Latest Virus Encourages Users to Uninstall AV Software

21

Comments

+ Add a Comment
avatar

andrewc513

These things are stupid-easy to remove, so it's easy money for repair techs (sad as that may sound).  The downside is that no antivirus catches these zero-day rogues, so ultimately people get reinfected and come back to the person that "fixed" the problem and raise hell because they're reinfected.  These things are a double-edged sword, therefore a pain in the royal butt.

avatar

mdkplus

Trend Micro Housecall will run in safe mode

avatar

Guisano

When I was trying to clean the Security Tool virus from my son's netbook, I couldn't get any of the spyware / malware programs to run in Safe Mode.  That netbook has Win 7 Starter on it and I thought that I had d/l the most recent versions of the programs I wanted to use.

I'm reading here that it is possible to run these in Safe Mode.  Does anyone have any thoughts as to why they wouldn't run under the conditions described above?

 

Thanks

avatar

Michael Ellis

My favorite is and always shall be the Amish Virus.

avatar

Caboose

you and me both mate!

avatar

sniggler

Actually three combined into one but here it is:

 

Smitfraudfix

http://tinyurl.com/llo2e/

 

Lol hyperlink fail

 

avatar

schwit

http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/
http://download.bitdefender.com/rescue_cd/

Either of these will get you an ISO that will boot from Linux and clean your Windows HD.

avatar

cajunaggie87

I once had an experience with this virus. I tried using Malwarebytes to remove it but it wouldn't remove it because it was seeing it as a program in use that I couldn't close. It kept me from running the actual antivirus software as well as Task Manager. What I ended up doing is "tricking" the virus into closing itself by initating a shut down of my computer. Once I started the shutdown, windows popped up with a message asking me if I am sure I want to shut down because there were some running programs. I realized that once this message popped up, the virus closed itself. So I just stopped the shutdown, ran malwarebytes and the real antivirus, and it was removed.

This all happened by accident, but it worked. Not sure if it works for everybody.

avatar

big_montana

Thsi will allow Internet Explorer to launch, so all you need do is have a copy of Process Explorer (Task MAnager on steroids) and rename its executalbe to iexplore.exe and you can launch it and kill the running processes without issue. If you do not have Process Explorer, you can download it for free from Microsoft, I keep a copy of it on a write protect USB flash drive just for this purpose.

avatar

JPMiller

Most of the above methods delete the main files and stop it from running, however in most cases it will come back within days or less through System Restore and hidden files...

To truly rid yourself of the entire infection a multi pronged removal is necessary

Turn off system restore until you have run all of the following...

CCleaner

VIPRE Rescue   http://vipre.malwarebytes.org/

Malwarebytes

Superantispyware

Turn on System restore and uncheck the proxy settings

In all cases and variants, this was the only method that kept it from being reinfected

I also suggest Microsoft Security Essentials as your Main Antivirus/Antimalware solution, with Malwarebytes as a weekly scan option

 

 

avatar

reutnes

Sometimes scanners wont remove files if they are in use.  I"ve found Killbox to be very helpful in forcing programs of all sorts to quit.

avatar

titan8813

They're saying even if you wanted to install the software by clicking the OK button, you don't have a choice because they're goin to do it for you.  So either way, OK button or Cancel button, it doesn't matter.  At least I think that's what they're getting at.

avatar

JE_Delta

My Sister got a rogue Antivirus on her computer a little while ago.

Malwarebytes found the files but could not delete them for some odd reason.

I had to delete them manually with FileAssassin.

"Rogue Antivirus Viruses" Are the worst to remove and a pain in the Ass

 

avatar

razorpetti37

Honestly, I don't understand why people spend their time and talent on making viruses. I realize there are morally corrupt and dishonest people in the world, but stuff like this is just a pain in the butt to the everyday, honest, hard working person. I don't get affected by too many of these virus attempts thanks to educating myself and knowing what to watch out for, but people like my grandparents would have no clue they even have a virus.

These people are basically digital terrorists. Just like the extremist bombers, they make life inconvienent for everyone else. Airport security is one step from strip searching everyone, all thanks to some idiots with a twisted cause. Same goes to these virus programmers. You've got to have 10 different programs to protect yourself and still they find new ways to screw you.

avatar

Jonthomasdesigns

That is crazy , this morning i got my friends PC to clean and it had this same exact virus ... The most important thing in you MUST go into safe mode to clean it ... Nothing you can do will work in normal mode , not even Kill scripts that worked on other virus

Once in Safe mode use Superantispyware and Malwarebytes (you need the most recent Malwarebytes in order for it to work)

if you log back to naomal mode and it still is there .. just run the scans again

 

Once its gone in normal mode , update Superantispyware and malwares buts and run full scans .. DL MS security essentials (*if you are not running it)

Oh yeah .. it also hijacks your web broswer so you have to go to web setting and un click the proxy sever stuff and set to Auto

 

avatar

BAMT

If your computer is fast and you open Task Manager right away, you can kill its launcher before it loads. It seems that whoever wrote it has it wait for a few seconds to give people who really need their computers a chance to kill it for some reason. At any rate, it should be near the top of the processes list as TDSS with randomness before and/or after it, appended with .exe. End the process quickly enough and you can remove it with real AV. (Also, some variants block Safe Mode or run in it as well.)

avatar

Blues22475

I take care of most, if not all of them in the same way:

1. Start with in Safe Mode with Networking.
2. Go download and install Malwarebytes Antimalware
3. Update and run a Full Scan.
4. Boot into Normal mode and scan the computer with a full scan.
5. Done.

98% of the time this works. There are a couple of times where you cannot access the internet. For this you can go to Internet Settings and go to connections. Make sure the proxy check boxes aren't checked. If this does not work run comandline (Start > All Programs > Accessories > Command Prompt) and run the command "netsh winsock reset". Or you can run the WinsockXP fix (really works well with XP machines) which you can download.

avatar

Guisano

This is OT but I didn't see another forum to post to.  In any event, one of my sons' computers became infected with the title line and I found a way to remove this that turns out to be quite simple and I feel that it's worth sharing.

If you have this or a variant of it do this.

Boot into Safe Mode with networking

Create a new user account with password for yourself

Open your browser and make sure that the setting are for it to auto connect

Download wihichever anti malware you think you want to use.  I used MS Security essentials first

Reboot the computer and login to your newly created account

Run the anti-malware

Run additional anti-malware programs as well as anti-spyware, anti-virus, etc until you're convinced that your box has been returned to its unperturbed state

 

It's a long story how I got to this but it did work.  Hope this helps.  Sorry for going OT

avatar

Caboose

The only upside to this, is I'll have more work coming my way now. More work = More Money = Able to get a house sooner

avatar

Athlonite

same here I just love dumb asses that get these takes me ten minutes to remove and costs said dumb ass $40 bucks

Log in to MaximumPC directly or log in using Facebook

Forgot your username or password?
Click here for help.

Login with Facebook
Log in using Facebook to share comments and articles easily with your Facebook feed.