 Antivirus 2009 Hijacks The Google Web Site |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.  |
 Jun 29 2008, 01:56 PM
Post
#1
|
|
 Bleep Bleep!  Group: Admin Posts: 31,509 Joined: 24-January 04 From: USA Member No.: 3  |
A new Rogue anti-spyware program called Antivirus 2009 was released this weekend that for the most part, acts just like all the rest. It displays false results, it is advertised through misleading web sites, comes bundled with malware, displays fake results, and requires you to first purchase the software before you can remove anything. What makes this rogue a bit different, though, is how it hijacks the Google homepage and search results by inserting an advertisement for Antivirus 2009.  Google Homepage Hijack Now, this is not the first time this is happened, but it is uncommon enough that it warrants discussing. When Antivirus 2009 is installed, it will install a Internet Explorer browser helper object called C:\Windows\System32\winsrc.dll. This program will automatically load when Internet Explorer starts, and when you visit certain sites, it will insert its own information into the web pages that are retrieved. Currently the information that is inserted into the Google home page and search results is a misleading advertisement for Antivirus 2009. The current text of the advertisement is: Google TipsThe advertisement is actually one big link that if clicked will bring you to a page at the hxxp://microsoft.browserprotectioncenter.com/ site that says you are infected and should purchase Antivirus 2009.  BrowserProtection.com Advertisement The tactic being used by this Rogue is to trick the infected user into thinking a well known and highly trusted brand, like Google, is actually endorsing their products. In reality, though, this is just another scam being used to steal your money. If you are infected with Antivirus 2009, you should use the following guide to remove the malware for free. If you have already paid for the software, please contact your credit card company immediately and dispute the charges. -------------------- |
 |
 
|
Link: |
Jul 9 2008, 10:12 AM
Post
#2
|
|
|
New Member Group: Members Posts: 1 Joined: 9-July 08 Member No.: 221,398 |
I discovered this injection on one of our clients this morning and, with your help, was able to completely remove Antivirus 2009.
Great article and instructions 
|
|
|
|
|
Jul 18 2008, 05:46 AM
Post
#3
|
|
|
New Member Group: Members Posts: 1 Joined: 18-July 08 From: eastbourne Member No.: 223,519 |
Hi I just joined to say thankyou soo much for the guide to remove antivirus 2009. It was very easy to follow and it worked. :-) It was driving me mad and blocking nearly every site i went onto :-( Cant thankyou enuf xx
|
|
|
|
 Jul 29 2008, 03:43 PM
Post
#4
|
|
 New Member Group: Members Posts: 1 Joined: 29-July 08 Member No.: 226,122 |
Just wanted to say thanks to Grinler, Eaglehawk2 and anyone else that may have contributed to resolving this very annoying issue. It showed up on my CEO's laptop today and this information really saved the day!
Thanks again, otteradmin |
|
|
|
 Aug 1 2008, 07:56 AM
Post
#5
|
|
|
New Member Group: Members Posts: 1 Joined: 27-May 08 Member No.: 212,079 |
Wow, thanks a lot for the assistance, it was fantastic. I was perplexed as i thought my system might need complete formatting.
Good job.. Great doing guys.. --Prando |
|
|
|
|
Aug 4 2008, 08:58 AM
Post
#6
|
|
|
New Member Group: Members Posts: 1 Joined: 4-August 08 Member No.: 227,476 |
You guys are awesome! Zapped that Power Antivirus 2009 quickly & easily. Thanks so much!
|
|
|
|
|
Aug 5 2008, 03:48 PM
Post
#7
|
|
 Forum Addict Group: Members Posts: 1,911 Joined: 13-June 08 Member No.: 215,975 |
Cheers for the info.
|
|
|
|
|
Aug 13 2008, 12:37 PM
Post
#8
|
|
|
New Member Group: Members Posts: 3 Joined: 29-July 08 Member No.: 226,126 |
thx for info.........
-------------------- |
|
|
|
|
Aug 13 2008, 06:50 PM
Post
#9
|
|
|
New Member Group: Members Posts: 9 Joined: 12-March 06 Member No.: 58,918 |
Excellent explanation-I have many friends who have gotten the antivirus 2008. I would like to send them your explanation and give you credit for it, if its okay.
|
|
|
|
|
Aug 13 2008, 06:52 PM
Post
#10
|
|
|
New Member Group: Members Posts: 9 Joined: 12-March 06 Member No.: 58,918 |
Also would you recommend people change their homepage from goggle?
|
|
|
|
|
Aug 15 2008, 02:16 PM
Post
#11
|
|
 Forum Regular Group: Members Posts: 340 Joined: 15-April 08 From: Donnie Darko Land Member No.: 203,315 |
QUOTE(pouringreign @ Aug 13 2008, 06:52 PM)  Also would you recommend people change their homepage from goggle? You mean google. Goggle was an extremely dangerous site to visit. I think it may have been abandoned, but it contained may viruses, including downloading the rogue SpySheriff. I takes/took advantage of the very typo you've made. Edit: I confirm the site is abandoned, but it could be used for criminal behaviour in the future, so don't go there. This post has been edited by KingOfIdiocy: Aug 15 2008, 06:04 PM -------------------- Just because you're paranoid, doesn't mean they are not out to get you.
|
|
|
|
|
Aug 26 2008, 08:04 AM
Post
#12
|
|
 New Member Group: Members Posts: 8 Joined: 21-February 08 Member No.: 191,579 |
rogue antiviruses are so morally corrupt! Well there are worse things in the world... but these people need to get a life!
|
|
|
|
|
Aug 30 2008, 08:37 PM
Post
#13
|
|
|
New Member Group: Members Posts: 2 Joined: 30-August 08 From: Bangalore, India Member No.: 234,710 |
Kick A$$..
-------------------- Thanks and Regards,
Eddie |
|
|
|
|
Oct 31 2008, 10:11 AM
Post
#14
|
|
|
Forum Addict Group: Members Posts: 1,911 Joined: 13-June 08 Member No.: 215,975 |
What do you type in google for this to come up?
So i can avoid it. This post has been edited by samuel3: Oct 31 2008, 10:13 AM |
|
|
|
|
Nov 14 2008, 05:54 AM
Post
#15
|
|
|
New Member Group: Members Posts: 4 Joined: 20-October 08 Member No.: 248,206 |
Thanks for the info... cheers !!
-------------------- |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 7th November 2009 - 07:10 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.