Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recent experience of "Antivirus IS" Fraud Spyguard.


  • Please log in to reply
1 reply to this topic

#1 Saska01

Saska01

  • Members
  • 83 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Manchester UK
  • Local time:10:16 PM

Posted 05 October 2010 - 06:50 AM

Hi all - I'm new on here but i thought i'd give you the benefit of my recent (yesterday & this morning), experience of having Fraud Spyguard "Antivirus IS"
on my PC.
I don't know how or when i got infected,but it showed up yesterday & it gave me nearly 8 hours of sheer frustration. It behaved by blocking the opening of almost every application on my PC,everything showed up as 'infected',including the Registry,which it wouldn't allow to be opened with 'regedit' or 'msconfig' etc. It also prevented the booting up of my PC in 'safe mode' by disabling the UP & DOWN arrows used to select the method of booting up.
I had access to the internet using Firefox,IE was disabled - for a reason i suspect. In Firefox,you have to 'save' software downloads to the ''downloads folder'',then open them from there,of course once in the folder,they displayed as 'infected' & wouldn't run. In IE,you can 'run' a software download right at the start,no need to 'save' them - that's why IE was disabled. Cunning little b*****ds aren't they ?.
I contacted the AVG support team (i use AVG Free version) who for a fee of 69.00,offered to help. I paid up & they were indeed very helpful & patient,
but nothing that they tried worked,so my fee was re-funded. I then opted for a home visit from a UK engineer to come & fix it for a fee of 90.00.He was due tomorrow. However,this morning,i booted up my PC (i tried safe mode again to no avail !) & there was the Antivirus IS icon in all it's splendour. I right clicked on it,selected 'properties' & had a look at where the blasted thing was lurking. It turned out to be in my 'Temp' folder,a whole gaggle of bits & pieces which i tried to delete. I managed to get rid of some of them,but others came up with the 'in use by another user' warning a wouldn't go.
Anyway after an hour of further frustration & anger,i shut my PC down. I re-booted & as soon as my desktop icons appeared,i double clicked on AVG &
lo & behold ! - it opened up. I ran it & it detected 15 tracking cookies for nothing spectacular. I then ran Spybot S & D which detected the "Fraud Spyguard"
which was nestling nicely in the Registry HKEY_USER\Software\Microsoft\Windows etc. After Spybot had finished running i used the delete function to
rid myself of the nast little critter.
As of now,i'm clean as a whistle. I thought that i's post this on here for you to read,as some of the methods described on here how to remove this hazard,simply didn't work in my case. It may of course work in yours.
There's quite a lot of info.on how to remove this threat from a PC,but unfortunately it appears to have been written by folk who've never been infected or had experience of an infection with Antivirus IS.
I sincerely hope that this info.may be of use, & equally sincerely hope that none of the other members on here ever get infected with it - it's truly
insidious in it's effect on a PC
Saska01 :thumbsup:

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:16 PM

Posted 05 October 2010 - 09:34 AM

Glad to hear you were able to deal with this.

There are no guarantees or shortcuts when it comes to malware removal and the use of specialized fix tools, especially when dealing with backdoor Trojans, Botnets, IRCBots or rootkit components that can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install.

Rogue security programs which use social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware can be problematic as they can also download rootkits, backdoor bots and other malicious files. Since this is the case, infections will vary and some will cause more harm to your system then others. Thus, sometimes it takes several efforts with different, the same or more powerful tools to do the job. Even then, with some types of malware infections, the task can be arduous.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users