Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AntiSpyware 2009 or AntiVirus 2009


  • Please log in to reply
5 replies to this topic

#1 PandoraBoxe

PandoraBoxe

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:10 PM

Posted 11 January 2009 - 02:17 PM


Greetings all, In the past two months I've encountered AV & AS 2009 a number of times. I volunteer with our local computer club and more and more members are contracting this hideous software. In most cases, a "birthday suiting" of the system has been the only answer. Especially those that had been infected a while. I've been successful at removing this malware from some systems using instructions found here on bleepingcomputer.com.

I have not seen this malware or any evidence of it in my surfing and use of my systems. However, I'd like to know if anyone knows how it works. What is so enticing about this software that unsuspecting users will think to click on it is the right course of action? I've asked those folks who have suffered this insideous attack, but no one seems to know how it got on their systems. Is it an ad as I've seen some forums mention? Does it pop up a window that doesn't allow you to click on an X in the corner to close it? What's the best course of action for someone who encounters this dastardly software on the byways of the net?

Any and all comments are welcome . . . ;-} Pandora Boxe :thumbsup:



BC AdBot (Login to Remove)

 


#2 slingshot05

slingshot05

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:10 PM

Posted 11 January 2009 - 02:36 PM

Hello, if you could please let me in on the secret as to how to get rid of this. I just encountered this horrible virus today and I am about to scream

#3 JamesFrance

JamesFrance

  • Members
  • 278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:France/Spain
  • Local time:11:10 PM

Posted 11 January 2009 - 02:51 PM

I believe that even this:
http://www.microsoft.com/security/malwareremove/default.mspx
can now remove these scams which are designed to extort payment from unsuspecting users.

There are removal instructions here:
http://www.bleepingcomputer.com/malware-re...-antivirus-2009

Also Superantispyware free should be able to fix it.
James

#4 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:05:10 PM

Posted 11 January 2009 - 03:24 PM

The best prevention against getting this malware and many more is using the Firefox browser with the NoScript and Adblock Plus addons. This will block the popup ads, block scripting in "driveby" downloads of malware and "click jacking". IE has nothing to compare to those addons.

http://www.mozilla.com/en-US/firefox/all.html

NoScript's unique whitelist based pre-emptive script blocking approach prevents exploitation of security vulnerabilities (known and even not known yet!) with no loss of functionality...
https://addons.mozilla.org/en-US/firefox/addon/722

Ever been annoyed by all those ads and banners on the internet that often take longer to download than everything else on the page? Install Adblock Plus now and get rid of them.
https://addons.mozilla.org/en-US/firefox/addon/1865

Use Secunia's online scanner to check for missing security updates. IE, Adobe Reader, Adobe Flash and Sun Java have all been recently exploited. http://secunia.com/vulnerability_scanning/online/
After updating Java and rebooting, go to the Add/Remove program and remove ALL old java programs. You can also use a tool call JavaRa to remove the old programs and any leftover Java program files.
http://raproducts.org/

Edited by buddy215, 11 January 2009 - 04:38 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:06:10 PM

Posted 11 January 2009 - 03:25 PM

slingshot05

See the answer in the other topic where you mis-posted, here: http://www.bleepingcomputer.com/forums/ind...t&p=1087813
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:10 PM

Posted 11 January 2009 - 04:13 PM

Vundo is a Trojan that infects a system with malicious Browser Helper Objects and .dll files attached to Winlogon and Explorer.exe. The infection is responsible for launching unwanted pop ups, advertising for rogue antispyware programs, and downloading more malicious files which hampers system performance. Newer variants of Vundo typically use bogus warning messages and alerts to indicate that your computer is infected with spyware or has critical errors as a scare tactic to goad you into downloading a rogue security application to fix it. The messages can mimic system messages so they appear as if they are generated by the Windows Operating System. The problem with these types of infections is that they can download other malicious files so the extent of the infection can vary to include rootkit components which make it more difficult to remove.

For more detail on how these types of infections install themselves, read Anatomy of a malware scam.

Vundo spreads via Internet Relay Chat, by visiting underground web pages, adult, gaming or pirated software sites, and by using peer-to-peer (P2P) file sharing programs which are a security risk that can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such sites may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The infection also spreads through emails containing links to websites that exploit your web browser’s security holes and by exploiting a vulnerability in exploiting a vulnerability in older versions of Sun Java.

When you click on a Vundo laced email link, Internet Explorer launches a site that stealthy installs the Trojan so that it can run every time you startup Windows and download more malicious files. Read Ghosts Of Java Haunt Users

The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users