Author |
Message |
MeridianAlicante
Master Baiter
Joined: 23 Sep 2008
Posts: 236
|
Posted:
Tue Dec 09, 2008 12:37 pm |
|
Hola
My parents computer managed to get the Antivirus 2009 wirus on it. I've encountered it before, and restoring the system back to a previous date seemed to get rid of it. I say seemed because I'm not sure.
Are there any other forum goers here that can confirm if a system restore will get rid of it? I also got them to run an avast virus scan, from which I'm yet to hear the results.
Thanks! |
_________________
x 7 x2
Fake Cheques: $150,000
"May God bless you? Happy exams in advance Thanks," Mr. Herbert Horsey
Click here to support 419Eater.com |
|
|
|
Slightlyoutofit
Baiting Guru
Joined: 13 Feb 2007
Posts: 14310
Location: Foraging for Nuts.
|
Posted:
Tue Dec 09, 2008 12:46 pm |
|
Run a search for any of the processes or files found on this page:
http://www.xp-vista.com/spyware-removal/antivirus2009-antivirus-2009-removal-instructions |
_________________
God will see you true for all this you have done to me you bastard. - Collins Kalu
MAY THE HAND THAT TYPE ON KEYBORD BECOME STRICKEN AND TRANSMIT VIRUS TO YOU ENTIRE BODY. - Dr Linda Akeem
oh what a mess its time cabbage punks like u will be expose for trully what they are. - David Cole |
|
|
|
Akai Ryu
Chuck Norris
Joined: 11 Jun 2007
Posts: 1369
|
Posted:
Tue Dec 09, 2008 2:02 pm |
|
You can't really remove something like this with something like system restore. If you go to Castle Cops or Bleeping Computer or similar fora, they'll tell you the same thing.
Removal instructions from Malwarebytes:
http://www.malwarebytes.org/forums/index.php?showtopic=5178
There is a download link for Malwarebytes Anti-Malware on that post--it doesn't cost anything and it usually works for this infection. |
_________________ Several hundred fake escrows (and others) deaded--no longer counting.
aa419.org --dead a fake site today.
No, Akai, you're a wonderful bitch. --Reaper |
|
|
|
wokabo
Master of Master Baiters
Joined: 23 Sep 2004
Posts: 825
Location: best beer country in onomatopoeia world
|
Posted:
Tue Dec 09, 2008 3:24 pm |
|
I think you should put some "parental control" on your parents' computer...
Quote: |
What is Antivirus 2009? (Run SpyHunter's malware scanner to check for Antivirus 2009)
Antivirus 2009, also known as Antivirus2009, is a rogue anti-spyware program that uses false spyware results to lure you to purchase its full version. Antivirus2009 is an updated version of Antivirus 2008. Other Antivirus 2009 aliases that have recently appeared on the Web are: XP Antivirus 2008, Vista Antivirus 2008, Ultimate Antivirus 2008 and System Antivirus 2008.
Antivirus 2009 is usually promoted via a ZLOB/MediaAccess Codec installer found on adult websites. Zlob has been the trojan of choice to infect users with pop ups disguised as system notifications that lead to websites with rogue anti-spyware programs. You can also install Antivirus 2009 manually on the rogue website antivirus-scanner.com. Antivirus 2009 may use its system scanner to display false positives which work as an incentive to make unsuspecting users purchase Antivirus 2009's commercial version. |
|
_________________
Fight My Brute |
|
|
|
Rodus
Baiting Guru
Joined: 13 Dec 2006
Posts: 3685
Location: Back under the cold shower
|
Posted:
Tue Dec 09, 2008 3:52 pm |
|
From Cnet
Quote: |
First, Download MalwareBytes. If you can't download, use a friends computer to download the installer to a disk, thumb drive or external hard drive. I downloaded mine from Download.com. Once you have it on a disk or other removable storage device, rename the installer file and then transfer it to your desktop. Run the installer and if it doesn't launch the program, don't worry. Right click on the shortcut icon that it put on your desktop or in the quicklaunch bar if you use one, then click "properties". There, you will see "find target". Click the "find target" and you'll open the folder with "mbam.exe" in it. All you have to do is rename that file to anything you like and then launch it by double clicking it. When the program launches, don't bother updating, just run a quick scan not a full system scan, you can do that later. Remove the crap that it finds and reboot as it will suggest. On reboot it will finish removing any crap that's left. You may get a message that windows needs to restore files. I ignored this because I didn't have an actual Operating System disk. I simply rebooted and everything came up fine with no issues. (Try that at your own risk, I had no choice.) Once you're booted up again, launch MalwareBytes again and this time run the update. When it's updated, scan again and remove any remaining crud again. When that's done, run it one more time just to be sure. Antivirus 2009 should be eliminated from your system. You can run a full system scan if you want to.
Another thing, if you already have MalwareBytes on your pc and it won't launch like mine wouldn't first try renaming the executable and then launch and scan. If that doesn't work, then you may need to remove the old version of MalwareBytes and install from another source as I mentioned above. It doesn't usually hurt to try the most simple things first. |
|
_________________ I will kiss you romance u,suck and penetrate u - Williams Muyeke
now am as poor as a church rat - Lou1s Mar1on
I AM FINANCIALLY DEAD RIGHT AWAY - Louis in Accra
u can keep sending money to Gomer and leave me alone - Agent Smith cracks up
Lou1s Mar1on - Lagos to Accra (satellite IP) - "so, what i need to do to get out of these place?"
- 18 mths: Louis
The*Catb1ngo Hotel*
*My Church*
x23 |
|
|
|
irishemigrant
** REMEMBERED **
Joined: 22 Jul 2007
Posts: 4933
Location: 40*45' S 172* 34'E
|
Posted:
Tue Dec 09, 2008 5:31 pm |
|
It is also helpful to turn off System restore before running any virus removal programe, then once the system is clean, reboot, and turn on System restore again. This clears all the previous restore points, and lets you set a clean point.
System Restore can hold pieces of virus and other nasties, that re-infect your computer
^^ as above, parental control lock?
Hope you get it cleaned up. |
_________________ SeniorNet NZ Local Branch ongoing workshops about internet scams
http://www.scamwarners.com/ For when you want to remember why we bait
Goodbye Mike (Paranoid) Friend, confidant, partner. Till we meet again.
Personal Message From The Axeman
<-- Because you have earned them. x8 a few x 13 |
|
|
|
Dorothy
Baiting Guru
Joined: 09 Jul 2008
Posts: 3114
Location: somewhere over the rainbow
|
Posted:
Tue Dec 09, 2008 7:29 pm |
|
I just went through this at the nonprofit I work at. Not only did a computer there get infected, but the slimeballs hacked our website so that it would redirect to the antivirus 2009 website whenever someone tried to enter our site from a search engine. (It would load normally if you typed in the address, making the changes much harder to detect). Took me close to a month to figure out why our online Frontpage forms kept crashing. In this case the hacked site was not due to infection on my computer, they went through a vulnerability in our webhost's servers and modified the .htaccess files on numerous websites, but I learned while figuring out what was going on that keylogging is being used for the same purpose.
So, if your parents have any kind of a website (maybe not likely, but I have been amazed at the number of people who unexpectedly do), you also need to check it to verify it hasn't been messed with.
Malwarebytes does a great job of identification and removal and is definitely your first step. I also found that running Kaspersky's online scanner after cleaning with malwarebytes picked up a few more files, which I manually deleted.
ETA: My nonprofit is a humane society, and the majority of hacked sites (when cleaning this mess up, I was told approx 79,000 sites have now been modified to redirect to AV 2009) are completely innocent and child-safe (no porn, no gambling), so at this point you can't assume that infection is related to visiting malicious sites, or that staying away from "adult" sites will keep you safe. |
_________________ "I've a feeling we're not in Kansas any more..." |
|
|
|
MasterRahl245
Hello I'm New here!
Joined: 09 Dec 2008
Posts: 1
Location: The Wrong Side Of The Tracks
|
Posted:
Tue Dec 09, 2008 8:15 pm |
|
|
|
|
Philo Kvetch
Master of Master Baiters
Joined: 26 Aug 2006
Posts: 577
|
Posted:
Wed Dec 10, 2008 12:28 am |
|
^^^Ditto recommendations above ^^^
I just got this thing too and it came along with a boot sector virus also that K7 couldn't find.
Malwarebytles will take care of the trojans bu not the virus. You should check the system @ housecall65.trendmicro.com
I fall else fails you can get some help at http://www.dslreports.com/forum/cleanup
Like this forum - read the stickies first.
Good luck |
_________________
Click here to support 419Eater.com |
|
|
|
MeridianAlicante
Master Baiter
Joined: 23 Sep 2008
Posts: 236
|
Posted:
Wed Dec 10, 2008 1:01 pm |
|
Thank you to all who replied!
Avast picked up 3 items, and I got mum to delete them, and then talked her through downloading malwarebyte and running that. Its scan came back empty, so I'm fairly confident that we got it.
And would you believe the website they got it from? A mechanical site on how to fit tracks to diggers!
Thanks again! |
_________________
x 7 x2
Fake Cheques: $150,000
"May God bless you? Happy exams in advance Thanks," Mr. Herbert Horsey
Click here to support 419Eater.com |
|
|
|
Rodus
Baiting Guru
Joined: 13 Dec 2006
Posts: 3685
Location: Back under the cold shower
|
Posted:
Wed Dec 10, 2008 1:08 pm |
|
^^Do the good citizen thing and email the site webmaster. He's probably unaware that they're hosting malware as I'd suspect a hacked server. |
_________________ I will kiss you romance u,suck and penetrate u - Williams Muyeke
now am as poor as a church rat - Lou1s Mar1on
I AM FINANCIALLY DEAD RIGHT AWAY - Louis in Accra
u can keep sending money to Gomer and leave me alone - Agent Smith cracks up
Lou1s Mar1on - Lagos to Accra (satellite IP) - "so, what i need to do to get out of these place?"
- 18 mths: Louis
The*Catb1ngo Hotel*
*My Church*
x23 |
|
|
|
|