Posted by: A Mom w/Fears | August 12, 2008

Watch Out – New Virus (Guest Post)

If you didn’t know, Hubby’s an IT guy.  We own our own business.   He has been cleaning up computers left and right (because of this very virus), and we thought we’d share this with all of you…my Internet Friends!   Here’s a guest post from Hubby.   He wrote this specifically for all of you!  Thanks Hubby!  Holler if you have any questions, and I’ll do what I can to help.  Good Luck Friends!  Here goes!

Have you seen this screen pop up lately?   If not, there is a good chance you will!

 

For whatever reason, the punks are at it again.  This time, they are disguising links to a program called Antivirus XP 2008 which is really just a piece of phony antivirus software that is really Malware and if you have it, you no doubt know that it has taken over your computer.  It has changed your wallpaper, made it so you can’t change it back, removed all your restore points and it won’t let up!  Your REAL antivirus software is probably going crazy because it can’t delete or quarantine it.

 

We have found and removed this from a number of computers and have also found that the mainstream antivirus software, for whatever reason, does not catch it–nor can it remove it!  We have fixed computers that are running up to date Norton/Symantec, McAfee, Trend Micro and AVG antivirus software.  Not to mention Webroot spy sweeper.  Most of them see it once it has been installed and running (how can they not!) but have not been able to get any of them to remove it.

 

We have seen this malware installed in a few different ways.  Here are a few of them….

  1. CNN News Alert email (Phony email with a link in it)
  2. Online videos from non-main stream sources (ie: not from You Tube or other legitimate news organization)  We have especially seen it with people trying to download OLYMPICS photos.
  3. Active X control downloads that pop up for no reason whatsoever when you are visiting a website.

The moral of this, at least at this point is, don’t watch video or click through emails from sources that you have not VERIFIED are legitimate, like if you don’t get CNN news alerts and all of the sudden you do get one, it’s probably fake.

 

Keep your head up though!  Thanks to many posters on www.Experts-Exchange.com (By far one of the best IT troubleshooting resources on the web), we have been able to find a solution and fix to this program.  Here is what we have done. 

  1. Download Malwarebytes Anti Malware software (This is a free download from Malwarebytes) http://www.malwarebytes.org/mbam.php).
  2. Install the software and run the update
  3. Run what is called a QUICK SCAN of your computer
  4. If this is your only infection, it will likely come back with 60-80 infected files
  5. Tell it to remove ALL of the infected files
  6. Reboot your computer and AntivirusXP2008 should be gone!

 
B
ut wait… There’s more!!  After you have rebooted, do the following…

  1. Right click on my computer, choose properties then choose the System Restore Tab
  2. CHECK the box that says turn off system restore.
  3. Accept the warning and Apply
  4. Now UNCHECK the box that says turn off system restore to turn system restore back on and your computer will start making valid restore points again.
  5. Go to Add Remove programs and remove the Malwarebytes anti malware program.  (Though this may not be necessary), we have been doing this since it is not a program that we want to train on for our clients at this juncture.

So far, this solution has been working for us on our client’s computers so we thought that we would share it with you.

Advertisements

Responses

  1. Good luck with that… I’m a Macgirl, myself!

  2. Thanks for the heads up. Appreciate that!


Categories

%d bloggers like this: