# Antispyware 2010 Virus



## REFLECTS (Apr 7, 2008)

Just managed to get rid of this.

It totally hijacked my system and warned me of fake viruses and looked like official messages coming from Microsoft.
Help bubbles popped up saying virus detected etc etc.

It completely took over the Laptop 

To get rid i downloaded exefix_xp, then malwarebites anti malware.

Anything else, antispyware virus blocked 

Beware


----------



## chisai (Jan 1, 2009)

I've not long got my PC back after I got this. Pain in the tonsils it was. Nothing I did was able to get rid of it and it looks awfully like an AVG logo.
Guy got rid and installed Avast and malwarebytes on my PC. Just before it manifested itself I got a pop-up telling me I did not have a firewall running, I reckon 2010 must have had something to do with this.


----------



## No_Fear (Oct 15, 2009)

a combination of combofix ,malwarebytes and Spybot - Search & Destroy most of the times do the job.


----------



## Blazebro (May 18, 2007)

There was a virus going around this week. It was sent in a email which looked like it was from UPS.

I recieved the email and clicked on a link to open my attachment which would apparently show my tracking ref (I was suspicious as I didn't think I ordered anything). Luckily Kaspersky was more on the ball I was.

I phoned UPS where they had an automated message about it.


----------



## Matt197 (Dec 27, 2006)

Ye a member of staff had a laptop that was totally infested with spyware and one of them was Antispyware 2010.

It had totally disabled the system, nothing was loading apart from the spyware programme, could not get to task manger as it had blocked that as well, safe mode would not work either.

Tried taken the hard drive out and scanner it on my machine but even with it removing 80 spyware variants it would still not work, had to wipe the laptop in the end.

Don’t know how people mange it sometimes


----------



## Guest (Feb 3, 2010)

The simple solution is to not download the .exe file, and then run it by double clicking it or choosing "run from my computer". Then you won't get anything like this on your machine.


----------



## chisai (Jan 1, 2009)

G220 said:


> The simple solution is to not download the .exe file, and then run it by double clicking it or choosing "run from my computer". Then you won't get anything like this on your machine.


I never did anything like this so am confused as to how it got in, I am ALWAYS very careful as to what I download. I also had the free AVG running and regularly updated it as advised and it still missed it.


----------



## SBerlyn (Nov 9, 2008)

G220 said:


> The simple solution is to not download the .exe file, and then run it by double clicking it or choosing "run from my computer". Then you won't get anything like this on your machine.


No sh!t Sherlock! 

I'm an IT Tech too, and it pains me the amount of people who just follow instructions that webpages give them..

S


----------



## Guest (Feb 3, 2010)

I am going to say now that I find it extremely difficult to believe that the program downloaded and executed itsself automatically onto your system. Especially if you were up to date on service packs, infact even if only up to date by a year, you must have executed the file somehow, even if you were not aware of it.

The reason AVG didn't detect it is 1) It isn't classified as a virus, it is scareware, and 2) AVG aren't very good at detection and removal of these kind of threats, so they tend not to include them anyway.

In theory you don't need any AV if you trust yourself, if you don't, get a decent antivirus and antispyware program, not poor efforts such as spybot search and destroy.


----------



## REFLECTS (Apr 7, 2008)

G220 said:


> *The simple solution is to not download the .exe file*, and then run it by double clicking it or choosing "run from my computer". Then you won't get anything like this on your machine.


I didn't download anything, I was browsing DW and it popped up.


----------



## REFLECTS (Apr 7, 2008)

G220 said:


> *I am going to say now that I find it extremely difficult to believe that the program downloaded and executed itsself automatically onto your system*. Especially if you were up to date on service packs, infact even if only up to date by a year, you must have executed the file somehow, even if you were not aware of it.
> 
> The reason AVG didn't detect it is 1) It isn't classified as a virus, it is scareware, and 2) AVG aren't very good at detection and removal of these kind of threats, so they tend not to include them anyway.
> 
> In theory you don't need any AV if you trust yourself, if you don't, get a decent antivirus and antispyware program, not poor efforts such as spybot search and destroy.


Extremely difficult as you find it, thats a fact. Nothing ever gets downloaded on this laptop. It is used for DW and other well known websites.
Absolutely nothing was downloaded


----------



## Guest (Feb 3, 2010)

REFLECTS said:


> I didn't download anything, I was browsing DW and it popped up.


How can it just pop up when you are browsing DW? This is technically impossible, unless, DW was hosting the file and initiated a pop up to download it. This is not the case. Or:

I do believe you that it popped up, but if this is the case, then your machine already had malware on it before this, popups cannot just pop themselves up without the website you are currently being on making them do so.

If it was possible to just make webpages appear on any old persons machine, I would be doing it day in day out winding everyone I know up


----------



## Matt197 (Dec 27, 2006)

G220 speaks the truth.

I take it you are running the most current service pack for you’re OS, should be SP3 for Windows XP and are connecting to the internet using a router?

If so then it’s highly unlikely it downloaded its self, you probably downloaded it by mistake thinking it was a different programme, most of theses malware/spyware programs once open perform a quite install so you think it’s not done anything, and they can lay dormant until a certain date or event is reached.

/Story time 

Back in late 2003/2004 when the Sobig, Blaster worm and MyDoom were doing the rounds I was helping a mate out, we formatted the computer and within 4 min of connecting to the internet the computer was infected, had to download SP1 and other software from one of his mates house and start again.

This was on fresh Windows XP install and the computer was connecting through a USB ADSL Modem, my point being is that now day’s people connect through a router and are at least running SP2 so this type of thing should not happen.


----------



## chisai (Jan 1, 2009)

So what you say is that I could visit a site with dodgy intentions, the site will plant the virus/program and it will not show up in any way till a future date, possibly months or years away and as long as it bypasses my current security it will remain until then.
I remember one unusual site I visited not long before was a link posted in a thread from DW about cheap electronic gadgets from China, is there a way this could have happened through this?


----------



## Matt197 (Dec 27, 2006)

chisai said:


> So what you say is that I could visit a site with dodgy intentions, the site will plant the virus/program and it will not show up in any way till a future date, possibly months or years away and as long as it bypasses my current security it will remain until then.
> 
> I remember one unusual site I visited not long before was a link posted in a thread from DW about cheap electronic gadgets from China, is there a way this could have happened through this?


No, just by visiting a website will not get you infected, you can only get your self infected from a website if you download the file from that website.

Say for instance you clicked a link for cheap electronic goods and once you did a download dialog box popped up asking you to download a file, as long as you cancel the download request you will not have downloaded the malicious software, does that make sense?

Trojan horses are designed to allow a hacker to remotely access a target computer, once a Trojan horse has been installed on your computer; it is then possible for the hacker to access your computer remotely and perform various takes such as install other malicious software.

So yes if you do not have any antivirus of spyware/malware protection then it can potentially go undetected, hope that helps.


----------



## REFLECTS (Apr 7, 2008)

I'm confused and i am not disagreeing with you guys because i am limited in my knowledge to the level you talk :thumb:

I was sat browsing DW and bam it started popping up. I have used photobucket, a Wolves FC forum and Halfords but never clicked download anything.

Could it be PB?


----------



## jamest (Apr 8, 2008)

A Wolves fan? Palace here 

With an up to date OS there is no way that a program can execute itself. It will have come up probably as a popup which when clicked will install itself.


----------



## ardandy (Aug 18, 2006)

Had 2 people at work who had this and I had to get rid of the thing.

It can only come from;

1, A Website
2, An Email
3, Messenger or messenger type apps
4, Possibly a USB pen (but not this particular one) that was infected.


EDIT: One teacher had it on her brand new laptop I set up for her which was a fully up to date version of Windows 7, only took her 2 days! Up to date OS doesn't seem to protect from this (probably updated as often as anti-virus etc stuff anyway!).


----------



## chisai (Jan 1, 2009)

Matt what you say does make sense. I am just going to have to put it down to my missus or son opening something, but I am pretty sure they haven't.


----------



## ardandy (Aug 18, 2006)

Google images is a common source.


----------



## jamest (Apr 8, 2008)

I found Antivirus Pro 2009 etc on laptops before that had fully up to date Windows installations aswell as fully up to date AV software.


----------



## chisai (Jan 1, 2009)

ardandy said:


> Google images is a common source.


Guy that sorted mine recommended I stop using Picasa.


----------



## jamest (Apr 8, 2008)

chisai said:


> Guy that sorted mine recommended I stop using Picasa.


Nothing wrong with Picasa unless there is a security exploit I don't know about.


----------



## Chris_R (Feb 3, 2008)

I am not gonna beat around the bush with this, it comes from downloading files and running unknown planted executables (usually obtained on your hunt for an album or movie via torrent sites) or browsing "free" porn sites - the one's that lead you through site after site with the promise of seeing a glipse of free snatch.
Alternative is the ones that pop up saying you have a virus, click here etc to get rid of it and run this file.
Having cleared up four or five laptops in the last couple of months with this and similar infections, all of them had the above things in common in their web site history - free porn and torrent downloads.
It cannot just install itself, you have to have clicked on something then clicked on the "are you really sure you want to run this thing ", a legit website will not (in fact cannot) just plant a virus on your computer without you agreeing to it - tricked into it or otherwise.


----------



## Guest (Feb 4, 2010)

chisai said:


> Guy that sorted mine recommended I stop using Picasa.





jamest said:


> Nothing wrong with Picasa unless there is a security exploit I don't know about.


Yes, the guy should know better than to suggest stop using Picasa... Does he really think google would have such an unsecure program?


----------



## PWOOD (Apr 30, 2007)

OP try installing McAfee site advisor when searching the web via Google etc. It provides a colour coded system which helps avoid you clicking dodgy sites in the first place. Some may say it slows the computer down but i can't say I noticed on mine. Works with Firefox and IE (your not still using that though are you!).


----------



## ardandy (Aug 18, 2006)

Well this is ironic!


----------



## Chris_R (Feb 3, 2008)

ardandy said:


> Well this is ironic!


what is ironic?


----------



## ardandy (Aug 18, 2006)

There was a post just above mine that was full of spam!

Mod must have deleted.


----------



## [email protected] (Jan 9, 2006)

Got rid of AV9 a few times, clever bugger that was, had too rename stuff such as malwarebytes to a name that it wouldnt prevent running


----------



## Paul_W (Feb 11, 2006)

Seems some of these fake security things aren't quite as well thought out as others. My sisters laptop had "vista antimalware 2010" on it the other week. As far as I could tell web browsing was unaffected. But when you double clicked on an exe it wouldn't run. However, whoever wrote this thing was kind enough to put their own workaround in. All you had to do was right click on an exe such as taskmanager, malwarebytes etc and click the new option "start". I had the whole thing removed in about 5 mins.


----------



## Motoract (Feb 18, 2010)

quick option would be to simply set the pc / laptop back to it's last good known configuration. just take off all the new files before doing so mind!


----------



## colarado red (Jun 5, 2008)

our lass picked this up,from some one on face book who sent her a video the tt.Was only reading this on here yesterday.Hopefully sorted now. just went to a restore point yesterday and un installed everything from firefox and re installed it.Seems fine now.


----------



## Chris_R (Feb 3, 2008)

colarado red said:


> our lass picked this up,from some one on face book who sent her a video the tt.Was only reading this on here yesterday.Hopefully sorted now. just went to a restore point yesterday and un installed everything from firefox and re installed it.Seems fine now.


Check it is working properly with going to websites - particularly virus software sites like McAfee or Avast etc - they may have some browser hijacking in place still or a edited hosts file (c:\windows\system32\drivers\etc) causing it redirect to another potentially dodgy site.


----------



## colarado red (Jun 5, 2008)

Chris_R said:


> Check it is working properly with going to websites - particularly virus software sites like McAfee or Avast etc - they may have some browser hijacking in place still or a edited hosts file (c:windowssystem32driversetc) causing it redirect to another potentially dodgy site.


Everything back to normal now.Done a full system scan everything ok.When trying to brows last night it kept redirecting me to dodgy sites.Back to normal now i have completely uninstalled and reinstalled firefox


----------



## Mini 360 (Jul 17, 2009)

Dam glad Ive got my mac :lol: No problems that way.


----------



## Chris_R (Feb 3, 2008)

Mini 360 said:


> Dam glad Ive got my mac :lol: No problems that way.


Why? Because Mac makes it all go away? Wrong
wait till it does go wrong, much harder to get advise on sorting it out and working correctly - not just virus/malware that causes Macs issues either, try Apple updates.


----------



## Nanoman (Jan 17, 2009)

I've sorted 2 PC's with this in the last 3 weeks. Malwarebytes sorts it but it's difficult to get it to run - requires a few restarts and a bit of luck.


----------



## Mini 360 (Jul 17, 2009)

Chris_R said:


> Why? Because Mac makes it all go away? Wrong
> wait till it does go wrong, much harder to get advise on sorting it out and working correctly - not just virus/malware that causes Macs issues either, try Apple updates.


Apple store :thumb: Go talk to a real expert in person. Ive had mine go wrong before but was my own stupid fault and they helped me efficiently and quickly.


----------



## podgas (Apr 4, 2010)

*Free protection*

The best way to stop this happening is not to browse the web on your computer EVER :devil:as an Admin Account.
Spyware needs to Download and cant if you do not use admin rights account.
Malwarebytes is an excellent FREE bit of kit to update and run after your normal weekly VIRUS SCAN.:speechles


----------



## podgas (Apr 4, 2010)

*Free protection*

Malwarebytes Link; 
http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
:car::wave:


----------



## Nanoman (Jan 17, 2009)

podgas said:


> Malwarebytes Link;
> http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html
> :car::wave:


I'd recommend that to everyone even if they don't think they'll have problems with viruses. It's an excellent removal tool but sometimes it needs to be on the PC (it's certainly easier) if it's on the PC before it get's infected.


----------



## Chris_R (Feb 3, 2008)

Mini 360 said:


> Apple store :thumb: Go talk to a real expert in person. Ive had mine go wrong before but was my own stupid fault and they helped me efficiently and quickly.


Ah yes of course, take a day off work and take it to a store 30 miles round trip away LOL. Convenience. 
Wouldn't have helped in my case, week or so back when they released the latest update my Mac would no longer shutdown, reboot or sleep and wake unless I removed the power.
Reinstalled it about 5 times from scratch and have spent the last week picking parts out of my time machine backup by hand - no fun trying to figure out where your mail is stored or your photos that you have imported from the hard disk structure - because restoring the entire profile would put it right back to not working again. 
Gems of computers, until they go wrong like I said, NO different at all than any PC so don't think having an Apple badge saves it from going wrong!
Don't get me wrong I am HUGE Apple fan nowadays, but I hate the "fanboy" type blindness thinking that a lot of owners think that the Apple shaped badge will save it from going wrong.


----------

