Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The secret recipe for Antivirus XP Pro


  • Please log in to reply
7 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,640 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:36 PM

Posted 23 March 2009 - 07:57 PM

Vundo uses a formula of constant security warnings, desktop hijackings, and Internet Explorer hijackings to foist Antivirus XP Pro on to your computer. Recent installs of Vundo have been showing an increasing amount of advertisements for Antivirus XP Pro, so we should expect to see quite a few computers infected with this malware.

The formula consists of a healthy dose of Internet Explorer hijackings:



Internet Explorer Hijack #1 advertising Antivirus XP Pro
Internet Explorer Hijack #1 advertising Antivirus XP Pro



Internet Explorer Hijack #2
Another Internet Explorer Hijack

Add a dose of fake security warning:

Fake Security Warning
Fake Security Warning

A sprinkle of desktop hijacking:

Desktop Hijacking
Desktop Hijacking
 

Finally, stir a little Vundo to glue it all together in, and you have Antivirus XP Pro.




Antivirus XP Pro
Antivirus XP Pro
 

Unfortunately, Google Trends data corroborates what I am seeing as shown by the graph below. This graph shows a recent increase of activity for the search keyword Antivirus XP Pro.

 

Google Trends graph for the keyword Antivirus XP Pro
Google Trends graph for the keyword Antivirus XP Pro


So, if you are one of the unlucky ones who has Antivirus XP Pro installed, please ignore the warnings, and instead use the guide linked to below to remove it for free.

 



BC AdBot (Login to Remove)

 


#2 Zachary09

Zachary09

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida, USA
  • Local time:12:36 PM

Posted 30 March 2009 - 10:07 AM

Hey thanks for putting this up my friend got this program and it has really screwed up his computer.

$652.50 / $829.99 raised for this PC.


#3 pochp

pochp

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:36 AM

Posted 01 April 2009 - 07:24 PM

I have written about these 'scarewares' but maybe not here.
pochp.wordpress.com
Plato on-line

#4 Surfrunner

Surfrunner

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 04 April 2009 - 12:22 PM

I have the black warning screen and fake security button (pic 3 & 4) as shown on your page, I don't seem to have AntivirusXP on my computer.. What else can it be and how do I get rid of it. Right now it seems to disable Malewarebytes program, so I can't run that.. Help!!!

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:36 PM

Posted 04 April 2009 - 07:27 PM

Hi Surfrunner,

I suggest you click this link to the Am I Infected forum for some confirmation of what you have.

Link
Posted Image
m0le is a proud member of UNITE

#6 o_rly

o_rly

  • Members
  • 193 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:An unclean desk
  • Local time:10:36 AM

Posted 13 April 2009 - 09:57 PM

I found this on my VM, but it didn't have the black background.
Don't mind me, I'm just lurking.

#7 fardin100

fardin100

  • Members
  • 108 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United Kingdom
  • Local time:11:36 AM

Posted 14 April 2009 - 04:40 AM

Hi, Thanks again for this great post admin! It is nice of you to teach others about this infection and teach them to remove it. :thumbsup:

#8 fatih_ictuzer

fatih_ictuzer

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 15 April 2009 - 03:39 PM

thnak you




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users