Page 1 of 1
New Fake Antivirus.....Caution
Posted: Wed Aug 18, 2010 9:59 pm
by computerfixerguy
Just wanted to remind you folks to update your antivirus, anti malware, and anti spyware and run a full system scan.
Ive just gotten 2 computers back to back that are both infected with what appears to be the latest round of the fake antivirus variant calling itself AntiMalwareDoctor.
This variant is much more insistent about not being removed, mess with it too much without knowing what you are doing and you may find yourself locked out of windows.
laterz,
computerfixerguy
Re: New Fake Antivirus.....Caution
Posted: Wed Aug 18, 2010 10:12 pm
by Mike1951
MalwareBytes' Anti-Malware is the only one I trust to be both legitimate and effective.
The same goes for Avira AntiVir.
Re: New Fake Antivirus.....Caution
Posted: Thu Jan 13, 2011 9:14 pm
by Lu1g1
This is really a disastrous virus. If you encountered this virus, you need to have an updated anti-virus. I am also worried about this virus because it can cause real damage to computer.
Re: New Fake Antivirus.....Caution
Posted: Thu Jan 13, 2011 9:44 pm
by pbwalker
it's times like this where I am soooo glad I don't use a windoze machine anymore...
Re: New Fake Antivirus.....Caution
Posted: Thu Jan 13, 2011 9:55 pm
by baldeagle
You get the fake antivirus because either Adobe Reader, Java or Adobe Flash is not up to date. Make sure you keep all of those up to date all the time.
Re: New Fake Antivirus.....Caution
Posted: Mon Jan 31, 2011 5:20 pm
by WarHawk-AVG
TxLobo wrote:in reference to this..
I had a fun one at the start of the week that I had not run into before..
the computer would flash up that IE had been blocked by Microsoft Security Essentials due to being infected with a Win32 Trojan. Would I like to clean the infection?
I isolated the box and played with it for a bit.. if you agree to the "cleaner" it opens and starts searching for ANY anti virus/malware removal program that you have on your computer and will delete it.
Ended up I had to run rkills to stop the hidden processes, then I was able to install a fresh copy of Malwarebytes.. (if you tried to use the existing one, it would tell you it was infected and block it from running) .. Then you were able to clean the machine.
the trojan drops a file with the same name as a microsoft NT update called "hotfix.exe"
I use Malwarebytes, combofix and follow up with a separate independent scan from Eset.
Quick fix for that
A. Reboot in safe mode w/ networking
B. run msconfig, in there you will see a program with a really funky name, and it will be running from a "temp" dir, uncheck/disable it
C. Reboot in safe mode w/ networking (the program/services no longer running) update all anti-virus/malware, run what you can (sometimes they wont run in safe mode)
D. Reboot regular, re-run...you should be clean
Apply the hosts thing I have been posting about...my cousin keeps infecting her computer by doing facebook and junk...put that hosts entries in there..clean as a whistle for quite some time now.