BleepingComputer.com: The secret recipe for Antivirus XP Pro

Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

The secret recipe for Antivirus XP Pro

#1 User is offline   Grinler 

  • Bleep Bleep!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Admin
  • Posts: 36,174
  • Joined: 24-January 04
  • Gender:Male
  • Location:USA

Posted 23 March 2009 - 07:57 PM

Vundo uses a formula of constant security warnings, desktop hijackings, and Internet Explorer hijackings to foist Antivirus XP Pro on to your computer. Recent installs of Vundo have been showing an increasing amount of advertisements for Antivirus XP Pro, so we should expect to see quite a few computers infected with this malware.

The formula consists of a healthy dose of Internet Explorer hijackings:



Internet Explorer Hijack #1 advertising Antivirus XP Pro
Internet Explorer Hijack #1 advertising Antivirus XP Pro



Internet Explorer Hijack #2
Another Internet Explorer Hijack

Add a dose of fake security warning:

Fake Security Warning
Fake Security Warning

A sprinkle of desktop hijacking:

Desktop Hijacking
Desktop Hijacking
 

Finally, stir a little Vundo to glue it all together in, and you have Antivirus XP Pro.




Antivirus XP Pro
Antivirus XP Pro
 

Unfortunately, Google Trends data corroborates what I am seeing as shown by the graph below. This graph shows a recent increase of activity for the search keyword Antivirus XP Pro.

 

Google Trends graph for the keyword Antivirus XP Pro
Google Trends graph for the keyword Antivirus XP Pro


So, if you are one of the unlucky ones who has Antivirus XP Pro installed, please ignore the warnings, and instead use the guide linked to below to remove it for free.

 

 Guide: How to remove Antivirus XP Pro

Lawrence Abrams
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!

#2 User is offline   Zachary09 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 7
  • Joined: 29-March 09
  • Gender:Male
  • Location:Florida, USA

Posted 30 March 2009 - 10:07 AM

Hey thanks for putting this up my friend got this program and it has really screwed up his computer.
$652.50 / $829.99 raised for this PC.

#3 User is offline   pochp 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 42
  • Joined: 17-January 09
  • Gender:Male

Posted 01 April 2009 - 07:24 PM

I have written about these 'scarewares' but maybe not here.
pochp.wordpress.com
Plato on-line

#4 User is offline   Surfrunner 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 04-April 09

  Posted 04 April 2009 - 12:22 PM

I have the black warning screen and fake security button (pic 3 & 4) as shown on your page, I don't seem to have AntivirusXP on my computer.. What else can it be and how do I get rid of it. Right now it seems to disable Malewarebytes program, so I can't run that.. Help!!!

#5 User is offline   m0le 

  • I know the drill!
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 27,020
  • Joined: 24-July 08
  • Gender:Male
  • Location:London, UK

Posted 04 April 2009 - 07:27 PM

Hi Surfrunner,

I suggest you click this link to the Am I Infected forum for some confirmation of what you have.

Link
If I have helped you fix your PC then please donate to the anti-malware cause. Thanks

Posted Image
m0le is a proud member of UNITE (Unified Network of Instructors and Trusted Eliminators)

#6 User is offline   o_rly 

  • Forum Regular
  • PipPipPip
  • Find Topics
  • Group: Members
  • Posts: 193
  • Joined: 21-March 09
  • Gender:Male
  • Location:An unclean desk

Posted 13 April 2009 - 09:57 PM

I found this on my VM, but it didn't have the black background.
Don't mind me, I'm just lurking.

#7 User is offline   fardin100 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 108
  • Joined: 05-April 09
  • Gender:Male
  • Location:United Kingdom

Posted 14 April 2009 - 04:40 AM

Hi, Thanks again for this great post admin! It is nice of you to teach others about this infection and teach them to remove it. :thumbsup:

#8 User is offline   fatih_ictuzer 

  • New Member
  • Pip
  • Find Topics
  • Group: Members
  • Posts: 1
  • Joined: 15-April 09

Posted 15 April 2009 - 03:39 PM

thnak you

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users