SmartFeedSmartFeed          

Porsche Hangout


WELCOME - YOU ARE CURRENTLY VIEWING 419EATER AS A GUEST

By joining our community you will have the ability to post topics and access other forums reserved for members. Registration is quick, simple and absolutely free. Join our community today by clicking here.

ScamWarners.com - Internet Anti-Fraud Center - now open!


 Getting rid of a virus

View next topic
View previous topic
 
Post new topicReply to topic
Author Message
MeridianAlicante
Master Baiter


Joined: 23 Sep 2008
Posts: 236


PostPosted: Tue Dec 09, 2008 12:37 pm Reply with quoteBack to top

Hola Smile

My parents computer managed to get the Antivirus 2009 wirus on it. I've encountered it before, and restoring the system back to a previous date seemed to get rid of it. I say seemed because I'm not sure.

Are there any other forum goers here that can confirm if a system restore will get rid of it? I also got them to run an avast virus scan, from which I'm yet to hear the results.

Thanks!

_________________
Canada Netherlands United States United States

Closed lad accounts x 7 Mortar x2

Fake Cheques: $150,000

"May God bless you? Happy exams in advance Thanks," Mr. Herbert Horsey

Click here to support 419Eater.com
View user's profileSend private message
Slightlyoutofit
Baiting Guru


Joined: 13 Feb 2007
Posts: 14311
Location: Foraging for Nuts.


PostPosted: Tue Dec 09, 2008 12:46 pm Reply with quoteBack to top

Run a search for any of the processes or files found on this page:

http://www.xp-vista.com/spyware-removal/antivirus2009-antivirus-2009-removal-instructions

_________________
Star pony pony pony Nurse Nastys Audi TT Purple Flower Whip
Safari Jolly Roger Mortar Closed lad accounts Cellphone United Kingdom

God will see you true for all this you have done to me you bastard. - Collins Kalu
MAY THE HAND THAT TYPE ON KEYBORD BECOME STRICKEN AND TRANSMIT VIRUS TO YOU ENTIRE BODY. - Dr Linda Akeem
oh what a mess its time cabbage punks like u will be expose for trully what they are. - David Cole
View user's profileSend private messageYahoo MessengerSkype Name
Akai Ryu
Chuck Norris


Joined: 11 Jun 2007
Posts: 1369


PostPosted: Tue Dec 09, 2008 2:02 pm Reply with quoteBack to top

You can't really remove something like this with something like system restore. If you go to Castle Cops or Bleeping Computer or similar fora, they'll tell you the same thing.

Removal instructions from Malwarebytes:

http://www.malwarebytes.org/forums/index.php?showtopic=5178

There is a download link for Malwarebytes Anti-Malware on that post--it doesn't cost anything and it usually works for this infection.

_________________
Several hundred fake escrows (and others) deaded--no longer counting.

aa419.org --dead a fake site today.

No, Akai, you're a wonderful bitch. --Reaper
View user's profileSend private messageVisit poster's websiteSkype Name
wokabo
Master of Master Baiters


Joined: 23 Sep 2004
Posts: 825
Location: best beer country in onomatopoeia world


PostPosted: Tue Dec 09, 2008 3:24 pm Reply with quoteBack to top

I think you should put some "parental control" on your parents' computer... Smile

Quote:
What is Antivirus 2009? (Run SpyHunter's malware scanner to check for Antivirus 2009)

Antivirus 2009, also known as Antivirus2009, is a rogue anti-spyware program that uses false spyware results to lure you to purchase its full version. Antivirus2009 is an updated version of Antivirus 2008. Other Antivirus 2009 aliases that have recently appeared on the Web are: XP Antivirus 2008, Vista Antivirus 2008, Ultimate Antivirus 2008 and System Antivirus 2008.

Antivirus 2009 is usually promoted via a ZLOB/MediaAccess Codec installer found on adult websites. Zlob has been the trojan of choice to infect users with pop ups disguised as system notifications that lead to websites with rogue anti-spyware programs. You can also install Antivirus 2009 manually on the rogue website antivirus-scanner.com. Antivirus 2009 may use its system scanner to display false positives which work as an incentive to make unsuspecting users purchase Antivirus 2009's commercial version.

_________________
pony pony pony

Fight My Brute
View user's profileSend private message
Rodus
Baiting Guru


Joined: 13 Dec 2006
Posts: 3685
Location: Back under the cold shower


PostPosted: Tue Dec 09, 2008 3:52 pm Reply with quoteBack to top

From Cnet

Quote:
First, Download MalwareBytes. If you can't download, use a friends computer to download the installer to a disk, thumb drive or external hard drive. I downloaded mine from Download.com. Once you have it on a disk or other removable storage device, rename the installer file and then transfer it to your desktop. Run the installer and if it doesn't launch the program, don't worry. Right click on the shortcut icon that it put on your desktop or in the quicklaunch bar if you use one, then click "properties". There, you will see "find target". Click the "find target" and you'll open the folder with "mbam.exe" in it. All you have to do is rename that file to anything you like and then launch it by double clicking it. When the program launches, don't bother updating, just run a quick scan not a full system scan, you can do that later. Remove the crap that it finds and reboot as it will suggest. On reboot it will finish removing any crap that's left. You may get a message that windows needs to restore files. I ignored this because I didn't have an actual Operating System disk. I simply rebooted and everything came up fine with no issues. (Try that at your own risk, I had no choice.) Once you're booted up again, launch MalwareBytes again and this time run the update. When it's updated, scan again and remove any remaining crud again. When that's done, run it one more time just to be sure. Antivirus 2009 should be eliminated from your system. You can run a full system scan if you want to.

Another thing, if you already have MalwareBytes on your pc and it won't launch like mine wouldn't first try renaming the executable and then launch and scan. If that doesn't work, then you may need to remove the old version of MalwareBytes and install from another source as I mentioned above. It doesn't usually hurt to try the most simple things first.

_________________
I will kiss you romance u,suck and penetrate u - Williams Muyeke
now am as poor as a church rat - Lou1s Mar1on
I AM FINANCIALLY DEAD RIGHT AWAY - Louis in Accra
u can keep sending money to Gomer and leave me alone - Agent Smith cracks up

Pith Helmet Lou1s Mar1on - Lagos to Accra (satellite IP) - "so, what i need to do to get out of these place?"
Sand Timer - 18 mths: Louis

starstar

The*Catb1ngo Hotel*
*My Church*

pony pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Mortar x23 Closed lad accounts
View user's profileSend private messageSend e-mailYahoo Messenger
irishemigrant
I Told You So


Joined: 22 Jul 2007
Posts: 4763
Location: 40*45' S 172* 34'E


PostPosted: Tue Dec 09, 2008 5:31 pm Reply with quoteBack to top

It is also helpful to turn off System restore before running any virus removal programe, then once the system is clean, reboot, and turn on System restore again. This clears all the previous restore points, and lets you set a clean point.

System Restore can hold pieces of virus and other nasties, that re-infect your computer

^^ as above, parental control lock?

Hope you get it cleaned up.

_________________
SeniorNet NZ Local Branch ongoing workshops about internet scams

http://www.scamwarners.com/ For when you want to remember why we bait

Goodbye Mike (Paranoid) Friend, confidant, partner. Till we meet again.
Personal Message From The Axeman
Easter Egg 2012 pony pony <-- Because you have earned them. Wink Goat Goat Golden Goat Mortar x8 Closed lad accounts a few x 13
View user's profileSend private messageSkype Name
Dorothy
Baiting Guru


Joined: 09 Jul 2008
Posts: 3114
Location: somewhere over the rainbow


PostPosted: Tue Dec 09, 2008 7:29 pm Reply with quoteBack to top

I just went through this at the nonprofit I work at. Not only did a computer there get infected, but the slimeballs hacked our website so that it would redirect to the antivirus 2009 website whenever someone tried to enter our site from a search engine. (It would load normally if you typed in the address, making the changes much harder to detect). Took me close to a month to figure out why our online Frontpage forms kept crashing. In this case the hacked site was not due to infection on my computer, they went through a vulnerability in our webhost's servers and modified the .htaccess files on numerous websites, but I learned while figuring out what was going on that keylogging is being used for the same purpose.

So, if your parents have any kind of a website (maybe not likely, but I have been amazed at the number of people who unexpectedly do), you also need to check it to verify it hasn't been messed with.

Malwarebytes does a great job of identification and removal and is definitely your first step. I also found that running Kaspersky's online scanner after cleaning with malwarebytes picked up a few more files, which I manually deleted.

ETA: My nonprofit is a humane society, and the majority of hacked sites (when cleaning this mess up, I was told approx 79,000 sites have now been modified to redirect to AV 2009) are completely innocent and child-safe (no porn, no gambling), so at this point you can't assume that infection is related to visiting malicious sites, or that staying away from "adult" sites will keep you safe.

_________________
Purple FlowerEaster Egg"I've a feeling we're not in Kansas any more..."
View user's profileSend private message
MasterRahl245
Hello I'm New here!


Joined: 09 Dec 2008
Posts: 1
Location: The Wrong Side Of The Tracks


PostPosted: Tue Dec 09, 2008 8:15 pm Reply with quoteBack to top

I work in PC repair and I've run into that virus a few times.

Two programs I've found that are top-notch at removing viruses and other nasties are Malwarebytes Anti-Malware and SuperAntiSpyware.

http://www.malwarebytes.org/mbam.php

http://www.superantispyware.com/
View user's profileSend private message
Philo Kvetch
Slightlyoutofit is my life


Joined: 26 Aug 2006
Posts: 566


PostPosted: Wed Dec 10, 2008 12:28 am Reply with quoteBack to top

^^^Ditto recommendations above ^^^

I just got this thing too and it came along with a boot sector virus also that K7 couldn't find.

Malwarebytles will take care of the trojans bu not the virus. You should check the system @ housecall65.trendmicro.com

I fall else fails you can get some help at http://www.dslreports.com/forum/cleanup

Like this forum - read the stickies first.

Good luck

_________________
Pith Helmet

Click here to support 419Eater.com
View user's profileSend private message
MeridianAlicante
Master Baiter


Joined: 23 Sep 2008
Posts: 236


PostPosted: Wed Dec 10, 2008 1:01 pm Reply with quoteBack to top

Thank you to all who replied!

Avast picked up 3 items, and I got mum to delete them, and then talked her through downloading malwarebyte and running that. Its scan came back empty, so I'm fairly confident that we got it.

And would you believe the website they got it from? A mechanical site on how to fit tracks to diggers!

Thanks again!

_________________
Canada Netherlands United States United States

Closed lad accounts x 7 Mortar x2

Fake Cheques: $150,000

"May God bless you? Happy exams in advance Thanks," Mr. Herbert Horsey

Click here to support 419Eater.com
View user's profileSend private message
Rodus
Baiting Guru


Joined: 13 Dec 2006
Posts: 3685
Location: Back under the cold shower


PostPosted: Wed Dec 10, 2008 1:08 pm Reply with quoteBack to top

^^Do the good citizen thing and email the site webmaster. He's probably unaware that they're hosting malware as I'd suspect a hacked server.

_________________
I will kiss you romance u,suck and penetrate u - Williams Muyeke
now am as poor as a church rat - Lou1s Mar1on
I AM FINANCIALLY DEAD RIGHT AWAY - Louis in Accra
u can keep sending money to Gomer and leave me alone - Agent Smith cracks up

Pith Helmet Lou1s Mar1on - Lagos to Accra (satellite IP) - "so, what i need to do to get out of these place?"
Sand Timer - 18 mths: Louis

starstar

The*Catb1ngo Hotel*
*My Church*

pony pony pony Nurse Nastys Audi TT Nurse Nastys Audi TT Mortar x23 Closed lad accounts
View user's profileSend private messageSend e-mailYahoo Messenger
Display posts from previous:      
Post new topicReply to topic


 Jump to:   



View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



E-Mail Header Analysis


All Content © 2003 - 419Eater.com
Powered by phpBB © 2001, 2002 phpBB Group :S5: FI Theme :: All times are GMT