The 'AntiVirus PRO' Scam - U2 Feedback

Go Back   U2 Feedback > ZOOTV > Restart and Reboot Yourself
Click Here to Login
Reply
 
Thread Tools Search this Thread Display Modes
 
Old 05-26-2011, 08:11 PM   #1
Blue Crack Addict
 
flybabe's Avatar
 
Join Date: Apr 2006
Location: Sunglasses,USA
Posts: 17,056
Local Time: 01:52 AM
Normal The 'AntiVirus PRO' Scam

There's this 'program' that will pop up on your computer randomly with a screen show that there are viruses on your computer, and recommending a download of this software in order to protect your computer. For the love of God, don't download it. It will worm it's way through your computer sending tons of annoying pop ups saying that 'Malicious software detected' when in fact it is the virus. It's a bunch of trojan viruses claiming to detect them. If you get this on your computer and you have windows, turn on Windows Defender and it will kick it's ass. It took a while because I made the mistake of deleting the file before I found out how to get rid of it properly.
__________________

__________________
flybabe is offline   Reply With Quote
Old 05-26-2011, 08:56 PM   #2
Blue Crack Addict
 
Liesje's Avatar
 
Join Date: Mar 2002
Location: In the dog house
Posts: 19,557
Local Time: 12:52 AM
There are dozens of these going around lately. I spend half my days at work removing them (I work in IT and my main responsibility is working on students' computers). They all behave a little differently but by now it takes me about 10 minutes to completely clean them off, manually (not using other programs to scan, fix, or remove them, I clean them myself).

ETA: I've seen the Mac version as well. Yes, that's right, I've seen a Mac infected with a rogue antivirus that also had some proxy or browser redirect that loaded porn regardless of where you tried to browse.
__________________

__________________
Liesje is offline   Reply With Quote
Old 05-26-2011, 09:07 PM   #3
Blue Crack Addict
 
flybabe's Avatar
 
Join Date: Apr 2006
Location: Sunglasses,USA
Posts: 17,056
Local Time: 01:52 AM
A Mac, the god of computers, infected with this crap...

It's out there just to piss you off it seems. It didn't do much to the computer, it would just take over the screens, and it was a real headache. And from what I've read, it's almost everywhere, even on some legitimate virus program websites. I mean, what the hell!? And that is someone stooping really low to make a virus as a program that seems like it's real. You can't trust anything anymore.
__________________
flybabe is offline   Reply With Quote
Old 05-26-2011, 09:34 PM   #4
Blue Crack Addict
 
Liesje's Avatar
 
Join Date: Mar 2002
Location: In the dog house
Posts: 19,557
Local Time: 12:52 AM
At work we are trying to figure out why the sudden increase. Not really an increase but pandemic more like. I've never become infected, and I'm on the Internet almost every waking hour. The only things I can think of are 1) I use AdBlock Plus on all my systems, so not only do I not get pop-ups but I don't see ads, like the ones on this forum and others. 2) I use Facebook a lot but do not do any FB games or allow apps to access my information. 3) Most of the web sites I visit are ones I visit all the time, so I already know exactly what they are. My mom goes all over to random YouTubes and people's blogs that she doesn't really know and she got a rogue last week. A few weeks ago, I heard about a medical condition in a book so I Googled it and when I clicked on one of the images I got a rogue type pop-up. I immediately rebooted the computer, started in Safe Mode, cleared out my ...AppData\Temp folder (which is where many of them hide), cleared my browsing cache, and was fine. The problem with a lot of these rogues is that it's not just about finding and deleting the files but they also mess with your hosts file and/or put proxies in your browser's LAN settings so you constantly are redirected back or to porn or advertising sites. Some of these things you can't fix by running some freeware scans and deleted files, they have to actually be edited.
__________________
Liesje is offline   Reply With Quote
Old 05-26-2011, 10:44 PM   #5
Blue Crack Distributor
 
corianderstem's Avatar
 
Join Date: Dec 2002
Location: Seattle
Posts: 63,731
Local Time: 09:52 PM
I've had it twice in the last month or so on my work computer. Seriously irritating. The help desk said they'd been dealing with a lot of them as well.

The first time, they were able to fix it relatively quickly. The second time, they had to regen my hard drive.
__________________
corianderstem is offline   Reply With Quote
Old 05-27-2011, 09:43 PM   #6
Blue Crack Addict
 
flybabe's Avatar
 
Join Date: Apr 2006
Location: Sunglasses,USA
Posts: 17,056
Local Time: 01:52 AM
It has become a pandemic because after I had looked up about how to get rid of it, and millions of people had been asking questions of how to get rid of it. Like I said it is around the most innocent of sites.

That was the first time we had had this type of virus, and it came out of nowhere and thank goodness it wasn't a bad one. The last computer we had, a virus got in it and wiped the entire motherboard out, taking all of our information and essentially making us loose our photos and everything we had, and to this day I still have no idea what it was. Since this 'antivirus PRO' incident, we have two defense systems put up to avoid anything else getting in. We had defenses up before but somehow it still got in, but I don't think we had up what we were supposed to. Windows Defender has cleared out everything making it safe. After getting rid of it once it did come back, but then one day it was gone from the computer so I'm not too convinced it is at all easy to get rid of.

All I can say is, turn it on if it isn't already (if you have windows that is) and do a full scan on your computer, and give it a little while.
__________________
flybabe is offline   Reply With Quote
Old 05-28-2011, 11:16 PM   #7
Paper Gods
Forum Administrator
 
KhanadaRhodes's Avatar
 
Join Date: Jun 2001
Location: a vampire in the limousine
Posts: 60,609
Local Time: 11:52 PM
Quote:
Originally Posted by Liesje View Post
ETA: I've seen the Mac version as well. Yes, that's right, I've seen a Mac infected with a rogue antivirus that also had some proxy or browser redirect that loaded porn regardless of where you tried to browse.
yep, yesterday i had something try to pull this crap. i was looking for a country's map, hardly anything unsavoury, and it redirected me to a page supposedly scanning my hard drive and downloaded a zip file.

i just closed the tab and deleted the zip file, but geez.
__________________
KhanadaRhodes is offline   Reply With Quote
Old 05-29-2011, 04:05 PM   #8
Blue Crack Addict
 
Liesje's Avatar
 
Join Date: Mar 2002
Location: In the dog house
Posts: 19,557
Local Time: 12:52 AM
Quote:
Originally Posted by flybabe View Post
All I can say is, turn it on if it isn't already (if you have windows that is) and do a full scan on your computer, and give it a little while.

Do it in Safe Mode at the very least. The problem with these types of viruses is that many of them *are* generated by the user. The user makes a choice to click on a harmful link or open a harmful attachment and basically allows the computer to become infected. Once infected, those files are active/running and while some antivirus programs might alert to that, you or the antivirus program/scan cannot delete a file that is in use. Also most of these files have strange permissions or bury themselves. Running a scan is just a waste of time. Most if not all of the computers I work on these days are up to date with the latest service packs and are running a valid antivirus program, but these rogue antiviruses are basically things that the user inadvertently allows to run on their computer, usually because they assume a file or web page is OK when it is not.
__________________
Liesje is offline   Reply With Quote
Old 05-29-2011, 11:24 PM   #9
ONE
love, blood, life
 
Canadiens1131's Avatar
 
Join Date: Aug 2004
Posts: 10,363
Local Time: 01:52 AM
I whipped up a quick troubleshooting guide for anyone worried about encountering this new threat:

__________________
Canadiens1131 is offline   Reply With Quote
Old 05-30-2011, 03:49 PM   #10
War Child
 
Dfit00's Avatar
 
Join Date: Oct 2009
Location: Palm Beach, FL
Posts: 893
Local Time: 01:52 AM
Microsoft Security Essentials also has an incognito rogue worm that pop ups when you visit MySpace or Facebook, it appeared around November 2010 calling itself "Microsoft Security Essentials 2011" and has been constantly infiltrating over the last 8 months.

http://blogs.technet.com/b/mmpc/arch...ssentials.aspx
__________________
Dfit00 is offline   Reply With Quote
Old 06-01-2011, 03:22 PM   #11
New Yorker
 
vjacqb's Avatar
 
Join Date: Jan 2005
Location: A city that experienced the February 2010 Blizzard
Posts: 2,623
Local Time: 01:52 AM
Quote:
Originally Posted by Liesje View Post
Running a scan is just a waste of time.
Is this also true for Norton AntiVirus scans?

What are the proper steps if we suspect we just stumbled upon one of these harmful sites?

With Norton Internet Security on my PC, sometimes if I click on a Google search result page (that I am not familiar with), and it turns out to be a malicious site, Norton would notify me that they just blocked an intrusion attempt to my PC. I wonder if there's anything else I should do to double check nothing harmful has made its way into my PC...

I've seen the rogue AntiVirus program maybe sometime last year. The popup window looked like it was from an AV program, but when I saw that it wasn't Norton, and I only had Norton AV at that time, I ignored it, and hit the 'X' to close the window. But it looked believable.

Nowadays I'm more concerned with stumbling upon malicious websites from clicking on those results from Google search. I've seen an increase on those faux websites that seem to be a hit on your search keywords but they are actually malicious.
__________________
vjacqb is offline   Reply With Quote
Old 06-01-2011, 11:59 PM   #12
ONE
love, blood, life
 
Canadiens1131's Avatar
 
Join Date: Aug 2004
Posts: 10,363
Local Time: 01:52 AM
There are very few virus or worm threats these days that are not a direct result of the user installing them unwittingly.

Microsoft Security Essentials, Mac anti-virus, Norton et al will not open a random website and open up a download dialog for your browser in order to update themselves.

If something pops up while browsing the web about a security check or security update, close the window, cancel the download, whatever. Just deny it. ALL decent anti-virus or anti-spyware programs update within the program, usually automatically or via a button labeled "Check for updates".

If you're removing a virus or worm under Windows and the default anti-virus program doesn't do the trick, you need to restart in Safe Mode, delete your PC's Restore Points, then run the removal again and restart. Restore Points basically save that virus in them when they are created while the virus is still on the computer.
__________________
Canadiens1131 is offline   Reply With Quote
Old 06-03-2011, 08:14 AM   #13
Blue Crack Addict
 
Liesje's Avatar
 
Join Date: Mar 2002
Location: In the dog house
Posts: 19,557
Local Time: 12:52 AM
Quote:
Originally Posted by vjacqb View Post
Is this also true for Norton AntiVirus scans?
Yes, it has nothing to do with what software you use. Windows will not allow you to delete, move, rename, quarantine, etc a file that is running/active/in use at the time.

Also some AV programs only do "quick" scans and the rogues I've seen recently like to bury themselves, often creating files that you cannot "see" unless you change the folder options to "display hidden operating system files".
__________________
Liesje is offline   Reply With Quote
Old 06-04-2011, 08:58 PM   #14
Blue Crack Addict
 
flybabe's Avatar
 
Join Date: Apr 2006
Location: Sunglasses,USA
Posts: 17,056
Local Time: 01:52 AM
So far there hasn't been any sign of that virus on this computer, and I haven't encountered the likes on any more sites. I'd like to think that the computer is being protected from that particular virus but am I wrong? Is it just that I haven't be unfortunate enough to get infected again? Cause I'm not entirely sure any computer can ever be completely safe from at least one type of virus...
__________________
flybabe is offline   Reply With Quote
Old 06-04-2011, 11:14 PM   #15
Blue Crack Addict
 
Liesje's Avatar
 
Join Date: Mar 2002
Location: In the dog house
Posts: 19,557
Local Time: 12:52 AM
Quote:
Originally Posted by flybabe View Post
So far there hasn't been any sign of that virus on this computer, and I haven't encountered the likes on any more sites. I'd like to think that the computer is being protected from that particular virus but am I wrong? Is it just that I haven't be unfortunate enough to get infected again? Cause I'm not entirely sure any computer can ever be completely safe from at least one type of virus...
Well, as has been said, this is really the key...

Quote:
Originally Posted by Canadiens1131 View Post
There are very few virus or worm threats these days that are not a direct result of the user installing them unwittingly.
Quote:
Originally Posted by Liesje View Post
The problem with these types of viruses is that many of them *are* generated by the user. The user makes a choice to click on a harmful link or open a harmful attachment and basically allows the computer to become infected.


It's not really an issue of being protected or not it's more an issue of browsing habits. If you click on things that you aren't sure are not a virus, then you could very well get infected. The only time I've ever had one of these rogues try to infect my computer was when I did that Google image search and clicked one of the results that had a shady web address and sure enough it was junk. These things don't just appear on the computer even though it seems that way. The user has always clicked on an ad, loaded a bad site, opened some scamming Facebook link or e-mail attachment and that basically gives permission for the rogue virus to run/install. Antivirus programs can sometimes detect and/or clean these up after the fact but cannot block the user from inadvertently installing them.
__________________

__________________
Liesje is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -5. The time now is 12:52 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Design, images and all things inclusive copyright © Interference.com