MS AntiSpyware 2009 Alert

tcleve4911

Any been infected with this Trojan & virus???
I have been infected by connecting to a link from this forum.
Not the forum's fault - just letting others know & asking for advice on getting rid of it.

__________________
Back in Maine
Dubbin' Around
Doin' good stuff ......

mdshunk

I think you are misinformed. You can't be infected by following any web link.

Mike Finley

You can, as soon as you go to the website it downloads the little bastard. I've had it done to me. This thing is the newest rage that one and defender 2009, they don't do anything to you, they just try to make you think you are in need of downloading a free program to fix your computer and then they try to get you to pay for it.

I just got rid of that freak'n thing last weekend.

Try this.

Restart your computer in safe mode press F8 on start up
Open up windows explorer
go to Local Disk (C)
Now onto folders:
Documents and Settings
* now find the folder with your user name & click it *
find a folder called Application Data
then a folder called Google (this isn't your real google folder on your computer, that little bastard program placed this one here hoping you will not look at it because it seems legit.

INSIDE the Google folder DELETE all the folders and files you find

If when trying to delete them you get an error telling you it's in use, or read only or whatever, this is the virus knowing you are going to try to delete them.

All you have to do is rename the folder or file to something else - the virus won't know the new name and you can then delete them.

Restart and you should be okay.

TBFGhost

....nice...

SquirrelNmoose

It's not that easy. It installs as a progam, meaning it leaves files all around. Also make sure you run a known good antivirus scan after removal, some variants of it will also open your system for other virus /trojan software.

This is a version of the Antivirus 2008, Antivirus 2009 and now there is a Antivirus 2010 and MS Antivirus.
These are all version of a widely spreading rogue program.

The reason many people are getting this is you get a pop up from a compromised website displaying a message stating you are infected and it displays a made up list of file names. The logo it uses is the MS security logo, so this is very misleading. If you get this popup use the alt+F4 to close the window. Some versions direct any clicked button to download (including the X close button).

Do a search for Antivirus 2008 or 2009 and you will find much more info.
Also a recent variant I removed seems to have traveled across a home network infecting onthers on the network.

It also blocks or redirects you from sites that will remove it. So you may have to download info/software to remove it from another system.

Here is a link with good removal info.
http://www.bleepingcomputer.com/malw...e-ms-antivirus
http://www.2-spyware.com/remove-ms-antivirus-2008.html

As always running as a limited user (not user account with administrator privlages) should avoid any infections that try to make system changes.

__________________
Len,
"There is no charge for Awesomeness"
A view through the eyes of SquirreNmoose

Max Nomad

Biggest problem = Internet Explorer. Don't use it unless absolutely necessary. Instead, download and install Mozilla's Firefox web browser. It's far more secure. http://www.mozilla.com/en-US/firefox/

It also wouldn't hurt to download and install "Spybot Search & Destroy"
http://www.safer-networking.org/ . After the install, do the update, use the immunize feature, then do a scan and remove.

By using these two programs on my remaining Windows XP and Vista PCs, it's been over 5 years since I've had any major spyware/adware/pop-up problems.

__________________
Majestic-Tile, a division of Majestic Home Improvement, LLC.
http://www.majestic-tile.com/
My Publishing Company and Graphic Design Portfolio:
http://www.bgpublishing.com/

mrmike

I have just went thru this same thing with a rebuilt Computer that I bought for a spare. It is a shame that these people cannot be stopped. I have had a Fake security site downloaded on my computer before & they end up destroying it, & they also have all of your personal Info !! Do not bite on them ! Get rid of it ! I could not do anything with this computer with all their pop-ups & my screen freezing etc.
Google Antivirus 2009 & you will see. There is a site there to download Malware which will get rid of this Fake! It works & my computer is now fine.
I will try to come back with the site........Mike

mrmike

I checked back & it is the second website that comes up when you google antispyware 2009.It is the CNET site The post I followed is #5 because of his feedback of good results. Follow his instructions & you can even click on his "here" to get started to download Malwarebytes which will get rid of this Fake.

tinner666

IE won't allow pop-ups, so I'm OK I guess. First I've heard of it.

__________________
Frank Slate Roof Repairs, Richmond, Va.

Max Nomad

Only recently has IE allowed for the blocking of pop-ups and even still that is a small part of its problems. The rest are BHOs (Browser helper Objects) and ActiveX, both responsible for dozens (if not hundreds) of security vulnerabilities annually and has been for over a decade now.

Whether its through BHOs or ActiveX controls, both are commonly used loading points that even a half-assed spyware/malware/trojan/worm coder will use to write something that'll take control over a relatively insecure PC with a simple mouseclick, even if it's just a link on a booby-trapped page -- no pop-ups needed.

A few articles to elaborate on this for the geek-at-heart:

http://www.zdnet.com.au/insight/secu...9153405,00.htm

http://www.securityfocus.com/news/11403

__________________
Majestic-Tile, a division of Majestic Home Improvement, LLC.
http://www.majestic-tile.com/
My Publishing Company and Graphic Design Portfolio:
http://www.bgpublishing.com/

Celtic

MSIE is a dinosaur invented by Al Gore.

Give Firefox [or any Mozilla branded browser ] a try ~ I guarantee you will never use MSIE again.

Along with a browser vastly superior to MS IE, you can add a host of additional features for security and personalization.

__________________

SquirrelNmoose

Generally this is true. But in this case it doesn't matter what browser.

Not the case either. Which is another reason it is so effective. People are assuming that if popups are disabled and a window opens with the windows security logo, it must be a legit warning from their system. Most popup blockers will not block this because it is using scripting to display the windows. If you disable scripting in your browser you shouldn't be affected.

There is even a Mac version.
http://www.cnet.com.au/software/secu...9285176,00.htm

__________________
Len,
"There is no charge for Awesomeness"
A view through the eyes of SquirreNmoose

tinner666

Well, SpyWareBlaster doesn't seem to support Opera yet. I've used Firefox, but prefer the cookie control in IE. I get to specify which site can apply one. I have about 10 sites allowed to bypass it's cookie blocker. And CC erases them about 10 minutes after i enter.

__________________
Frank Slate Roof Repairs, Richmond, Va.

Celtic

Here are 113 add-ons for firefox that were the result of a "cookie" query:

https://addons.mozilla.org/en-US/fir...cookie&cat=all

__________________

tinner666

Pretty neat stuff. IE has the white list built-in and doesn't need an add-on. I admit I got tired of trying add-ons for FF.

__________________
Frank Slate Roof Repairs, Richmond, Va.

tinner666

Here's my stock reply when people ask how to set up IE.
Adaware and Spybot usually come up clean

if IE6& IE7 controls are set correctly.

I usually find 1 or no items every week.
How can a "cookie manager" beat IE6's

controls? If you use iespyad, spysites,

and SpywareBlaster, they load almost 7K

of
restricted cookies into the block list.
I have 1st. and 3rd. party cookies

blocked 24/7, always allow session

cookies checked,( session cookie has to

be checked
to work with edit features), and under

edit button,( "sites" with SP2) I only

have 7 ( I think) sites on the allow

list
which will act like a firewall "pass

list". If I don't delete cookies for a

year, and look in cookie folder, I never

find
more than the 7, and that's only if I

visit all 7 sites during the year.
Set Tools, Internet Options, Privacy,

Advanced, Block 1st. and 3rd. Party

cookies; Check "Always allow session

cookies",
hit OK. THEN Click EDIT,(or SITES) in

SP2, Type in or paste paypal.com for

instance, Click allow. Check OK as you

close
each menu. After a year of surfing,

that's the only cookie to be found in

that folder.
YOU WILL KNOW WHEN A SITE YOU NEED

WON'T WORK AND CAN ADD THAT SITE AT THAT

TIME IF IT'S NECESSARY.
One Caveat; Excite sets a tracking

cookie, and after every update of

SpyWareBlaster, I have to locate it at

bottom of
list, and right click, select Ignore

list and addit to the ignore list, or

uncheck excite, pick Remove Protection.
PS: Now clear all cookies for a fresh

start. Clear temp files regularly.
SpywareBlaster preloads your "White

List" with thousands of Bad sites on the

Block List in Internet Explorer.
A sidebar: Get Camtech2000's free

version of Spysites. It not only loads

restricted sites into Internet Explorers
'Restricted Zone',
but it tells you what each site puts on

your computer. Read their " worst

offender" list. Some "cookies" have
java script viruses. Get updates through

it's help menu.

Be sure to download CCLeaner from

http://www.ccleaner.com/ and run it

every day!

If you use AOL browser, you have to open

IE window to set the controls.

__________________
Frank Slate Roof Repairs, Richmond, Va.

Celtic

Maybe I don't agree with IE's white/black list




With 113 choices for cookie alone....that is completely understandable

__________________

tinner666

It's cool and makes for interesting discussion. And who knows, somebody here using IE's default settings learned something and it will help. Some others will decide to switch to FF.

Whatever it takes to keep us safe is good!

__________________
Frank Slate Roof Repairs, Richmond, Va.

Celtic

Agreed



One may also find this of interest:
Why I can't get enough of Windows 7

What scares me about Windows 7

__________________

Mike Finley

Well? Did you find the google folders?