A program calling itself "Antivirus System PRO" has installed itself
onto my computer. It has changed the home page of IE from gmail to
viagra.com. It's causing a new window to open up every now and again
landing on porno.com. In addition, it will not allow me to run my
antivirus software (I use AVG) or Spyware Doctor. There is no listing
that I can see within the Program Files folder for the software. I
now have an icon that looks like a silver and white shield in my
system tray.
Every so often a box pops up from the tray with a red X that says:
==
Windows Security Alert. Windows reports that computer is infected.
Antivirus software helps to protect your computer against viruses and
other security threats. Click here for the scan you computer. Your
system might be at risk now.
==
Any errors in language or typos in the pop up box are not mine, what
you see above is verbatim what is in the pop up box, so obviously
since the pop up box contains improper language and typos, this is not
a true Windows alert, it is an alert that belongs to this program that
installed itself on my machine.
I have tried and failed to use all known (to me) methods of removal.
It won't let me do anything. I'm in the process right now of backing
up documents and other stuff from the HD to an external. That's been
done before but just making double sure I have my stuff before I wipe
the HD and reinstall Windows.
Anybody have any ideas on how to combat this without reinstalling
windows? I really don't want to reinstall Windows. ANY advice would be
gretaly appreciated. Thanks.
*Sometimes* I've found that the bad stuff is smart enough to recognize
already installed anti-virus or anti-malware apps, but will allow you
to install new anti-malware (malwarebytes, in my experience) and then
you'll be able to clean things up enough that you can get by.
Hopefully you were running under an account that's not the local admin
account, and hopefully you can install and run at least the first pass
of your favorite (well, 2nd or 3rd favorite) anti-malware app under
the local admin account.
But I would always reload once I've been infected by something that I
don't completely have my arms wrapped around.
Good luck. Maybe you can post back with your results and what you did
to fix things up.
This is very kind of you to reply to me on this considering I was
kinda harsh with ya re: that texting while driving thing. So I just
want to sincerely say thank you for the response, Mr. Rap.
OK, I just D/Led Malwarebytes anti malware software. Installed it.
When it got to the very end of the instalation, it wanted to check for
updates, and I got an error message that is definitely coming from the
evil software that said:
SECURITY WARNING
Application cannot be executed. the file regsvr32.exe is infected. Do
you want to activate your antivirus software now?
Of course I click no, which tells the malwarebytes program to not
update itself, and then malwarebytes tries to open and I get another
security message saying the same thing, but this time it references
the file mbam.exe which I assume is the application file that would
normally fire up the malwarebytes malware program. This time, the
"balloon" pop up that comes from the icon in the system tray
duplicates that message after I click no.
So this "Antivirus Software Pro" program is preventing other programs
that it thinks are ant-virus, anti-malware, etc. from running. :(
Thank you Don. I've been to that page before posting here. As well as
numerous others that came back from a google search on "Antivirus
Spftware Pro". I followed the directions but the mutha fucking
program has it beat. First off, I cannot Ctr-Alt-Del and bring up the
systems window... the evil software is prohibitting it from opening,
it tries to open, but it closeson its own before I can look at or
click on anything, so I cannot shut it down that way. I tried to use
Windows search to find the files that they refer to, but my search
comes up empty.
> --
>
> http://www.flickr.com/photos/rosepetal236/- Hide quoted text -
>
> - Show quoted text -
> Anybody have any ideas on how to combat this without reinstalling
> windows? I really don't want to reinstall Windows. ANY advice would be
> gretaly appreciated. Thanks.
Nope. Reinstall.
My advice in the case of any infection of any kind is to always
reinstall. Even if you think you've got it removed, you don't know if
there is a keystroke tracker or some other type of malware installed.
Any infection of any kind equals reinstalling the OS every single
time.
I would hope that no matter what transpires on rmgd regarding
disagreements, flaming, being harsh, etc., that if someone needs help
that they'd get help. We're all human beings making our way through
the world.
I'm no expert at this stuff, just passing on some techniques that have
worked.
What account were you logged on as when you became infected? If it
*didn't* have local admin privs (hopefully this is the case!), then
you might be able to log out of that account and log in to the local
admin account and retry installing malwarebytes (or something else).
Yes, these f'in programs are getting smarter.
If you *were* logged in with an account with admin privs, then once
you've reloaded your machine, try to do your normal activities with an
account with normal user privs.
Thank you Andrew. This sounds like very good advice. May I ask please,
do you think that it's possible that my data files (word docs, flacs,
pdfs, etc.) could also be corrupted? After the reinstall, the plan is
to put the data files back on the HD after I reinstall the programs.
Where would you put the probability that the data files could be
corrupted? And I guess since I'm asking/begging, do you think its
possible I'm infecting my external by copying the said data files from
the HD to the external? Thanks again.
You're a good man.
> I'm no expert at this stuff, just passing on some techniques that have
> worked.
>
> What account were you logged on as when you became infected? If it
> *didn't* have local admin privs (hopefully this is the case!), then
> you might be able to log out of that account and log in to the local
> admin account and retry installing malwarebytes (or something else).
>
> Yes, these f'in programs are getting smarter.
>
> If you *were* logged in with an account with admin privs, then once
> you've reloaded your machine, try to do your normal activities with an
> account with normal user privs.
I'm logged in as the admin. :( Don't have any user accounts set up on
this box.
I guess after I reinstall Windows, I should set up a user account and
use that, and leave the admin account for admin purposes? Am I
understanding you correctly on that? Thanks.
Unlikely.
> And I guess since I'm asking/begging, do you think its
> possible I'm infecting my external by copying the said data files from
> the HD to the external? Thanks again.
Unlikely. But to make sure, if you want, you can move over folders one
by one from your current HD to your external HD and just verify that
the files in those folders are the FLACs, DOCs, PDFs, and the like
that you expect to be in there.
Perhaps once you have the files all moved to that external drive, if
you have access to another computer, you can plug that external drive
in there and run a scan on it.
Yes, because then making the wrong click *might* not have such dire
consequences. You have a much better chance of then logging out of
that account, logging in to your admin account, and cleaning things
up.
One piece of advice that seems to be common - no matter what, no
matter how successful you feel your cleanup has been, do a reload. I
ignore this advice if I'm familiar with the bad guy.
Your data files are probably fine - an decent av program that up to
date definitions should keep you safe. If you've got vba code
(assuming microsoft office, here), than you're more susceptible. And
if you've got auto-run vba code in your files, then that ups the risk,
again.
Besides that first, fateful click, your biggest mistake was doing your
normal online activity as an admin. Not that I don't ignore my own
advice most of the time.
Great idea that's exactly what I'll do. Seriously, thanks man.
Good luck.
Greg
marcman <marcman...@gmail.com> wrote:
--
Greg
phobos78-marslink-net
Replace dashes and move in by 1 planet to reply.
======================
once you install malwarebytes antimalware, do not let the program run. Go
into the program directory and copy the mbam.exe file to several new file
names such as 123.com or xyz.com. Just make the name up. The malware will
not know they are cleaners when you run them. Use the .com because the
malware often flags any .exe file as corrupt, and will not let them run.
This usually will get it, but a re-install of the OS definitely will.
Jeff
Yeah man, I use AVG Full version and have a site advisor and all sorts
of protection. I'm shocked this happened. I'm thinking that either
somehow AVG must not have been running for some reason, or maybe my
kid did something that I don't about, but thats realy unlikely too.
Really freaky. I hate PCs. When I have the time I'll get a Mac. I'll
need time to adjust, can't switch without first becomming familiar.
So far I backed up all my data.
Then I did what Dell calls a "PC Restore" which restores your hard
drive to the operating state it was in when you purchased the
computer. Any programs or files added since you received your computer
- including data files - are permanently deleted from the hard drive.
When the fresh Windows XP booted up I went through the usual Windows
XP setup and I was very happy to see that the Internet connection
created no issues, it fired right up.
Then I did about 2 hours worth of Windows Updates, including service
pack 3,
Then I installed my antivirus/anti everything software. I connected
my external, it installed itself.
I pointed my AVG software at it and had it sniff for all threats in
its slowest mode.
Clean.
I probably have about five hours worth or installing software to deal
with now.
The silver lining is that I have a nice fresh clean windows install
and my machine is faster.
Thank you to everybody that offered advice, what a nice bunch of guys
we got here.
You should *always* be prepared to do a clean restore of the OS. I
wouldn't use Dell's restore steps - I'd document the drivers that I
actually use (you don't have to use every swinging driver they
supply), and do a clean install of the OS from Dell's cd. Then put
back the drivers that were burned to my own cd - just the drivers that
I use. And keep copies of the install files of your apps on the setup
described below.
I'd have 2 extra physical discs in my machine that either get mirrored
via hardware or using a scheduled robocopy job and/or one of the
various external boxes that hold multiple discs and provide
redundancy. For a few hundred bucks you'll have gobs of redundant
storage that's not on your OS drive. The OS install procedure is
simple enough, if you're set up properly you won't be in a position of
being intimidated by the prospect of reinstalling.
You'll solve the problem of your kid doing stuff by taking a little
bit of time after the install and before allowing your family to use
the system by creating accounts for everyone and making sure the
accounts don't have power user or admin privs. You should do the same
for yourself.
While there's great attraction to have Mac stuff and Linux stuff,
there's nothing wrong with the pc side of things. I only use free
anvi-virus and anti-malware tools (avg, malwarebytes, ad-aware) and
I'm mostly good about using privileged accounts the way they should be
used.
>On 2009-11-24 09:17:00 +0900, marcman <marcman...@gmail.com> said:
>
>> I am the most careful guy in the world with my work computer.
>
>> Anybody have any ideas on how to combat this without reinstalling
>> windows? I really don't want to reinstall Windows. ANY advice would be
>> gretaly appreciated. Thanks.
>
>
>Buy a Mac, or engage an expert to transition you to Linux. I am not
>joking or being flippant amid your Windows-travails situation. I
>switched from Windows to Unix-based Mac in 2005 and, aside from e-mail
>spam that continued to flow like torrents on one e-mail account left
>over from the Windows days until I quickly and easily switched through
>my ISP to a new e-mail address on the same account, I have not
>experienced AN IOTA of the crap traditionally associated with the
>Windows experience.
I run both Windows and Linux at home. I've never experienced the
"crap traditionally associated with the Windows Experience" so I'm not
inclined to say that Windows should be chucked just because of
malware.
Now, one way I avoid most of those problems is by not using Internet
Explorer or Outlook. There are better browsers and e-mail programs
out there, and unless Outlook is required for work I'd avoid it like
the plague.
Good morning, I feel like I'm back from the dead (not the GD).
> You should *always* be prepared to do a clean restore of the OS. I
> wouldn't use Dell's restore steps
Unfortunately this PC didn't come with Windows Discs, and of course it
was too late to acquire (or create) them, I really needed to solve the
problem yesterday so I can be up and running by this morning, which
did happen, btw, thanks in large part to teh help I received here, so
thanks again to all.
> - I'd document the drivers that I
> actually use (you don't have to use every swinging driver they
> supply), and do a clean install of the OS from Dell's cd. Then put
> back the drivers that were burned to my own cd - just the drivers that
> I use. And keep copies of the install files of your apps on the setup
> described below.
>
> I'd have 2 extra physical discs in my machine that either get mirrored
> via hardware or using a scheduled robocopy job and/or one of the
> various external boxes that hold multiple discs and provide
> redundancy. For a few hundred bucks you'll have gobs of redundant
> storage that's not on your OS drive. The OS install procedure is
> simple enough, if you're set up properly you won't be in a position of
> being intimidated by the prospect of reinstalling.
>
All of my data was backed up prior to getting infected, except for
maybe some of the most recent stuff. I just didn;t trust myself with
the data backups that I had, so I wanted to make sure that any music
and/or important docs were doubly backed up.
> You'll solve the problem of your kid doing stuff by taking a little
> bit of time after the install and before allowing your family to use
> the system by creating accounts for everyone and making sure the
> accounts don't have power user or admin privs. You should do the same
> for yourself.
>
I set up a user account for myself as you suggested. As far as the
kid getting into my stuff, he's got a desktop *and* a kick ass laptop
(the kid's better set up than I am!) so I doubt it was him, not his MO
to be rootin around on my business computer, and my darling wife also
has her own laptop and would never be on my computer. She has no
reason to snoop, I bring all my girlfriends home and she watches all
the porn with me . . . kidding!!! :)
> While there's great attraction to have Mac stuff and Linux stuff,
> there's nothing wrong with the pc side of things. I only use free
> anvi-virus and anti-malware tools (avg, malwarebytes, ad-aware) and
> I'm mostly good about using privileged accounts the way they should be
> used.
The worst part of what happened yesterday wasn't fixing it, it was not
knowing how it happened.
Mucho thanks again.
I don't use Outlook. Ever. I do use IE8 though. If you have the time,
would you consider a brief explanation of why Firefox is better from a
security standpoint than IE? I'm sure others besides me could benefit
from such a synopsis.
>
>
> >Nor can I understand why anyone would continue to tolerate said crap --
> >not a knock on you, but of anyone who may be a creature of habit
> >reluctant to change, such as I was for quite a while until my Mac
> >switch, and even after that, dealing with the e-mail switch, as I'd
> >always bitched about it being so inconvenient...but the fact is, I have
> >no time for computer-related headaches; things should do your bidding
> >right out of the box, and you shouldn't have to go through life without
> >-- or at least, a greatly reduced chance of -- the potential threat of
> >the problems you're dealing with right now ever cropping up.
>
> >No operating system is perfect nor entirely free of being a target of
> >Internet malcontents, but I do not need nor use any of those old
> >Adaware/malware preventer-remover stuff. Of course Windows PCs are
> >cheaper and always have been, but in my experience and opinion, it's a
> >pennywise, pound-foolish proposition.- Hide quoted text -
>
> - Show quoted text -- Hide quoted text -
First, IE is the biggest target of malware (because it's the most
widely used browser, even if its share of the market is slipping).
Second, I don't think Microsoft inherently understands computer
security. ActiveX is a good example of this - Microsoft implemented a
way for remote sites to install and run programs on your local machine
in native operating system mode. Contrast that to Java, which also
allows programs to run on your computer but in a protected, virtual
machine mode.
I also run Firefox because it's cross-platform - I can have the exact
same browser experience on my Linux boxes as I do on my Windows boxes
(especially using the Mozilla Weave plug-in that syncs bookmarks,
preferences, passwords, etc. and can sync those to your own "server"
so you don't leave that information out on a publicly accessible
server).
>On 2009-11-24 23:33:15 +0900, Brad Greer <jjh1...@yahoo.com> said:
>
>> On Tue, 24 Nov 2009 15:28:38 +0900, band beyond description
>> <everybody's.d...@that.rag.com> wrote:
>>
>>> On 2009-11-24 09:17:00 +0900, marcman <marcman...@gmail.com> said:
>>>
>>>> I am the most careful guy in the world with my work computer.
>>>
>>>> Anybody have any ideas on how to combat this without reinstalling
>>>> windows? I really don't want to reinstall Windows. ANY advice would be
>>>> gretaly appreciated. Thanks.
>>>
>>>
>>> Buy a Mac, or engage an expert to transition you to Linux. I am not
>>> joking or being flippant amid your Windows-travails situation. I
>>> switched from Windows to Unix-based Mac in 2005 and, aside from e-mail
>>> spam that continued to flow like torrents on one e-mail account left
>>> over from the Windows days until I quickly and easily switched through
>>> my ISP to a new e-mail address on the same account, I have not
>>> experienced AN IOTA of the crap traditionally associated with the
>>> Windows experience.
>>
>> I run both Windows and Linux at home. I've never experienced the
>> "crap traditionally associated with the Windows Experience" so I'm not
>> inclined to say that Windows should be chucked just because of
>> malware.
>>
>> Now, one way I avoid most of those problems is by not using Internet
>> Explorer or Outlook. There are better browsers and e-mail programs
>> out there, and unless Outlook is required for work I'd avoid it like
>> the plague.
>
>that is smart, and I wholeheartedly understand, applaud and endorse
>your and Mr. Rapidan's rational, precautionary take on the Windows
>environment. but speaking for myself, I left my Windows expertise
>lapse around Windows 98 & NT 4.0, after having a pretty good
>understanding dating from the Windows 3.0 era, and have no desire or
>need to resume my knowledge base. that said, it's an intellectual and
>otherwise necessary exercise for some foiks, which I have no problem
>with -- more power to you all! it's more the bad experiences that I
>recall having toward the end of my Windows tenure, and see others
>having now, that shapes my view.
>
People should run the hardware/OS that they're comfortable with and
that gets the job done for them. I've never understood why people
feel the need to evangelize a particular operating system (other than
people who have a commercial interest in such activity, of course).
I just came across an interesting article dated 11/20/09 comparing the
security features of the four main browsers.
http://news.cnet.com/8301-13880_3-10402239-68.html?tag=mncol;txt
Hey Brad, I've been thinking of turning one of my machines over to
Linux. Any suggestions on Linux software? What do use? I've an older
version of Knoppix kicking about on dvd somewhere. I'm open to
suggestions.
W
I've been running Ubuntu for several years now. It's full-featured
and well supported, they put out a new release every six months. You
can create a "live CD" that lets you run the OS off a CD without
touching your hard drive and changing the OS. The installer is very
beginner friendly.
Haven't played with enough other versions of Linux to comment on their
current state.
I was going to chime in with my advice, but it was already given, and
you didn't have 2 accounts on the machine. My case of this virus came
about a year ago from a website that I visited, so perhaps that's the
case. think about any new sites you visited recently. After an hour of
frustration, I booted up as "Admin", did a search for all files
associated antivirus system pro, deleted them, then ran a registry
cleaner. I then rebooted in the safe mode and ran a virus check, along
with a couple of spyware/malware checkers. No problem after that. A
friend suggested I keep two accounts on my machine a few years back.
This is the only time it came in handy, but well worth it.
W
>
> Mucho thanks again.
Thanks, I'm downloading it now. Since I posted I also checked out and
dl'd the latest Knoppix, but the support seems a whole lot better for
Ubuntu, guess I'll be experimenting with that over the weekend.
W
Hope you had fun. The biggest complaint I have with Ubuntu is they
are slow in putting new versions of Firefox into their official
repositories. There are ways around that, of course.