NASTY virus warning - personal experience

[revsfan98]

Hi everyone,

I just spent the past 2+ hours debugging and scanning my computer thanks to a virus called "Antivirus Soft."  I got it last night while browsing a safe (or what you would think to be safe) website: the MSN finance section.  My Adobe reader randomly started itself, and probably downloaded the virus via an infected pdf file (although a window to view it never actually opened).

Then a few minutes later, the trouble began.  I started getting warnings from antivirus software that I was infected, only the interface window was NOT my usual antivirus program.  Suspicious, I tried to start up my own antivirus software.  It was BLOCKED!  Then, I tried to use ctrl-alt-del to stop the fake program.  Also BLOCKED!  I tried to use google to get info on what I was dealing with.  BLOCKED again!  The only website I could go to was a bogus site where these criminals try to get you to buy a full version of their fake program to remove the fake threats, but really they are just trying to steal your credit card number    Seriously, how do people live with themselves when they deliberately cause others pain and frustration like this?

When I got to work, I used the internet access to arm myself with info.  I found a very informative YouTube video and followed its directions to get back online.



This was a royal pain in the a** and I would not wish the hassle on anybody    Be careful out there...

[DaCrow]

My kids computer had that same virus last week. All these porno sites kept popping up and would freeze their computer so you could not access or close anything.
The bogus anti-virus screen kept asking if I wanted to "Protect my computer now". I'm not degreed in computer science but probably know more than the average person and I knew this was B.S.
The first thing I did was to unplug their computer from my network to stop internet access. This made managing things a lot easier because this virus kept regenerating itself.
BTW, it was imported from a media viewer app from MySpace in my case. Kids don't know any better so I didn't raise a big fuss.
I found most of the virus in the "Prefetch" and a couple of other places. Funny thing though, Trend Micro missed it on a scan but my free anti virus software wiped out what I didn't find on the first try.
I think it's good to have backup virus software. I alternate between the two and have very little problems.
If your interested, my free backup virus software came from    http://www.superantispyware.com/

P.S. Thanks for giving everybody else a "heads up". I didn't know this virus was so widespread.

[Helixius]

Wow it sounds like a dangerous virus. Hmm so it's from MSN finance section and MySpace... I wonder if it's triggered by clicking anything? Not familiar with media viewer app. For revs' case, it automatically downloaded just by visiting the site? o.O

[DaCrow]

LOOK OUT! HERE COMES ANOTHER ONE!
My daugher got another virus from Myspace today! Damnit!
It acts just like the "Anti-Soft" virus only this one is called "AntiVirus Vista 2010".
All the same bogus "Hijack" warnings and pop-ups.
The actual file is "AV.exe".
It resides in your memory and prefetch.
It looks like my free antivirus software mentioned above has found it. I'll know better after
I reboot their computer.

[DaCrow]

Aaaaahhhhhhhh!

I had no idea how bad this was until after the reboot!

The scan(s) got rid of the virus but too late for the damage!

Basically what it did was remove all the file associations from all of my programs, nothing, and I mean nothing is able to open, not even System Restore. Anything with a (.exe) became stupid and didn't know how to open.

This one is hard to repair!  It's been 2 days and I'm still finishing up on the repair. I think I have it under control. I wouldn't wish this crap on anybody.

Don't know why my software didn't catch it on the way in.

Judging by the thousands of post on different sites I'm not alone.

I'm thankful I have more than one computer. This must be really bad for somebody who has one computer and has to go to another persons computer to find the fix and flip flop back and forth.

Well, back to work!

[DaCrow]

"Somtimes even a blind squirrel will find a nut"

Hey Rev's if this ever happens again to you, try this.

After searching many sites and reading many post I saw some of the most heroic fixes for this problem.

The main issue was not being able to open any program with a (.exe) which includes all spyware and malware programs and even System Restore. How do you get rid of it if you can't access your fixes?

The most popular fix in the forums was a form of a "Reg Edit" fix. You wrote a program in note pad, saved it on your desktop and ran it from there. Too heroic for me. Having limited knowledge I thought this was a little too risky for me. Believe me, I have a strong potential to screw things up!

On a whim, I right clicked System Restore and "Run as Administrator". The System Restore program opened right up, restored everything to a "Pre Virus" state, and all is well. No "heroic" measures taken!

Ever hear of K.I.S.S.?  "Keep It Simple Stupid". It was true in this case.

[kensolar]

A friend of mine, an older Baptist Minister got the "Antivirus Vista 2010" bug last week and at his request I cured it by installing
Ubuntu Linux and just took Windows right out of the computer that I built for him. He's been a delightful happy camper ever since.
Apparently you don't have to go to a dangerous site to get it since half the apps I install for this friend are Bible study apps. It's
getting so bad out there that I'm even adding 'extra' security to my Linux computers and I never even put more than minimal security
in them 3 years ago.
     

[revsfan98]

Ken - re: dangerous sites, yeah, seems like you can get viruses like this just about anywhere.  Myspace and Facebook seem to be the biggest targets, but MSN Moneycentral and Bible study apps?!?  You've gotta be kidding me!

DaCrow - I've heard about the system restore trick to get your computer back to a pre-virus state, but I've never done one.  I guess it is simple, but my lack of experience makes me think I'm going to accidentally erase everything on my hard drive.  Ditto for the notepad trick - how do you get plain text to run as an executable file?

To top this all off, have you seen some of the new posts pretending to be people looking for help with their virus problems?  Then, at the end of the message are a bunch of links that will probably give you viruses!  These virus makers are REALLY aggressive and will stoop to any trick in the book!