Virus?

by glchandler 13 replies
Somewhere and somehow today my computer picked up something called "Antivirus Soft demo". Window continually pops up declaring a windows security alert and asks if I want to activate protection now.

Cannot open any files as this pops up and states that whichever file I am attempting to open is infected. Antivirus was active when acquired this precious gift of the internet.

Cannot run system restore, spybot s&d or any other as this infection blocks it.

Any suggestions?

actual name of this beast is av-2010 if that helps anyone help me? Searching for this I find a long and drawn out deletion that may help so guess what I am doing for the next few hours!
#off topic forum
Avatar of Unregistered
  • Profile picture of the author KimW
    Gordon
    Did you try Malwarebytes antimalware? you can get it here:
    Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com
    After you download it, start your computer in safe mode then install the malwarebyte.
    After installation let it update itself, then run a full scan.
    This catches thing that SPybot and adaware doesn't.
    HTH
    Kim
    PS:If it fixes it, which I think it will, you should then turn off the system restore and run a scan again.
    If you need to you can turn system resotore back on afterwards.
    Signature

    Read A Post.
    Subscribe to a Newsletter
    KimWinfrey.Com

    {{ DiscussionBoard.errors[1859178].message }}
    • Profile picture of the author glchandler
      Trying Malwarebytes antimalware but the beast blocked it about five times. Finally did reboot and now have the Malwarebytes program running.

      Probably will scan most of the evening so to beddie-bye I go. Doing a lot of reading and this program has progressed through the ages from:

      av-2007.com
      av-2008.com
      av-2009.com

      So why not build a 2010 and get some scam money.

      The domain shows a Moscow private owner and the server is in China...go figure!

      I think I will eventually be ok but really had some stuff I wanted to do this evening.

      Life is STILL GOOD!!!!

      Thanks, Kim for the heads up.
      Signature

      There is never a BAD time to help those living with lousy kidneys!
      http://funds.gofundme.com/1oh40


      {{ DiscussionBoard.errors[1859378].message }}
      • Profile picture of the author glchandler
        GONE!!!!! (I think).

        If you ever acquire this piece of crap take a deep breath and start scanning, scanning, scanning.

        Three full scans/delete/quarantine with Malwarebyte, worked through with Spybot---each time showing this in another file.

        Finally dumped the last of it with Anvira and move to chest.

        Now if I only knew where it came from I would never go back!
        Signature

        There is never a BAD time to help those living with lousy kidneys!
        http://funds.gofundme.com/1oh40


        {{ DiscussionBoard.errors[1861564].message }}
        • [DELETED]
          {{ DiscussionBoard.errors[1861985].message }}
          • Profile picture of the author glchandler
            Thanks.

            I did run HijackThis, did not see anything out of ordinary but posted it on that forum for some expert opinions!
            Signature

            There is never a BAD time to help those living with lousy kidneys!
            http://funds.gofundme.com/1oh40


            {{ DiscussionBoard.errors[1862568].message }}
            • Profile picture of the author Kay King
              Malwarebytes anti-malware will clear it. It's a tiny thingie (?) that gets planted in your system and then allows the attacker to show images (they are only images) appearing like windows warnings.

              The goal is to get people to BUY the spyware the link leads to. Hate to think how many people getting this attack start deleting files they need thinking they are infected. Files are not infected of course - it's a nasty advertisement meant to scare people into buying.

              It has been making the rounds lately and ignoring it will cause it to go away after a bit. If you click the link it recommends it just keep showing more warnings.

              kay
              Signature

              Saving one dog may not change the world - but forever changes the world of one dog.

              {{ DiscussionBoard.errors[1862635].message }}
              • Profile picture of the author glchandler
                Malwarebytes anti-malware will clear it. It's a tiny thingie (?) that gets planted in your system and then allows the attacker to show images (they are only images) appearing like windows warnings.

                The goal is to get people to BUY the spyware the link leads to. Hate to think how many people getting this attack start deleting files they need thinking they are infected. Files are not infected of course - it's a nasty advertisement meant to scare people into buying.

                It has been making the rounds lately and ignoring it will cause it to go away after a bit. If you click the link it recommends it just keep showing more warnings.
                The bad thing for those who actually believe they need to purchase the protection is that they are still at the mercy of this evil thing. And the purchase will not guarantee they will release your computer back to you.

                Also, only payment they accept is credit card so it is easy to imagine how many pay, only to find fraudulent charge after fraudulent charge in the ensuing days.

                Again...domain registered in Moscow and host is in China. Where is your leverage if you stay slaved to this?
                Signature

                There is never a BAD time to help those living with lousy kidneys!
                http://funds.gofundme.com/1oh40


                {{ DiscussionBoard.errors[1862792].message }}
  • Profile picture of the author KimW
    Yep, Malwarebyte rocks.
    Use to be Spybot and Ad-Aware were leading the pack in getting rid of this stuff but In the past few years I think I have only come across one virus Malwarebyte couldn't beat.
    Signature

    Read A Post.
    Subscribe to a Newsletter
    KimWinfrey.Com

    {{ DiscussionBoard.errors[1862795].message }}
    • Profile picture of the author glchandler
      In the past few years I think I have only come across one virus Malwarebyte couldn't beat
      Don't tell me what that one was or I might try to add it to my collection!
      Signature

      There is never a BAD time to help those living with lousy kidneys!
      http://funds.gofundme.com/1oh40


      {{ DiscussionBoard.errors[1862884].message }}
      • Profile picture of the author mrmechanic
        Hello new to this forum, don't forget to check to see what programs are starting up also - msconfig and check often
        {{ DiscussionBoard.errors[1862899].message }}
  • Profile picture of the author HeySal
    It might be lodged in temp files or cookies of some sort, Gordon - if you have a crap cleaner run that and it will delete anything temp that it might hide in. You can also run a reg scan with CC and application scan. Most of that stuff gets dumped via crapcleaner before you even have to go to the heavier duty program scans.

    Originally Posted by glchandler View Post

    Somewhere and somehow today my computer picked up something called "Antivirus Soft demo". Window continually pops up declaring a windows security alert and asks if I want to activate protection now.

    Cannot open any files as this pops up and states that whichever file I am attempting to open is infected. Antivirus was active when acquired this precious gift of the internet.

    Cannot run system restore, spybot s&d or any other as this infection blocks it.

    Any suggestions?

    actual name of this beast is av-2010 if that helps anyone help me? Searching for this I find a long and drawn out deletion that may help so guess what I am doing for the next few hours!
    This thing pops up without your browser open?
    Signature

    Sal
    New PLR - Disaster prep duo report pkg: The Art of the Graceful Bug out, and Preparing Pets for a Disaster. - PM me for report details.
    Quality PLR Ebooks and Reports:
    Mind/Language - Weight, - Pet/Dog - Disaster - 2011 Earthquake Report - Hair Care

    {{ DiscussionBoard.errors[1863067].message }}
    • Profile picture of the author KimW
      Originally Posted by HeySal View Post


      This thing pops up without your browser open?
      Yes Sal,
      programs like these put a picture on your screen like Kay said, that tells you you are infected and you need to buy such and such a program to get rid of it. There are literally thousands of variations of this type of program out there.
      Signature

      Read A Post.
      Subscribe to a Newsletter
      KimWinfrey.Com

      {{ DiscussionBoard.errors[1863616].message }}
  • Profile picture of the author Dave Patterson
    I had one recently that required a tedious process to delete all it's files individually...if (and I did this) you happen to miss any the POS had the ability to repair itself...

    Grrrrr....!
    Signature
    Professional Googler
    {{ DiscussionBoard.errors[1863648].message }}
    • Profile picture of the author glchandler
      This thing pops up without your browser open?
      Yep. As KimW stated the picture shows up indicating that "windows security" has detected problem...etc...etc

      ANY time I attempted to open program (including wordpad, notepad, Adobe, Icansoft and others) this thing popped up asking me if I wanted to "purchase" to protect my computer.

      Of course "purchase" opened up screen that took only credit cards and showed $59.99 for THREE months protection!

      I had one recently that required a tedious process to delete all it's files individually...if (and I did this) you happen to miss any the POS had the ability to repair itself...
      This repair ability appears to be why it took so long to get rid of it. Each scan/delete action got rid of a bit more. Now has been just about a full day without problem so I believe it is gone.

      Am scanning with Spybot Malware and Anvir today to check.

      Oh well, what would life be if we always got the cherry on top of the sundae!
      Signature

      There is never a BAD time to help those living with lousy kidneys!
      http://funds.gofundme.com/1oh40


      {{ DiscussionBoard.errors[1864236].message }}
Avatar of Unregistered

Trending Topics