Warning: Antivir 2010

[spherojon]

Warning do not, I repeat do not fall for the Antivir 2010 scam. It is becoming more prominent on the internet. Antivir 2010 involves tricking you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, a download starts, installing Antivir 2010 on your system. Antivir 2010 installs on your computer through a trojan and may infect your system without your knowledge or consent. Antivir 2010 is difficult to detect and remove. Antivir 2010 is not likely to be removed through a convenient "uninstall" feature. Antivir 2010, as well as other spyware, can re-install itself even after it appears to have been removed.

You also run the risk of damaging your computer since you're required to find and delete sensitive files in your system such as DLL files and registry keys. It is recommended you use a good spyware remover to remove Antivir 2010 and other spyware, adware, trojans and viruses on your computer.

Run a Antivir 2010 scan/check to successfully detect all Antivir 2010 files with the SpyHunter Spyware Detection Tool. If you wish to remove Antivir 2010, you can either purchase the SpyHunter spyware removal tool to remove Antivir 2010 or follow the Antivir 2010 manual removal method provided in the "Remedies and Prevention" section.

http://www.bleepingcomputer.com/viru...remove-antivir

Another way to remove this type of spyware is to do a system restore. So watch out, this one is a nasty little f**ker.

[Irishsquid]

Fake AV has been around for a long time, and is nothing new, but it still gets a lot of people. Keep it simple. If you have an AV program installed, don't click anything that doesn't come from YOUR antivirus program. If you don't have antivirus installed, you know you shouldn't click on ANY of these notifications.

It should also be noted that if you're getting the popups, your system ALREADY HAS MALWARE ON IT. It probably isn't running with elevated privileges, until you click on it and give it said authority, but it IS already there. Spybot S&D is not bad. Ad Aware is not nearly as good as it used to be. Bazooka adware scanner is pretty good at finding them, but you will have to manually remove the malware.

The first step in keeping this activity down is to practice "safe browsing." Stop looking at internet porn sites. Don't go to "warez," download sites, software crack sites, etc. You can enhance your browsing security with the use of certain software like the "noscript," addon for Firefox...that's what I personally use.

I'm an IT security professional, so I take more drastic measures than most, but here's how I browse:

Ubuntu 10.04, fully patched.
within that, I run a Windows XP virtual machine, also fully patched, with a good "snapshot." I do all my surfing in the VM, using firefox with noscript. If I DO get some malware on the system, I can just restore from the snapshot. System Restore is NOT a good way to try to get rid of malware, for future reference, as many programs are written to infect system restore files.

Really, though...I could write a whole book on how to secure your system, and it'll only keep a "casual," intruder out. A professional will get in if they want in...so just be glad professionals probably aren't targeting your system.

[spherojon]

Quote:

Originally Posted by Irishsquid

Fake AV has been around for a long time, and is nothing new, but it still gets a lot of people. Keep it simple. If you have an AV program installed, don't click anything that doesn't come from YOUR antivirus program. If you don't have antivirus installed, you know you shouldn't click on ANY of these notifications.

It should also be noted that if you're getting the popups, your system ALREADY HAS MALWARE ON IT. It probably isn't running with elevated privileges, until you click on it and give it said authority, but it IS already there. Spybot S&D is not bad. Ad Aware is not nearly as good as it used to be. Bazooka adware scanner is pretty good at finding them, but you will have to manually remove the malware.

The first step in keeping this activity down is to practice "safe browsing." Stop looking at internet porn sites. Don't go to "warez," download sites, software crack sites, etc. You can enhance your browsing security with the use of certain software like the "noscript," addon for Firefox...that's what I personally use.

I'm an IT security professional, so I take more drastic measures than most, but here's how I browse:

Ubuntu 10.04, fully patched.
within that, I run a Windows XP virtual machine, also fully patched, with a good "snapshot." I do all my surfing in the VM, using firefox with noscript. If I DO get some malware on the system, I can just restore from the snapshot. System Restore is NOT a good way to try to get rid of malware, for future reference, as many programs are written to infect system restore files.

Really, though...I could write a whole book on how to secure your system, and it'll only keep a "casual," intruder out. A professional will get in if they want in...so just be glad professionals probably aren't targeting your system.

Yes, this is all true, the reason why I posted it is because I had to go fix a friends computer that Antivir locked his computer. Apparently its being sent in emails more frequently now.

Edit: Forgot to add that Avira is a great free program that allows for antivirus and malware scans.

[Buffalobob]

There is a version that is getting into computers from forums such as this one. Some of the popular AV programs are not recognizing it. Running Firfeox NoScript helps prevent.

[Red Flag 1]

Quote:

Originally Posted by Buffalobob

There is a version that is getting into computers from forums such as this one. Some of the popular AV programs are not recognizing it. Running Firfeox NoScript helps prevent.

Thanks Bob!

I use Firefox with Ad-blocker, I'll now add NoScript.

RF 1

[PR31C]

What seems to be a new and improved version of Antivir will change your proxy server so that even if you do remove it as previously directed it will reload with your first IE logon. Updated directions for easy removal are here.

The loading of Malwarebytes can be done @ FILEHIPPO for free. Two other free packages I recomend from this site are CCleaner and SuperAntiSpyware. All are easy to load and free. Unlike many other packages, the free versions will fix any problems that are found. The Firefox browser can also be downloaded at FILEHIPPO. If you like the packages, you may purchase the complete/deluxe version.

Remember, never, ever pay a site to remove a virus that you were unexpectedly warned that you have. The warning itself is a virus and you are giving your credit card number to thieves.

[Dozer523]

This thing is an absolute MF-er! It got into the computer downstairs that the kids use (mostly) and that thing is now a box that does NOTHING except offer the opportunity to pay $45 or $55 or $65 to download the "fix". We have no internet (except one window to buy the fix -- like hell) and can't get into Word (glad it's summer and school hasn't started), can't access downloaded pictures and BCMU's god-zillion songs are inaccessible. She is HOT!

So here is my question. . . how do I get these fixers that I read about here into a computer that can't get "here"?

[Buffalobob]

Dozer

Depending on how this thing is behaving, you may can start you computer in "safe" mode, and copy any needed files to a thumb drive. Then erase the whole machine down to empty. Reinstall the operating system and one by one reinstall the programs you need back on the machine.


After you get the machine totally erased you will need an OS. If you have to go and buy an OS then you may be better off just trashing the machine and starting over with an upgraded computer. What I did because I do my consulting work on my personal laptop was just to buy another laptop and make sure each one is totally backed up. I have long periods of time when I do not need a machine but when it is end of project time and the client is due the report then I have to be operational. Also I can take the old laptop hunting and not worry about destroying it with dust or bacon grease or bullet holes.

[Irishsquid]

Get a copy of ERD Commander or Ultimate Boot CD for Windows. Bootable CDs which have access to your installed operating system. They also have limited antivirus capability. They won't get everything off your system, but will clean it up enough that you can get into windows and get rid of the rest.

[Red Flag 1]

Any thoughts about "Spybot Search & Destroy" and "Spyware Blaster"?

RF 1

[Irishsquid]

Quote:

Originally Posted by Red Flag 1

Any thoughts about "Spybot Search & Destroy" and "Spyware Blaster"?

RF 1

Never tried spyware blaster, but Spybot S&D is not a bad program at all. I run it on my windows machines. Works better than ad-aware, by far.