Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Yea I agree, cleaned a friends PC from it, took a few hours of work!

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

i dunno if it's more agressive, or more suckers grab "antivirus" as soon as they see the link...
i mean there are many viruses out there, why not have protection with(from?) this great product?
hehe...

solution?
users must have proper antivir programs preinstalled...if they start installing, then they'll install the virus
i mean even with antivir they still can do damage, but it'll probably be less than this....

sometimes infection slows the system so much that you can't really work on it...
in that case it's not 2hrs, but more like 12...
and then you realize you're gonna install os anew...

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Ran into that as well. It is cleanable without need for reinstall.

Cheers, Wizard

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

I have had to deal with TWO boxes infected by this godawful piece of shit.

In both instances, the damn thing would pop up every two minutes and the computer would randomly freeze. I had to do a complete format on those boxes. Backing up all their shit to my external HDD was a pain in the ass because the fake "Antivirus 2009" kept popping up.

And somehow, my laptop is infected now. I have no idea how it got on there, only that it was unusably slow for a while and now it's blue screening during boot. Now I have to pull out the drive and borrow my friend's laptop HDD adapter to get my data off there so I can reformat.

This thing is very common. And now that it's on one of my machines, it's pissing me off. I love Windows but I hate how this shit happens to unprotected machines.

Re: antivirus 2009 rogue spyware "antivirus" becoming more aggressive?

I cleaned one Compaq two weeks ago from this (and other) bug.
It is connected to internet using Verizon DSL service, and the lady was paying like 6~8 a month extra for a "Protection Suite" which includes Kaspersky AV, a firewall, parental controls and an anti spyware.
The machine was as slow as hell. She bought it to me to install it OpenOffice for her daughter, and I told her it was infected. It is strange how you try to explain a virus/malware/spyware infection to some people. Lady's husband LITERAL quote : "I told you that the DVD movies you bought last week, which are obviously copies, had infected the computer" (just a copy of Valkyrie and Punisher War Zone, as I checked after the quote).
Anyway, I removed a ton of stuff (I had to take apart the HDD and put it in my rig with a USB to IDE adapter because it was taking ages to scan on her own system).
I removed the bugs, but the antivirus/prot. suite was damaged somehow, as the machine was as slow as when it was infected. I uninstalled the suite and installed AVG 8 free to test. It had to be reinstalled every other boot because AVG complained that it's installation was corrupted.
The best solution after three days trying to explain them the damage was to backup data, reinstall and go happy ever after ... but now they don't want that. Now the machine is running on a DSL connection without AV installed .... their problem, not mine, but now "I" am the one to blame for their problems and for trying to be nice and clean the rig.

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

i didn't say av2009 needs total system reinstall...just that sometimes system will be slow you can't work on it...probably as a results of few infections, as one infection is usually opening the doors for other crap to enter...

in that case system files seem to be corrupted etc.so cleaning the virus alone doesn't heal it...

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Exactly my case (well, the lady in question's case...)

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Thats where utilities like http://www.ubcd4win.com/index.htm come in handy - boot using the CD, update and scan the system using the AV from the CD.

Many times quicker and safer than trying to get an infected Windows install running.

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

malwarebytes anti malware is god at getting rid of this malware.
the one with 12 copies running was so bad with other stuff i backed up the documents and settings folder for the customer and reinstalled.

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

That's exactly my first approach, but as I said, it was slower than hell, and then I hooked the HDD to my PC using the adapter. But it was somehow damaged by either the bugs or the removal of them.

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

It's a real shame that Malwarebytes and the other good tools cannot run from BART-PE.

They all insist on installing shit in the WINDIR directory, which is often on a CDROM, so it fails. I do have BART running on a bootable 4gb Patriot Xporter flash disk, but not all machines will boot from USB flash.

The AV200x is a nasty little bug. The newspaper said they arrested one of the US distributors, but the prick in Russia is not reachable. Too bad.
On the other hand, these bugs keep me employed.

I saw a new one on a Vista machine today. First time. Some Privacy thingie the client inadvertently clicked on a website. It installed and locked out his machine. Nothing was running except the extortion demand to buy the remover for $69. Fortunately, it was confined to his profile, so I could use Malwarebytes to remove it using an alternative user profile. The next time around, the author of that bug will no doubt make it launch with all profiles.

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

I've noticed that I can no longer remove these rogue antivirus apps with malware bytes alone any more. used to be, one MBAM scan in safe mode, and you were good to go. Now I'm finding it quicker (and cheaper for the customer) to just reload windows. Just got done with two machines this week.

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

That was the 2nd approach. The damn Compaq would not boot from USB

And the user does not understand why a program had left her system in that state. Some people does not deserve the use of a computer.

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Agreed!

You might want to try this: Hiren's BootCD.

You can add your programs to the menus and it will all run in a Virtual Windows environment.

Stuff I use for this:

ComboFix - bleepingcomputer.com
FixwareOut - No longer supported from bleepingcomputer {but it is out there}
F-Secure Blacklight - f-secure.com
Avast! BART CD - Will also allow you to add programs to run from it. You may have to dig around for this one. Torrents anyone?
MalwareBytes AM - malwarebytes.org
SpywareBlaster - javacoolsoftware.com
Spybot S&D - safer-networking.org

Toast

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

This is why I have a test pc. It doesn't matter the condition of their windows installation. Linux backs up their crap, and a nice new updated AVG install in Windows does the virus scan.

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

I've used Hiren's before, and used it on this specific case. The problem was it was slooooooowwwwwwww (crawling slow), so I did what I did. But after the machine was clean again, the firewall and AV in the installation were malfunctioning, and the only viable solution was a reinstall, which the customer said no....
But Hiren's is good.

And I agree on that issue regarding Windows reinstall being cheaper and faster (and more secure) than a cleanup in some instances...

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

I usually use a combonation of malwarebytes (I actually bought the full version I like it so much,) and also I use SUPERanti-spyware. These two combined can get rid of about anything.

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

Well, on this particular case, I used MBAM, Super Antispyware, AVG, SpyBot S&D, and the run Combofix on the machine after I returned the HD to it's original place.
Still, as soon as any antivirus was installer, it started giving errors and was even slower. Weird case indeed

Re: antivirus 2009 rouge spyware "antivirus" becoming more aggressive?

What advantage does Linux give you here?

How do you install AVG (or any program for that matter) in a machine that has, quite literally, tied itself in knots?

The last system with this virus-ransomware program that I had come in, took nearly 3 hours to get to the desktop!! It would not safe-boot at all. It took the Avast! BART CD to get it moving, then a few runs of the others to get it purged.

I then removed both McAfee's and Norton/Symantec's P.o.S. BLOATWARE programs. Man, let me tell you, THAT was a FIGHT! Neither would uninstall completely until I found some cleaners from their respective tech-support's that do get most of the pieces out. Even after that, they both leave doo-doo in the registry that several reg cleaning runs, still wouldn't purge. Can you say M-A-N-U-A-L removal?

Toast