Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Antivirus XP 2008
Threat Center- Spyware and Virus Removal ^ | 7/30/2008 | Webmaster

Posted on 08/17/2008 1:24:34 PM PDT by AZFolks

Antivirus XP 2008 By: webmaster | Under: Unwanted Programs 26

Jun

Updated: July 30, 2008

Antivirus XP 2008 is a bogus antivirus application for Windows that was promoted and downloaded automatically by redirecting users internet browser to its predefined website.

Aliases: Adware.AntivirusXP2008

Risk Level: Medium

File Size: Varies

Affected System: Windows

Common Symptoms: 1. Redirects web broswser and pop-up scan results. It will then prompt the user to buy the licensed software.


TOPICS: Computers/Internet
KEYWORDS: spyware
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-83 next last
To: library user

No problem.

Bleeping Computer is good, G2G I duck in to from time to time to solve some weird issue that I’m working on, and Spywarewarrior.com is a long-time trusted source for getting rid of malware.

Backing up your important stuff is of paramount importance, just in case something really bad happens. I have a 500 GB USB external drive and a copy of Acronis True Image. I do a complete bare-metal-restore capable backup about once a week. No sooner had I bought all of that stuff than I had a hard drive failure. Next day, I stopped by Microcenter on my way home from work, bought a replacement hard drive, booted off of the Acronis CD, did a full restore, and I was back in business in about an hour.


61 posted on 08/17/2008 5:32:35 PM PDT by Riley (The Fourth Estate is the Fifth Column.)
[ Post Reply | Private Reply | To 57 | View Replies]

To: Riley; ShadowAce; Lazamataz; Nick Danger; Interesting Times; John Robinson; All

From an old LangaList Standard (free version) newsletter I clipped this:


Most of the better disk imaging tools, and all of the file-oriented backup tools, let you restore on a file-by-file or a folder-by-folder basis. For example, my favorite imaging tool, Terabyte Unlimited’s “BootIt” ( http://www.terabyteunlimited.com/bootit-next-generation.htm ) ...

The online version was publicly posted but the site is reorganizing following a merger and seems not to work. (see Article 3)

http://www.langa.com/newsletters/2005/2005-01-31.htm

Here is an archived link to the entire online version.
http://web.archive.org/web/20071021044355/http://langa.com/newsletters/2005/2005-01-31.htm


62 posted on 08/17/2008 5:33:15 PM PDT by The Spirit Of Allegiance (Public Employees: Honor Your Oaths! Defend the Constitution from Enemies--Foreign and Domestic!)
[ Post Reply | Private Reply | To 58 | View Replies]

To: AZFolks

Ping


63 posted on 08/17/2008 5:34:53 PM PDT by WesRM
[ Post Reply | Private Reply | To 60 | View Replies]

To: browardchad

And related to your comment, the Folding@Home stuff hardly seems worth the network risk....


64 posted on 08/17/2008 5:39:10 PM PDT by The Spirit Of Allegiance (Public Employees: Honor Your Oaths! Defend the Constitution from Enemies--Foreign and Domestic!)
[ Post Reply | Private Reply | To 55 | View Replies]

To: browardchad
All of the attacks weren't coming from conscious actors. It's estimated that a ridiculous amount of oblivious home users, worldwide, are running infected systems which are potentially attack vehicles for whomever happens to "pawn" their systems.

Exactly right. The Washington Post did something useful for once, and ran an article about botnets:

Invasion of the Computer Snatchers

Good intro for users.

65 posted on 08/17/2008 5:40:52 PM PDT by Riley (The Fourth Estate is the Fifth Column.)
[ Post Reply | Private Reply | To 55 | View Replies]

To: Army Air Corps
I had to remove from one at work, but luckily it was a Lenovo that backup once a week, so I just restored to the latest backup.

Another user has it on a home computer and I have been trying to help him with this also.

66 posted on 08/17/2008 6:27:23 PM PDT by w1andsodidwe (Jimmy Carter(the Godfather of Terror) allowed radical Islam to get a foothold in Iran.)
[ Post Reply | Private Reply | To 3 | View Replies]

To: AZFolks
There are a number of different "strains" of this nasty piece of work. In and of itself, it's what can be described as "Extortion-ware." However quite a few "bad guys" have grabbed it and piggybacked all sorts of nasty trojans and keystroke loggers along with it. A buddy of mine got hit by it, and it was impossible to safely remove. In fact, it even infected the HP system restore files on the hidden partition. Among other things, it locked out the Administrator's account, disabled regedit and other system utilities using policies.

The only thing I could do was boot the infected system to BARTS, and then copy the files they wanted to save to another system with functional AV... Then wipe the disk and do a fresh install off of DVDs they had to order from HP. It was UGLY.

Mark

67 posted on 08/17/2008 6:44:44 PM PDT by MarkL (Al Gore: The Greenhouse Gasbag! (heard on Bob Brinker's Money Talk))
[ Post Reply | Private Reply | To 1 | View Replies]

To: Nightshift

gnip...


68 posted on 08/17/2008 6:49:38 PM PDT by tutstar (Baptist Ping list - freepmail me to get on or off.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: js1138
These are just a few of the things I noticed. They can be fixed by editing the registry, but how do you know if you got them all? Time for a clean reinstall.

In the strain I saw, it also disabled regedit and regedt32. I was able to bring the system up using BARTSbut what I found was that these issues were not done through the registry, but through policies. I also found that it disabled control panel, mmc, and the ability to run programs...

And like you, I did a clean install: But since this was an HP with the installation files on the hard drive, I checked out some of the cab files and noticed that a few files have been changed, so I had my buddy order the recovery DVDs from HP, and completely wiped the disk and did a fresh install.

Mark

69 posted on 08/17/2008 6:57:08 PM PDT by MarkL (Al Gore: The Greenhouse Gasbag! (heard on Bob Brinker's Money Talk))
[ Post Reply | Private Reply | To 24 | View Replies]

To: MarkL

If you are going to engage in unsafe browsing, best not be an administrator.


70 posted on 08/17/2008 7:09:53 PM PDT by js1138
[ Post Reply | Private Reply | To 69 | View Replies]

To: MarkL
There are a number of different "strains" of this nasty piece of work. In and of itself, it's what can be described as "Extortion-ware." However quite a few "bad guys" have grabbed it and piggybacked all sorts of nasty trojans and keystroke loggers along with it.

See, and that's why I wouldn't trust anything short of a full format and re-install (or trusted image, of course) with an infection of this nature. You can't know what extras your particular version brought with it.

Rootkit keyloggers are no joke. This particular virus is un-typical in that it makes its existence on the system abundantly clear. Most malware these days are designed specifically to lay low and only use resources in ways unlikely to alert the user that their system is compromised. Piggy-backing on a noisy decoy delivery system (this virus) would be a very plausible vector into the system for a keylogger, porn spambot or other malware to take.

71 posted on 08/17/2008 7:32:44 PM PDT by MichiganMan (So you bought that big vehicle and now want to whine about how much it costs to fill it? Seriously?)
[ Post Reply | Private Reply | To 67 | View Replies]

To: js1138
If you are going to engage in unsafe browsing, best not be an administrator.

I agree with the point about  running as an Administrator  (although for Windows users that means you're either running a crippled system that won't install or run a variety of software, especially games, in "User Mode" on XP, or you're compelled to upgrade to Vista)

But I believe that labeling browsing as "Unsafe" can be a bit of a distinction without a difference.  Consider:

Washington Post:  Three Quarter of Malicious Web Sites Are Hacked

PC Magazine: Study: 60 Percent of Top Sites Involved in Online Attacks



72 posted on 08/17/2008 7:51:26 PM PDT by MichiganMan (So you bought that big vehicle and now want to whine about how much it costs to fill it? Seriously?)
[ Post Reply | Private Reply | To 70 | View Replies]

To: MichiganMan

AOL, Facebook, Geocities, Google’s Blogspot and Google Pages, and Rapidshare, Hubbard said.

Most of the Web sites either hosted malicious content or silently redirected visitors from trusted pages to hostile sites. Hubbard said the redirect most favored by attackers is at DoubleClick, one of the Internet's largest online ad companies

LOL. I wouldn't go to most of these sites from a business computer, and at home I would be on my toes.

Spyware Blaster puts doubleclick and a thousand other ad servers in the restricted zone. You will never request anything from them.

73 posted on 08/17/2008 7:58:59 PM PDT by js1138
[ Post Reply | Private Reply | To 72 | View Replies]

To: js1138
These are just a few of the things I noticed. They can be fixed by editing the registry, but how do you know if you got them all? Time for a clean reinstall.

Yup. The only solution when you've been rooted is reinstall from trusted media.

74 posted on 08/17/2008 9:49:06 PM PDT by zeugma (Mark Steyn For Global Dictator!)
[ Post Reply | Private Reply | To 24 | View Replies]

To: js1138
If you are going to engage in unsafe browsing, best not be an administrator.

Actually, he wasn't browsing - He got hit by an email attachment. Using Outlook or Outlook Express, I'm not sure which. And he had the preview pane turned on, which it seems launched the installation before he could delete the email. I'm not 100% sure how he got hit, since he doesn't really know much about computers. But he did set up his computer himself, and of course, when Windows prompted him to set up a user account, it set up the account with administrative privileges.

Mark

75 posted on 08/18/2008 5:03:48 AM PDT by MarkL (Al Gore: The Greenhouse Gasbag! (heard on Bob Brinker's Money Talk))
[ Post Reply | Private Reply | To 70 | View Replies]

To: MichiganMan
See, and that's why I wouldn't trust anything short of a full format and re-install (or trusted image, of course) with an infection of this nature. You can't know what extras your particular version brought with it.

Having once worked in an environment that required C2 level security, I'm a strong believer in the "once a system's been compromised, it can no longer be trusted."

Anytime my home computer is flagged by AV or other malware software, out comes the big guns, and I run all sorts of scans, just to play it safe.

It doesn't happen very often, and in fact, nearly all are false positives (like when I switched to Avast, it flagged a bunch of my files as false positives.)

Mark

76 posted on 08/18/2008 5:07:51 AM PDT by MarkL (Al Gore: The Greenhouse Gasbag! (heard on Bob Brinker's Money Talk))
[ Post Reply | Private Reply | To 71 | View Replies]

To: MarkL

A clean Windows install replaces all system files and replaces the registry. I do this, not often, but more than a dozen times so far. It leaves documents intact. Any lurking virus files are disconnected from the registry and will not run unless manually activated.

Presumably the first thing to be reinstalled would be a fresh copy of the virus scanner, which should find any malware files. It it doesn’t, you’re screwed anyway.


77 posted on 08/18/2008 7:47:27 AM PDT by js1138
[ Post Reply | Private Reply | To 76 | View Replies]

To: AZFolks

I just got finished fixing a PC after this nasty infected it. In the end, to fix the corrupted files I had to wipe her clean and reinstall Winders. What a pain.


78 posted on 08/18/2008 8:31:59 AM PDT by Bloody Sam Roberts (There are many kinds of love. As for me, nothing swells the heart quite like love of country.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: AZFolks

Having read all the comments in this thread, I know most of the technical comments would be incomprehensible to the average computer user - the kinds of people that turn to me for help. Many of you are highly technical, but most users aren’t. They either don’t realize how bad the security problem is, or else they try to ignore the problem and keep computing until the PC won’t run. After my son’s Windows PC got clobbered a few times, I decided to make a radical change. Now he boots his PC from a Ubuntu Linux CD. There is nothing for a virus or worm to corrupt, because a CD cannot be overwritten. In the unlikely event that the Linux session was ever compromised, you turn off the PC and poof! the virus is gone. I’m running the FireFox browser on a Linux PC right now and it looks just the same as if running on a Windows PC.


79 posted on 08/18/2008 1:17:06 PM PDT by TexasRepublic (When hopelessness replaces hope, it opens the door to evil.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: js1138

It asked me whether I wanted to d/l the file...does it not give the option to some people?


80 posted on 08/18/2008 5:57:52 PM PDT by Gondring (I'll give up my right to die when hell freezes over my dead body!)
[ Post Reply | Private Reply | To 24 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-8081-83 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson