''Antivirus 2008'' bogus AV

hypnotoad · August 2008

Has anyone seen this thing in the wild? It sucks to get rid of. My users keep getting this thing over and over on their home PCs.

I'd love to ACL/DNS Blacklist whatever crapware site this thing comes from. Anybody have any ideas?

scheistermeister · August 2008

Yeah I have had to deal with it on a customer's PC before. Major PITA. Also had a site try to install it too. Someone posted up a link to a news site on a forum I am an Admin on and when I clicked it it closed all my Firefox windows and had one of those fake windows looking boxes pop-up saying I had a virus and want to install. I had forgotten to turn my pop-up blocker back on after working with the Cisco SDM. Needless to say I just killed it with the task manager and removed the link from the forum.

It was upi dotcom that triggered the pop-up.

bjaxx · August 2008

scheistermeister wrote:

Yeah I have had to deal with it on a customer's PC before. Major PITA. Also had a site try to install it too. Someone posted up a link to a news site on a forum I am an Admin on and when I clicked it it closed all my Firefox windows and had one of those fake windows looking boxes pop-up saying I had a virus and want to install. I had forgotten to turn my pop-up blocker back on after working with the Cisco SDM. Needless to say I just killed it with the task manager and removed the link from the forum.

It was upi dotcom that triggered the pop-up.

There's an 09 version out as well, how tricky.

RussS · August 2008

Time to learn exactly how these get onto a machine and how to remove them me thinks .....

Safe mode start and some digging is required

JJArms · August 2008

RussS wrote:

Time to learn exactly how these get onto a machine and how to remove them me thinks .....

Safe mode start and some digging is required

The digging is more annoying that it is worth, better off making a batch file to clean the registry.

One lady here at work, download the same virus 4 times because she wanted to go to the same website.

It was easier just to re-ghost the computer and start fresh.

Regards,

JJArms~

RussS · August 2008

JJArms - that is a solid solution

Personally, I prefer to pick these things apart and figure out how they got there, what they do and how to prevent it happening again. A batch file to clean the registry is good - however, if the TSR is say in the swap file it is just going to come back.

Methodology - it takes time initially, but usually saves you plenty in the long run.

rfult001 · August 2008

I believe we used a combination of Cleanup!, CCleaner, and SuperAntiSpyware to remove it around here. This is just another variant of the SpyCrush malware that was going around last year.

JDMurray · August 2008

Yes, I had to repair a system infected with AntiVirus 2009. The Spyware/Trojan had been installed on the system by someone who clicked a very realistic pop-up that claimed the computer was infected (the user thought the pop-up was from AVG Free 7.5 already installed on the computer). Fortunately, AntiVirus 2009 does not activate until the computer is rebooted, so I was able to easily delete the files and menu and registry entries it made before it p0wned the system. I'm still not sure why AVG 7.5 didn't catch it. I did upgrade the computer to AVG Free 8.0.

JDMurray · August 2008

JJArms wrote:

One lady here at work, download the same virus 4 times because she wanted to go to the same website.

It was easier just to re-ghost the computer and start fresh.

You might try using a program like HostsMan that blocks access to malicious Web sites by periodically updating the HOSTS file with publicly-available blocking hosts listings. It could save you a lot of menial downtime.

Slowhand · August 2008

My users don't get viruses. They know, if they do, I'll hit them with a stick until they stop screaming.

''Antivirus 2008'' bogus AV

Comments