LOL) It flushed out 8 more nasties.

Spybot S&D reinstalled, and updated...and it kicked up well over 90 problems. All cleaned up and set to block bad pages in the backround.

Went with CCleaner and it found a huge amount of crap, all taken care of.

The system is running quite fast now, and that bullcrap program is totally 'Goneeeeeeeeeeeee'.

Have a couple of issues remaining. I can't get (and I've searched the 'net' for this issue) The windows update site...Is supposed to run an active x control. It starts off on the right foot---however? It kicks up a window stating the 'control' is not signed. (It's supposed to be microsoft!?!?) So the update never starts. The system is configured to autoupdate in the backround, and that seems to be fine. Just the website appears not to work on his system.

Between that and not being able to update IE to version 7...those are the only two issues I haven't been able to figure out. (IE 7 states it can't verify the files...and asks to have the 'encryption' add-on installed!?!)

I turned it back over a few days ago. Basically let 'em know the next time? It'll need a full re-install, due to not being able to get the last two issues worked out. And they do not use that computer for anything related to bills/banking/etc... (they use Mom's computer for that, and I've got that thing at max security sense day one)

S-
tedybear
Black Belt 5th Degree
Black Belt 5th Degree
 
Posts: 7251
Joined: Sat Feb 14, 2004 12:55 am
Location: Fulton, New York, on Earth

Postby evasive » Thu Jan 15, 2009 4:26 am

reinstall/repair IE6 (w/SP2 added). there's documentation on how to do that.
We hate rut, but we fear change.
********************************
System error, strike any user to continue...
evasive
Mobo-fu Master
Mobo-fu Master
 
Posts: 37389
Joined: Sun May 06, 2001 12:01 am
Location: Netherlands

Postby TriAngle » Thu Jan 15, 2009 1:17 pm

If he won't learn, next time, send it back with a bill..........$150.00, or 5 cases of good beer.
Comodo Internet Security Suite is free at www.comodo.com
Glad you pieced it back together.
"Common sense is not so common." - Voltaire
TriAngle
Black Belt
Black Belt
 
Posts: 741
Joined: Fri Jan 23, 2004 3:18 pm
Location: over there...

Postby tedybear » Thu Jan 15, 2009 2:10 pm

LOL. I got paid just $50 for doing it this time. About par for the course, spent about 4 hours total on it just getting it that far.

I'll give the reinstall of IE 6 a shot next time I'm over there. He's got some oddball "security" programs running that seem like overkill in regards to his IE 6. Seems he went for the google/yahoo type blockers that put what can be called a "lock" on what gets added on/off his IE 6. What he fails to understand? It only takes ONE to get the job done...(and it's normally best just to set the security settings within IE 6) He's got something like 3?!? So every time I attempted to clean up IE 6? Warning window kicked up and it reverted back to the wide wide world of clutter.

S-
tedybear
Black Belt 5th Degree
Black Belt 5th Degree
 
Posts: 7251
Joined: Sat Feb 14, 2004 12:55 am
Location: Fulton, New York, on Earth

Next

Return to Virus/Spyware/Security

Who is online

Users browsing this forum: No registered users and 1 guest