Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[jimbobmccoy]

i have spent the last two weeks clearing malware of friends pc's.

two to look out for....internet anti virus and antivirus 2009.

both seem to be undetected by most antivirus programms and they also present them selve sin a way that looks like its a genuine windows warning.

Worth Googling and seeing what theyre about, as theyre a pain to get rid of, and to the unwary can look soo genuine you will fall for it.

Thought i'd let you all know, as they have a habit of defaulting your browser to their homepage, and that means no oofing, which just wouldnt do now, would it?!

[TheBoy]

i have spent the last two weeks clearing malware of friends pc's.

two to look out for....internet anti virus and antivirus 2009.

both seem to be undetected by most antivirus programms and they also present them selve sin a way that looks like its a genuine windows warning.

Worth Googling and seeing what theyre about, as theyre a pain to get rid of, and to the unwary can look soo genuine you will fall for it.

Thought i'd let you all know, as they have a habit of defaulting your browser to their homepage, and that means no oofing, which just wouldnt do now, would it?!

They are not viruses (they are malware), so not picked up by AV software.

But a bitch to get rid of, as its a self modifier.  I usually go hard in the registry when I have to fix them (if its a desktop, I tend to burn and build).

[Richie London]

i had internet antivirus and good advice on here got rid of it with a little help from malware malbytes  

[Richie London]

i have noticed sometimes whn page is loading once its done i just get a blank screen, any ideas ??

[jimbobmccoy]

i put virus as the title as i thought it'd get more notice than malware, but your right.

the antivirus one is particularly nasty, as even after you clear the registry, there is a dll that remains, so when you log on, it hijacks google and can end up causing you to reinstall it.

to completely get rid of it you need to unregiser this dll.
i learned the hard way, i cleaned a mates pc, then it showed as a google tip and they reinstalled it.
i couldnt be angry with anyone but myself for not doing a thorough job in the first place.

[jimbobmccoy]

i have spent the last two weeks clearing malware of friends pc's.

two to look out for....internet anti virus and antivirus 2009.

both seem to be undetected by most antivirus programms and they also present them selve sin a way that looks like its a genuine windows warning.

Worth Googling and seeing what theyre about, as theyre a pain to get rid of, and to the unwary can look soo genuine you will fall for it.

Thought i'd let you all know, as they have a habit of defaulting your browser to their homepage, and that means no oofing, which just wouldnt do now, would it?!

sorry, i hate being wrong. and it happens too often too pass up the chance to vindicate myself.

really petty i know, and i apologise again.

[TheBoy]

i put virus as the title as i thought it'd get more notice than malware, but your right.

the antivirus one is particularly nasty, as even after you clear the registry, there is a dll that remains, so when you log on, it hijacks google and can end up causing you to reinstall it.

to completely get rid of it you need to unregiser this dll.
i learned the hard way, i cleaned a mates pc, then it showed as a google tip and they reinstalled it.
i couldnt be angry with anyone but myself for not doing a thorough job in the first place.

A mates PC? I would have burn and build it...

[jimbobmccoy]

i have noticed sometimes whn page is loading once its done i just get a blank screen, any ideas ??

is this on a particular site, or just in general?

[TheBoy]

Only worth clearing up on servers (particularly some of our Citrix servers that seem to get hit).

[jimbobmccoy]

i'm stubborn, so to burn it would have been admitting defeat.

if i couldnt have cleaned it properly i would have had no choice but to do so, but i'm getting quite quick at it now, as i have done four different machines with it this week alone.

they've rereleased the old antivirus 2008 as a clone called 2009 hence the prevalance at the moment.

[jimbobmccoy]

Only worth clearing up on servers (particularly some of our Citrix servers that seem to get hit).

as mentioned, having done several i reckon i can clean one in 20 minutes max, which is much quicker than a rebuild.

add 10 minutes to reducate the user, (or 1 hour for an office) and i can then get on the desk and do my victory dance

[TheBoy]

i'm stubborn, so to burn it would have been admitting defeat.

if i couldnt have cleaned it properly i would have had no choice but to do so, but i'm getting quite quick at it now, as i have done four different machines with it this week alone.

they've rereleased the old antivirus 2008 as a clone called 2009 hence the prevalance at the moment.

Remember, its a bugger to clear, and stay cleared - it uses a lot of techniques to reappear after a while.  You will struggle to find definative info, as its self modifying (if you look at code, some varients are actually quite clever with it).

Burn and build its quick and conclusive resolution for desktop - but if you want to do manually for learning, thats fine

[TheBoy]

Only worth clearing up on servers (particularly some of our Citrix servers that seem to get hit).

as mentioned, having done several i reckon i can clean one in 20 minutes max, which is much quicker than a rebuild.

add 10 minutes to reducate the user, (or 1 hour for an office) and i can then get on the desk and do my victory dance

Burn and build should only take 30-45mins for XP + office etc, less if you use unattend.txt, as you don't have to look over it, just kick it off and come back later.

In a business environment, you should be using build tools - MS RIS, Altiris, or even simple imaging such as Ghost.  So 20mins max.  And, in addition, you end up with a cleaner, faster PC.


Even small businesses, such as my brother's, around 8-10 PCs - downtime is money, esp if its one of his tills.  He knows if one of his machines starts misbehaving, he immediately reboots of one of 2 DVDs (for right model PC) to put a Ghost - 2 mins to reapply Ghost image with drivers etc, then boot up (he has to provide PC name at this point), it reboots, then Group Policy comes along on next reboot and applies any software that machine should be running.  That means his Tills can be back up in 5 mins from initial problem, back-of-house PCs about 10-12mins (MS Office takes about 5mins to deploy on its own).

He knows to do this at the first sign of any misbehaving, in case it is a viral outbreak, less chance of it spreading within his networks.

[Martin_1962]

I have been collecting serials and disks ready for a rebuild, (new MB CPU HDDs keep DVD drive FDD case).

THis AV2000 or whatever I was attacked in the last week and AVG7 stopped it dead

[Grumpy]

Interesting. I picked up that 2009 Anti-Virus malware last weekend.
I was doing a search for a driver and clicked on a link thrown up
by Windows 'Live Search.' I got a pop-up, similar to an AVG anti virus
screen, and it started to pretend to search my computer and tell me
that I had 59 virus/malware/trojan etc.. on my computer.

I pulled the internet connection from the cable modem as soon as
I saw it, but it continued doing the pretend search and exhorting me
to download it's anti-virus program.

My  genuine AVG program belatedly picked it up and popped it into
quarantine. I emptied the quarantine and deleted all temporary
internet files, where it had loaded itself.

I've not had any more problems, so far, but reading the informed
replies on this thread, it would seem that there is a possibility that
it may have 'transmogrified'   itself and be sitting somewhere else,
waiting to have another pop at me.

Would it be worth formatting drive C and reinstalling? I've done this
several times on computers before, so it doesn't hold any qualms
for me. I have the genuine discs/ drivers/ product keys/ program
discs/ recovery discs etc..