Nastiest Malware I have come across....

[Mark42]

I picked up a "Malware" virus yesterday. Called AntiSpy Gold and Antivirus Gold, its especially infuriating, because it was written by a company that supplies virus protection.

What it does is downloads itself without your consent, (I think I got it downloading a "free" trial version media player) and then every few minutes, issues a warning (a flashing icon in the system tray, and a bubble message) that your PC in infected with a popular known virus. When you click on the message to make it go away, it opens a browser and takes you to the AntiSpy Gold website to purchase their virus protection. This cycle goes on every two to three minutes. It also downloads more "malware" telling you that you need more protection, and more pop-up messages. It imitates the Windows "Security Center" window so well, I had to double check that it was not really Microsoft Firewall telling me that there as a problem.

After wasting a half hour of my time deleting cookies, registry entries, load libs, DLL's, etc and rebooting, Anti Spy Gold was right there in my face.

BTW, neither Mcafee, Spybot, Ad-Watch, or Ad-ware were able to detect (and therefore remove) this virus.

I did finally find a program someone wrote to get rid of this sort of malware. I downloaded it (very cautiously) and was able to delete the virus from my PC.

I sent a few emails off to the AntSpy people asking them how to remove this advertising virus from my PC, but I doubt I will get a response. How do these people expect to sell something with such a vicious attack on you?

Here is a link to the virus fix, you might want to download and save this program just in case:

http://www.bleepingcomputer.com/forums/topic22397.html

 

[i386]

Re: Nastiest Malware I have come across....

How do these people expect to sell something with such a vicious attack on you?

They are betting that people will buy it because "the computer said i was infected and needed this to fix it."

It's funny, I Googled Antivirus Gold. All I can find is info on how to get rid of it. I don't see anywhere to buy it. Not that I would.

 

[Mark42]

Re: Nastiest Malware I have come across....

Yeah, I doubt that their virus protection program does anything. Might just download a free copy of spybot or something similar and run it. I don't know and I don't want to find out.

This company is located in Australia, I believe.

SOB's should be shot.

I think I'll write a program to shoot off an email with a medium size attachment screen shot of thier product in action. Make the program send the email every two or three minutes. See how their support server likes the load.

 

[MikDee]

Re: Nastiest Malware I have come across....

I usually reset the computer back in time, and hope that gets rid of it! If not, I'd be screwed, I'm not that computer literate.

 

[gonefishie]

Re: Nastiest Malware I have come across....

I bet it's a scam that came with the freeware. It's probably not really malicious, it just want you to buy stuff that you really didn't need. The internet is like a GIANT lake with lots of dumb fish that one can catch and then there are others like us who have learned to bite VERY cautiously.

 

[dave4151]

Re: Nastiest Malware I have come across....

I've seen one version where it changed the desktop wallpaper to look like a warning screen and then locked it.

I tried for a day to get rid of it and then ended up finding the tool you posted.

The worst thing is that it's pretty hard to block when they embed it into something else and then it keeps morphing once you try to delete it.

 

[thefairlaneman]

Re: Nastiest Malware I have come across....

Yes the worse ones "program" your browser on every start up. Like a trojan that lets more and more in.Going back to pre sets does work sometimes and when you find a way to delete the crap out of your system the instructions are often hard to understand and take some time to use. People trying to scam others with this chit are the lowest life forms I know of. They dont want to have a real job when they can trick and steal from people on the internet and the problem is you cant find these people to give out some paybacks.

 

[jay_merrill]

Re: Nastiest Malware I have come across....

Many of these malware programs are not removed by the popular utilities because they are designed to replicate and can do so, as long as they are resident in the computer's memory. Often times (not all), you can overcome this problem by rebooting to safe mode, which will not allow the malware to load after the reboot, before running the removal utility.

Another favorite tool of mine is "House Call" by Trend Micro, who are the folks that scan all Hotmail emails. House Call is actually run from Trend Micro's servers so it will ask permission to load some stuff onto your puter. This is not malware or adware and the House Call service is usually very good at both finding and removing junk from your PC.

 

[wildmaninal]

Re: Nastiest Malware I have come across....

I can't quiet put a finger on my computer problems yes I mean problems, I'm so darn out of date with these computers now a days that I am back to the basics.
I'll be surfing the internet just fine on Internet explorer 7 and then all of a sudden I'll just have tabs just keep opening up constantly . This doesn't happen all of the time but it does happen. I've tried firefox (my personal opinion) I think it sucks. I am about sick of the internet problems that I have. At least I have our network straightened out . I have been using AVG antivirus for a while now.
My pop up blocker works great though and I never see an advertisement screen pop up. Thankfully I haven't had to deal with that problem you have recently dealt with Mark, but thanks for the heads up.

 

[v1_0]

Re: Nastiest Malware I have come across....

There's a lot of these fake anti-spy, anti-virus, etc. programs around. Many times they show up as pop up ads. Sometimes they are put in places like "downloads.com"..

Pretty much they "overreport" issues, or report issues that don't exist so that you go out and download the program. Those are the nice ones. The not-so-nice ones will rig the advertisement so that whichever button you click - ok, or cancel, will still download the program. (That is why you should use the "x" at the top right of the window. That 'x' is provided by internet explorer/firefox, while the buttons inside the window are under the control of the advertisement.

The out-and-out malware programs will try to make use of vulnerabilities in your internet explorer (or whatever) settings to download silently. Or of windows, or whatever the exploit of the day happens to be.

So, what to do? Defense in depth, of course. Anti-virus, Anti-Spyware programs, Firewall, keep your OS patched, keep your browser patched. Secure your browser. Secure your OS. Windows starts plenty of things that you probably don't need. (remote registry, remote desktop control, etc...) By default, your browser is set for usability/compatibility, not security. It uses a permissive model - everybody has permission unless specified, rather than a restrictive model (no one has permission unless specified) in terms of web-sites. Things like flash, active scripting, etc. all can be exploited.

Fortunately, you can ratchet up the security on IE if you want to. Set the security in "internet" zone really high. Add sites you trust to your "trusted sites" and set the security to what you feel comfortable giving those sites.

It's always nice to have a hardware firewall too. And, if you can afford it - have one computer for browsing and another one that you only use for secure transactions (places that you trust... not general browsing).

But all of these things are for naught if you - the user sitting at the keyboard - override the security. Either willingly, or are tricked into it. So, defense in depth also includes some education.

-V

 

[jay_merrill]

Re: Nastiest Malware I have come across....

I have used AVG for day to day antivirus and zonealarm as a firewall. Neither one is perfect but both do a pretty decent job. The really determined hackers can get by firewalls easily, especially the most popular ones, but they do help.

There is a russian guy by the name of Kaparsky who supposedly has very good protection software - antivirus, firewall, etc. I have never tried it but I have heard that it is much better than most. If I ever get around to trying it, I'll try to remember to post about how well it works.

 

[thefairlaneman]

Re: Nastiest Malware I have come across....

There needs to be some sorta law that will stop those crooks from messin with peoples computer and stuff. Since when did I give anyone the ok to contaminate my machine?My computer is for my use 100% not spammers and virus makers.......

 

[dolluper]

Re: Nastiest Malware I have come across....

Most attack addmin tools messenger ,had to manually turn off the messenger since it was popping up so fast while i was trying to removing it ,drove me nuts for awhile Glad you found the software to fix it Mark before you went completely nutts

 

[roscoe]

Re: Nastiest Malware I have come across....

What's "malware" or "virus" ?

 

[SgtMaj]

Re: Nastiest Malware I have come across....

Malware is malicious software
a Virus is a computer program that spreads by itself, just like a regular cold or flu virus and most of the time is at least somewhat malicious.



Mark42, have you filed a complaint with the FTC yet? Also, have you filed suit against them yet? Even though you were able to delete it, the LEAST you'd end up walking out of court with is FMV of a new computer plus compensation for any files that were lost. Plus, you could seek class action status which could cost them in the hundreds of millions.

Don't get mad, get even.

 

[gonefishie]

Re: Nastiest Malware I have come across....

What's "malware" or "virus" ?

Uhhh..Ohhh...God helps our brother roscoe! I hopes you haven't been disclosing personal and or financial info on the net.

 

[Nos4r2]

Re: Nastiest Malware I have come across....

Uhhh..Ohhh...God helps our brother roscoe! I hopes you haven't been disclosing personal and or financial info on the net.

I think that was a pretty good attempt at sarcasm

 

[roscoe]

Re: Nastiest Malware I have come across....

Not to worry gonefishie, roscoe runs a Mac (or 2).

I like reading about all these pc problems, it reaffirms my decision to go with Macs.

My vital info on my computer is encrypted. Without the password, I can't even access it.

 

[tommays]

Re: Nastiest Malware I have come across....

Problems ARE now common on MAC OS X 10.5

I guess they should have never gone with boot camp and become more windows friendly with microsoft office for MAC as a big seller




Tommays

 

[v1_0]

Re: Nastiest Malware I have come across....

I like reading about all these pc problems, it reaffirms my decision to go with Macs.

Well, that covers about 10% of the vulnerability. There's always whatever is on the other end of your connection, whoever happens to be listening in the middle. And then there's always the person at the computer..

In this particular post - the Mark42 downloaded something "(I think I got it downloading a "free" trial version media player)". So, even if the OS and browser were 100% secure - they were TOLD to download and run whatever it was. This is the old "human engineering" approach: no need to circumvent the OS or browser security - just trick the person.

Bottom line: don't get into a false sense of security just because you are running a Mac.

My vital info on my computer is encrypted. Without the password, I can't even access it.

That doesn't mean someone else can't. There are people that figure ways around or through encryption for a hobby - some for a living.

Or.. they can just trick you into giving them your password.

-V