My wife got one of those fake anti-virus virus where it claims you have a virus and thus wants you to buy thier product to remove it. I have Microsoft Sercurity Essentials and it got through. It would not let me run MSE to find or remove it and screwed up my desktop etc. I downloaded Malwarebytes as advised on the Geek site and easily removed it in safe mode. Now I'm wondering about MSE and should go back to another free anti-virus program?? What else is good?.. thanks
Fake anti-virus virus
- Thread starter Blaze
- Start date
- Status
well, these fake antivirus carap is actually coming from organised crime rings in the former eastern European block, supported by SW developers with regular updates (a cat and mouse game, to beat the AV/malware protection).
Guess this is the most "recent" updates that your MSE hasn't pick up on.
Just give it a couple more days before you re-install MSE and it will be properly protected.
Q.
Guess this is the most "recent" updates that your MSE hasn't pick up on.
Just give it a couple more days before you re-install MSE and it will be properly protected.
Q.
This is one of the Trojans going around the internet. There are some also for Apple O/S going around too.
Friend of mine in the computer business works mainly on Apple computers and now that Apple has become more popular they are being attacked too.
Friend of mine in the computer business works mainly on Apple computers and now that Apple has become more popular they are being attacked too.
I was going to jump in here and suggest Malwarebytes, but I see it already worked for you. What you got wasn't a virus, so switching "back to another free antivirus" wouldn't do you any good. Keep malwarebytes around and run a scan every once in awhile. You don't need it on all the time.
- Joined
- Sep 26, 2010
- Messages
- 9,807
Originally Posted By: Popinski
Anti-Virus programs won't stop it from coming in. You just have to be careful and not go to bad sites...
Yup. What she needs is a good pop-up blocker as it sounds as she clicked on something on a web page and willingly allowed an app to install.
Some of the anti-malware such as SpyBot may have helped prevent it though.
Anti-Virus programs won't stop it from coming in. You just have to be careful and not go to bad sites...
Yup. What she needs is a good pop-up blocker as it sounds as she clicked on something on a web page and willingly allowed an app to install.
Some of the anti-malware such as SpyBot may have helped prevent it though.
You got lucky. That was some easy malware to remove. Try it when everything is disabled, no safemode, no task manager, no restore points, no internet connection/proxied to he**, and any .exe that has anything to do with antivirus/antimalware software is diasabled.
Something handy is RKill. It is a cmd scanner that disables malware so you can actually find it and remove it. http://www.bleepingcomputer.com/download/anti-virus/rkill
All the files are the same, but have different names in case it is recognized by the infection.
Something handy is RKill. It is a cmd scanner that disables malware so you can actually find it and remove it. http://www.bleepingcomputer.com/download/anti-virus/rkill
All the files are the same, but have different names in case it is recognized by the infection.
gathermewool
Site Donor 2023
The most important thing to do when anything pops up that you didn't expect is to open up the task manager and end all instances of your internet service provider. I've recently had a few pages on facebook lead to a pop up that would not let me click on anything in the browser outside of the popup. It wanted me to click on the OK or DECLINE button to receive my FREE IPAD2 or whatever. I thought I could be quick enough into the page to report it before the popup, but after a few tries I gave up.
After removing the Trojans make sure you check the Security Center settings located in Control panel. Make sure Firewall, Windows Update and Virus Protection are all turned on!
Honestly, it's quicker and 100% effective to backup your data and reload the OS. It's what our company does. 90 minutes @ 100% effective vs 120 minutes+ @ 50% effective.
There is absolutely no anti-malware software that is 100% effective. I would not advise dropping MSSE if you are otherwise happy with it. Personally I use the free version of avast! and love it, but MSSE is rated well.
I used to be very much "into" security software... Back when I was a software engineer. What I found was that Kaspersky, Avira, all of them--failed sometimes. There is absolutely no perfect product.
What you (the OP) did was the best solution: Use a separate scanner. Unless you have a good reason to, don't just dump your existing AM solution.
I used to be very much "into" security software... Back when I was a software engineer. What I found was that Kaspersky, Avira, all of them--failed sometimes. There is absolutely no perfect product.
What you (the OP) did was the best solution: Use a separate scanner. Unless you have a good reason to, don't just dump your existing AM solution.
Originally Posted By: gathermewool
I've recently had a few pages on facebook lead to a pop up that would not let me click on anything in the browser outside of the popup. It wanted me to click on the OK or DECLINE button to receive my FREE IPAD2
No matter where you click on the pop up it will begin installing. Try hitting Alt/F4, multiple times if necessary - it will close the active window, in this case the pop up.
Tom NJ
I've recently had a few pages on facebook lead to a pop up that would not let me click on anything in the browser outside of the popup. It wanted me to click on the OK or DECLINE button to receive my FREE IPAD2
No matter where you click on the pop up it will begin installing. Try hitting Alt/F4, multiple times if necessary - it will close the active window, in this case the pop up.
Tom NJ
I just had one show up today I used Alt/F4 until I had my desktop back and things seem normal according to SpyBot
Originally Posted By: punisher
You got lucky. That was some easy malware to remove. Try it when everything is disabled, no safemode, no task manager, no restore points, no internet connection/proxied to he**, and any .exe that has anything to do with antivirus/antimalware software is diasabled.
Something handy is RKill. It is a cmd scanner that disables malware so you can actually find it and remove it. http://www.bleepingcomputer.com/download/anti-virus/rkill
All the files are the same, but have different names in case it is recognized by the infection.
my wife got one of these viruses. it was a pain in the butt to remove, I had to use bleepingcomputer.com to find a fix to remove it. like you said, no safe mode, no icons, no restore point,no internet connection, . so I had to download everything on a flash drive, then open on the infected pc to destroy the virus. now I'm back to normal here.
You got lucky. That was some easy malware to remove. Try it when everything is disabled, no safemode, no task manager, no restore points, no internet connection/proxied to he**, and any .exe that has anything to do with antivirus/antimalware software is diasabled.
Something handy is RKill. It is a cmd scanner that disables malware so you can actually find it and remove it. http://www.bleepingcomputer.com/download/anti-virus/rkill
All the files are the same, but have different names in case it is recognized by the infection.
my wife got one of these viruses. it was a pain in the butt to remove, I had to use bleepingcomputer.com to find a fix to remove it. like you said, no safe mode, no icons, no restore point,no internet connection, . so I had to download everything on a flash drive, then open on the infected pc to destroy the virus. now I'm back to normal here.
Why do folks browse with admin rights?
These things can't install if you don't have admin rights, do they?
These things can't install if you don't have admin rights, do they?
OVERKILL
$100 Site Donor 2021
Originally Posted By: javacontour
Why do folks browse with admin rights?
These things can't install if you don't have admin rights, do they?
They install to the Default User profile or the active user profile. So while they may not affect other accounts, they can sure wreak havoc on the one you are using. And if it is an admin account then yeah, it can get a lot worse.
Why do folks browse with admin rights?
These things can't install if you don't have admin rights, do they?
They install to the Default User profile or the active user profile. So while they may not affect other accounts, they can sure wreak havoc on the one you are using. And if it is an admin account then yeah, it can get a lot worse.
I'm trying to encourage my wife to use google chrome. I heard chrome has a sandboxie built in, so you don't have to worry about these fake viruses installing. my wife uses firefox though, I gave her a tongue lashing about using chrome or even the sandboxie we have installed
Originally Posted By: javacontour
Why do folks browse with admin rights?
These things can't install if you don't have admin rights, do they?
Some can IIRC depending on how they are "delivered" to the system (javascipts and broswer helper objects).
Sandboxie is a good program (though you have to pay for it) which can be set to run programs such as your browser in a "sandbox" where they can't make changes to the machine. Its basically like running a mini virtual machine for those specific programs.
Originally Posted By: Dan55
After removing the Trojans make sure you check the Security Center settings located in Control panel. Make sure Firewall, Windows Update and Virus Protection are all turned on!
Definitely. If they aren't and you can't turn them back on, there are a couple of easy fixes using the command line IIRC.
OP might want to run HitmanPro3.5. Its free to use indefinitely as a scanner. If you activate the removal feature, its a 30day trial. A quick scan with it will tell you if there is anything that has been overlooked. Top notch program that can remove many nasties missed by other programs.
Combofix is another good last resort tool as well.
Also I suggest Firefox with Adblock and Noscript if security from these types of infections is a concern. Noscript is a bit of a pain at first since it may disable some functionality of some web pages until you whitelist them but will prevent most of these infections.
Why do folks browse with admin rights?
These things can't install if you don't have admin rights, do they?
Some can IIRC depending on how they are "delivered" to the system (javascipts and broswer helper objects).
Sandboxie is a good program (though you have to pay for it) which can be set to run programs such as your browser in a "sandbox" where they can't make changes to the machine. Its basically like running a mini virtual machine for those specific programs.
Originally Posted By: Dan55
After removing the Trojans make sure you check the Security Center settings located in Control panel. Make sure Firewall, Windows Update and Virus Protection are all turned on!
Definitely. If they aren't and you can't turn them back on, there are a couple of easy fixes using the command line IIRC.
OP might want to run HitmanPro3.5. Its free to use indefinitely as a scanner. If you activate the removal feature, its a 30day trial. A quick scan with it will tell you if there is anything that has been overlooked. Top notch program that can remove many nasties missed by other programs.
Combofix is another good last resort tool as well.
Also I suggest Firefox with Adblock and Noscript if security from these types of infections is a concern. Noscript is a bit of a pain at first since it may disable some functionality of some web pages until you whitelist them but will prevent most of these infections.
Seeing this a lot now.
Fortunately they are not had to remove, most of the time.
Fortunately they are not had to remove, most of the time.
- Status
