Just got stung with some fake antivirus that popped up on my computer. It burned through AVIRA antivirus like it wasn't even on, putting porn and spam icons onto my desktop. I loaded up Kaspersky's AV free trial, and even that was dragging its feet (that surprised the heck out of me). However, Malwarebytes Anti-malware identified 58 infected files and got rid of them all with one reboot. The interesting thing was, that while the fake anti-virus software was running, it detected the malwarebytes software and stated that it was "not certified" and should be removed. The version I had was from 2/10, and at that point, I think the fake AV wouldn't let me update the malwarebytes. I went to the web page and downloaded the new installer, which then updated itself and promptly got rid of the fake AV. Awesome when it finally works. The name of the fake AV executable is AVT.exe (note the similarity to AVP.exe which is the executable for Kaspersky's AV, LOL...) Just an FYI.
The fake AV's are ferocious when installed. MAL does an awesome job of removing them along with HijackThis.
Fake AV software are pretty malicious.... they can completely shut down any attempts by other real AV software to remove it. Luckily you were able to recover from it, but honestly after an infection i can't look at my os the same... i feel the need to clean wipe it... cause traces of code could be hidden away somewhere, gathering your information.... yeah i'm paranoid about that stuff lol
What sites were YOU looking at lol. I've had kaspersky for a few years now, and I've never had any problems.
Generally speaking, AVs (unless integrated with malware/spyware features) won't catch this sort of stuff.
Don't know, but I've never had any problems with porn sites, if that's what you mean. I find more virus or malware attempts at game and entertainment sites. It was actually one of my kids' computers (which I was playing SC2 on) so there wasn't any pron on it (I regularly check). When I booted up the thing, a multitude of warning msgs came up, and it also disabled Task Manager so that I could not shut down the process tree. At the time, the computer was loaded with up to date Avira AV (the free version). I removed Avira, installed Kasperskys, updated it, and rebooted; it did start to find problems but then took its time getting rid of them one at a time, with several reboots. I noted that each reboot, seemed to be dealing with the exact same set of files that were supposedly previously deleted or quarantined. While this was going on, the fake AV's dire warning msgs were ongoing in the background. Then it went and shut down the system despite active Kaspersky. So as far as I'm concerned, even with Kasperskys, it failed to stop the fake AV from taking control over Task Manager, and being able to reboot the system. After the reboot, another warning msg came up, telling me that "uncertified" software Malwarebytes was found and should be uninstalled. On a hunch that that would be its Achilles heel, I eventually got a new version of Malwarebytes installed, updated, and it immediately removed nearly all the problems files (58 of them) with just the quick scan. A later full scan found one more file, which it then also deleted. Note, this was after Kasperskys did a full scan. To be fair to Kaspersky's; this was their 2010 AV, and not their internet suite. I don't know if there are any major differences in protection, but one should expect that the AV suite would protect against such commandeering of your system. If they purposely did not include such safeguards into their AV suite, then it was a huge oversight. Indeed, it was a valuable lesson learned. The failure of Kaspersky's was eye opening for me; I had long touted its superior performance at 100% "in the wild" type virus and malware. But I guess this proves that's no longer the case. The name of the program is Malwarebyte's Anti-malware. I did, after a quick web search, initially download a program called Anti-Malware Pro but something didn't feel right so I didn't install it. The logos had looked different from the previous version already on the computer. So I went back to the original site and downloaded from them. The downloaded Malwarebyte's Anti-malware installer file (mbam-setup-1.46.exe) is 6010 kb file size, while the other Anti-Malware Pro file was about 2000 kb. After running the real software, I noticed this msg in the log: \My Documents\downloads\anti-malware-pro-v04.exe (Rogue.AntiMalwarePro) -> Quarantined and deleted successfully. That is, Malwarebyte's Anti-malware, found Anti-malware Pro's installer; recognized it was a rogue program and promptly deleted it. So in other words, there is a fake program using the "Anti-Malware" name, and I had almost fallen victim a second time... Spoiler: More on what Anti-Malware Pro really is, and its dangers... http://www.2-spyware.com/remove-antimalware-pro.html http://www.2-viruses.com/remove-antimalware-pro Even Brothersoft is fooled into providing a link for their fake software: _ttp://www.brothersoft.com/antimalware-pro-330059.html ***if you really want to see the link, then change the underbar back to an "h" I just didn't want to provide an active link because someone may not look and mistakenly install that fraudulent software. -shock Later, while researching this problem, I also found some interesting videos already on youtube that details this exact problem. They refer to the software inappropriately as Malwarebytes Pro and claim that's for the pay version, with the free version being calle Malwarebyte's Anti-Malware. However, using Malwarebytes own webpage, there is no mention anywhere to the word "pro" for either version. The pay version is called Malwarebyte's Anti-malware Consumer License ($24.95): [video=youtube;k5Igb411IAY]http://www.youtube.com/watch?v=k5Igb411IAY"[/video] [video=youtube;kPk_ttavhbo]http://www.youtube.com/watch?v=kPk_ttavhbo"[/video] [video=youtube;r_pgf_kqYqc]http://www.youtube.com/watch?v=r_pgf_kqYqc&NR=1"[/video] The commentator on the videos seems to lose his editorial focus towards the end of the third clip (I think he was looking for fake AV sites, but didn't find any so he didn't know what else to say), but you'll get the general idea. At any rate, this was one huge cup of coffee to have to wake up and smell.
all that time trying to remove it and a high chance of getting infected again reformat is the fastest way to and along upgrade to windows 7 pro where u can create an backup image of all the apps installed and when time arrives, u can re-image ur system back to the perfect state in less than 30 mins
lol but all that cost money man i don't trust bootleg vers of os. if i get infected i would try to resolve with software and programs first. but i have a slow comp and slow internet i understand that others will go for the reformat way. Anyways i remember someone i know had the fake AV problem before but luckily it was on an old pc that was about to be replaced anyways, that really sucked.
I do agree that reformatting is a quick easy solution (I've done that plenty of times too actually, just reboot with the win CD and remove the partition, format the disk, and reinstall the os; bam... new computer). However, if there is critical data on the drives, then sometimes, that is not an option.
I have the same prob earlier .. is this malware thing new? I didn't hear anything about it until you mention it here. I just use the trial Kapersky and McFee.. the one ya'll suggested here .. slow things down .. a lot.
that's because u choose to put critical data on the same drive as the OS drive is on... i have really only trusted Trend Micro Internet Security PRO...using them since this PC was bought 3 yrs ago
Yeah, you're right; I've been meaning to put all data onto an external drive case for years. This is just the issue that I think will force me to get off my butt and finally do it. Just a lot of personal research materials and picture archives, but stuff that I spent a lot of effort into accumulating, LOL... -rolleyes
I thought if you run your browser in the sandbox, then it shouldn't be a prob, right? Did I get that wrong?? At least that was what Phantom told me last time.
That only works if you're smart enough to isolate things into a sandbox to begin with; dummies like me always get burned first before we wise up, LOL... -bowroflarms
