Posted on 08/27/2010 5:17:00 PM PDT by SonOfDarkSkies
Earlier today, my computer (normally well-defended by strong virus protection--Kaspersky) was somehow invaded by a program which essentially shut down my ability to access the internet. It seems this program, which dominated all my browsers and gobbled up my system, did not trigger my virus protection program because it pretended to be a virus program itself.
Long story short, I found a solution (using my laptop...which was not infected) that has worked for the last few hours. I was able to download a "free" program to locate this malware by 'total' scan and delete it from my system.
This post is merely a note to any of you who encounter the same thing.
Here is the best definition I have found online of this Windows Security Suite...
[A] rogue security program from the same family as Antivirus System Pro and Spyware Protect 2009. Like its predecessors, Windows Security Suite is installed through the use of malware. Once installed, the program will be configured to start automatically when Windows starts and when run, will perform a scan and then list a variety of infections that it states resides on your computer. It will not remove, though, any of these infections unless you purchase it. Do not be concerned by what Windows Security Suite states is running on your computer as the files it detects are actually harmless files created by the program itself. It only shows these fake infection files in order to trick you into thinking you are infected in the hope that you will then purchase their program. It goes without saying that you should not do so, and if you have already purchased this program, we suggest that you immediately contact your credit card company and dispute the charges as this is a fraudulent program.Source
The above source link is the best help I have found in disabling this program. (http://www.bleepingcomputer.com/virus-removal/remove-windows-security-suite)
I don’t recommend windows security or Kaspersky I got rootkit infections with both. I run free AVG and once a week scan with free Malwarebytes
What I’d like to know is why these types of companies are not shut down and the people put in jail.
Yeah, that one and a dozen just like them, self install when you visit an infected site. Depending on how they are configured, your anti virus MAY or may NOT detect them. They also use FAKE “close” and “X” buttons, so if you visit a bad site, and some pop up asks you if you REALLY want to leave, and you click YES, it uses that YES to install itself as if you authorized it. No windows anti virus can protect you from clicking the wrong thing. Only a Mac which doesn’t use the same code is immune from those web attacks. I browse ONLY on my Mac and use Bootcamp in a Virtual Machine for my few windows apps that I still MUST have. My Windows VM is NOT allowed on the net. The only safe way to surf. Good luck out there.
That said, Malwarebytes saved me today!
I don't know how I opened my system to them...but I did and it took me six precious hours to break free.
http://www.technibble.com/rkill-repair-tool-of-the-week/
if u can get it try rkill it might help. It stopped that buy our stuff to stop this virus thing the wife’s comp got a few weeks back.
Dittos to AVG & Malwarebytes - I use those on my Windows machines. I don’t use them as much as my MacBook though.
I too have been hit many times by the same thing. Please tell me...was this virus executable called ‘Antimalware Doctor’ ?
I’d really like to hear if the same thing as I’ve been dealing with. I get hit with it about once a week and I have to stop whatever I’m doing, re-start in safe mode and hunt it down and kill it, then reboot.
Great advice. The ‘rkill’ program is the foundation of the Malwarebytes program as far as I can tell.
If your computer had an unpatched exploit (old Flash, QuickTime, Java, etc.), then it wouldn’t have mattered what security suite you had installed. Exploits get around your antivirus using programs you told your antivirus were already clean, in essence.
You need two things. First, download a free antivirus CD image and burn it (Avira, F-Secure, and BitDefender each offer one). Boot with it on the bad computer and let it clean your system. If one doesn’t find it, burn the next one.
Second, once your system is clean, download and run Secunia PSI, which is also free. Let it find your known exploitable unpatched stuff and then install the patches.
Now, I happen to think the rogue antivirus you got is one I’ve seen several times before under very slightly different names. Usually, you visit a URL from a search engine that has been infected and it passes you to a site that sends your computer to a fake but real looking antivirus screen, saying it is scanning your system, which then “finds” dozens of viruses you don’t have. If you don’t kill this browser popup successfully (which normally means turning off javascript or killing the browser’s process in Task Manager), you are presented with a screen that asks you “permission” to clean your system. You don’t want to do anything to that window. If you do, well, you are screwed. Did you notice something like this?
Anyway, get a blank CD or two and burn the ISO images (Avira also has a .EXE version that has a built-in burning program) and you will be fine once again.
“What Id like to know is why these types of companies are not shut down and the people put in jail.”
We want them to feel good about themselves.
They are simply expressing themselves differently.
Please join us celebrating the diverse community of programmers.
I had the same thing. It’s the first virus I’ve ever gotten. I’m very careful about what I click and install, so I don’t know how this sucker got in there. I followed the directions on a website and also used malawarebytes and seem to be all good now.
I recommend you always have a copy of a Linux distro like Linux Mint (http://www.linuxmint.com/edition.php?id=32) in case you cannot access Windows. Never had to use it because of malware, but it can get on the web fast. Thank God.
Mine wasted the better part of a day! Hopefully you can pick up some ideas from the posters here.
Best of luck!
“.....Only a Mac which doesnt use the same code is immune from those web attacks. I browse ONLY on my Mac...”
Good for you! My dad got a Mac because of just that. My brother has a Mac and viruses just are not an issue (wouldn’t that be nice?). Guess I’ll be a Mac head too before long.
Then you are chronically infected and you need to do what I mention in my other post.
I don't think I gave any programs access to scan my system...but somehow that program did gain access!
“Then you are chronically infected....”
LOL....I get that a lot :-)
Secunia is running now. Thanks for the tips!
Can I, or should I delete Java, and do I really need to turn off everything, including avast to update it?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.