Posted 06 December 2008 - 03:15 AM
I believe I have the Real Antivirus malware on my PC. It was discovered a few days ago by a family member and reported to me. I was not home when the problem initially was noticed. I am currently running Windows XP.
After reading about it online, I have the typical symptoms. Flashing WARNING box permanently fixed onto my desktop that reads exactly this: "WARNING: Dangerous Spyware. There are many viruses found on your computer, such as Trojan Horses, PassCapture, etc. Your personal data can come into wrong hands. Please, follow that link to more about your data safety and privacy. Thank"
I also have a system try icon that is a red circle with a white X inside that has a pop-up bubble that reads exactly this: "Warning! Security report. Your computer is infected! It is recommended to start spyware cleaner tool."
Every now and then. my browser will open by itself to the Real Antivirus website where their antivirus "product" is available to buy. According to most things I have read, the product is completely fake and the objective is to steal credit card info.
My problem lies in how to remove it.
According to this website and many others I have visited, there are typical files associated with RealAV. The ones listed on this website are:
%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\RealAV.lnk
And the registry info:
With all this being said, I have tried a few solutions:
1. Running Malwarebytes - Didnt pick up the files, but picked up some other things
2. Symantec AV (last LiveUpdate on 11/28/08) - Didnt pick up the files and, according to them, has had a solution for RealAV since June of this year.
3. Ran Kaspersky free online scan - Picked up all of my Symantec Quarantines and about 6 or so other files that I promptly removed after I got the log from the scan.
Does anyone have any suggestions on how to find/remove it? RealAV seems like the right diagnosis, but its not showing any of the typical files associated with it. Im wondering if it has been changed since the time it was discovered.
Also, as I mentioned before, I have read that it tries to steal credit card info. Can it only steal the information if I buy the fake product and provide my number? Or can it also pull information from things I have ordered online in the past or things I will order in the future until its gone? (i.e. Amazon.com orders, eBay)
Any information or insight will be gladly appreciated!