AntivirusGT
in [Spyware]
|
Prev: Receiving files from myself? - solved
Next: Security Web Site That Identifies Viruses at Target URL?
From: wasted on 2 Aug 2010 12:15 Greetings Daughter's laptop got hit by AntivirusGT. Constant "alerts" popping up about this, that and the other infection, and of course it would fix them if she paid out. She couldn't access antimalware websites because of redirects. She brought it to my house yesterday for me to try and fix. I downloaded onto my computer, changed name and saved to CD, both MBAM and SUPERANTISPYWARE. Installed MBAM, and ran it without updating (because I wasn't letting it link to my network at any cost) - it found nothing in normal mode, and during the scan there were the same incessant popup "alerts" from AVGT. Went to safe mode - no popups occurring, but MBAM still found nothing. Whilst still in safe mode, installed SAS, again without updating - and it found and removed stuff referring to AntivirusGT. Rebooted to normal mode - success, it's gone! Sent daughter home and from there she updated MBAM and SAS and ran both - nothing more found and all is OK. Questions:- 1. Should I have installed MBAM in safe mode? 2. If the answer to question 1 isn't relevant, any guesses/info on whether MBAM would have "worked" had I allowed it to update. I'm worried about this because I pay for the full version myself to have the real-time protection. I moved to it from SAS because at that time, on my 64bit system, SAS could only be updated by uninstalling and reinstalling 2. How does this AVGT get onto computers in the first place. Cheers JP __________ Information from ESET NOD32 Antivirus, version of virus signature database 5334 (20100802) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
From: David H. Lipman on 2 Aug 2010 15:22 From: "wasted" <rubbish(a)xxnone.notreal.com> | Greetings | Daughter's laptop got hit by AntivirusGT. Constant "alerts" popping up about | this, that and the other infection, and of course it would fix them if she | paid out. She couldn't access antimalware websites because of redirects. | She brought it to my house yesterday for me to try and fix. I downloaded | onto my computer, changed name and saved to CD, both MBAM and | SUPERANTISPYWARE. | Installed MBAM, and ran it without updating (because I wasn't letting it | link to my network at any cost) - it found nothing in normal mode, and | during the scan there were the same incessant popup "alerts" from AVGT. Went | to safe mode - no popups occurring, but MBAM still found nothing. | Whilst still in safe mode, installed SAS, again without updating - and it | found and removed stuff referring to AntivirusGT. | Rebooted to normal mode - success, it's gone! | Sent daughter home and from there she updated MBAM and SAS and ran both - | nothing more found and all is OK. | Questions:- | 1. Should I have installed MBAM in safe mode? | 2. If the answer to question 1 isn't relevant, any guesses/info on whether | MBAM would have "worked" had I allowed it to update. I'm worried about this | because I pay for the full version myself to have the real-time protection. | I moved to it from SAS because at that time, on my 64bit system, SAS could | only be updated by uninstalling and reinstalling | 2. How does this AVGT get onto computers in the first place. | Cheers | JP No. What you should have done is updated another computer. Obtained the "rules.def" file (the latest signatures). "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref" And copied the latest rules to that infected computer then ran MBAM. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Lil' Abner on 2 Aug 2010 21:57 "wasted" <rubbish(a)xxnone.notreal.com> wrote in news:W9Odnft-3s7OcsvRnZ2dnUVZ8k6dnZ2d(a)brightview.co.uk: > Greetings > > Daughter's laptop got hit by AntivirusGT. Constant "alerts" popping up > about this, that and the other infection, and of course it would fix > them if she paid out. She couldn't access antimalware websites because > of redirects. > > She brought it to my house yesterday for me to try and fix. I > downloaded onto my computer, changed name and saved to CD, both MBAM > and SUPERANTISPYWARE. > > Installed MBAM, and ran it without updating (because I wasn't letting > it link to my network at any cost) - it found nothing in normal mode, > and during the scan there were the same incessant popup "alerts" from > AVGT. Went to safe mode - no popups occurring, but MBAM still found > nothing. > > Whilst still in safe mode, installed SAS, again without updating - and > it found and removed stuff referring to AntivirusGT. > > Rebooted to normal mode - success, it's gone! > > Sent daughter home and from there she updated MBAM and SAS and ran > both - nothing more found and all is OK. > > > Questions:- > > 1. Should I have installed MBAM in safe mode? Yes, but Safe Mode with Networking so you can get updates. But bypass your router if you're worried about your other computers. Personally I never do when I'm in Safe Mode and haven't ever had a problem. > 2. If the answer to question 1 isn't relevant, any guesses/info on > whether MBAM would have "worked" had I allowed it to update. I'm > worried about this because I pay for the full version myself to have > the real-time protection. I moved to it from SAS because at that time, > on my 64bit system, SAS could only be updated by uninstalling and > reinstalling I had the same problem the other day. I installed it in Safe Mode but it wouldn't let me update so I ran it anyway and it found nothing. I finally updated it from another computer (vis memory stick) and then it found all kinds of stuff. So the updates defintely make a difference. It turns out that the malware had enabled a proxy server in IE and that is why I couldn't update. I'll remember to check that the next time I try to update. > 2. How does this AVGT get onto computers in the first place. Never heard of that exact one but I imagine it's just another variant of all the other rogue antimalware/antivirus apps. My customers always ask me the same question. There's lots of ways they may have gotten it. From http://en.wikipedia.org/wiki/Rogue_security_software "Some rogue security software, however, propagate onto users computers as drive-by downloads which exploit security vulnerabilities in web browsers, pdf viewers, or e-mail clients to install themselves without any manual interaction. More recently, malware distributors have been utilizing SEO poisoning techniques by pushing infected URLs to the top of search engine results about recent news events. People looking for articles on such events on a search engine may encounter results that, upon being clicked, are instead redirected through a series of sites[6] before arriving at a landing page that says that their machine is infected and pushes a download to a "trial" of the rogue program." OK, now a question from me. How did you manage to install SuperAntispyware in Safe Mode? Every time I've tried it, I got a popup saying it couldn't be installed in Safe Mode. -- --- Everybody has a right to my opinion. ---
From: wasted on 3 Aug 2010 12:27 "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message news:i375ts01eic(a)news3.newsguy.com... > From: "wasted" <rubbish(a)xxnone.notreal.com> > > | Greetings > > | Daughter's laptop got hit by AntivirusGT. Constant "alerts" popping up > about > | this, that and the other infection, and of course it would fix them if > she > | paid out. She couldn't access antimalware websites because of redirects. > > | She brought it to my house yesterday for me to try and fix. I downloaded > | onto my computer, changed name and saved to CD, both MBAM and > | SUPERANTISPYWARE. > > | Installed MBAM, and ran it without updating (because I wasn't letting it > | link to my network at any cost) - it found nothing in normal mode, and > | during the scan there were the same incessant popup "alerts" from AVGT. > Went > | to safe mode - no popups occurring, but MBAM still found nothing. > > | Whilst still in safe mode, installed SAS, again without updating - and > it > | found and removed stuff referring to AntivirusGT. > > | Rebooted to normal mode - success, it's gone! > > | Sent daughter home and from there she updated MBAM and SAS and ran > both - > | nothing more found and all is OK. > > > | Questions:- > > | 1. Should I have installed MBAM in safe mode? > > | 2. If the answer to question 1 isn't relevant, any guesses/info on > whether > | MBAM would have "worked" had I allowed it to update. I'm worried about > this > | because I pay for the full version myself to have the real-time > protection. > | I moved to it from SAS because at that time, on my 64bit system, SAS > could > | only be updated by uninstalling and reinstalling > > | 2. How does this AVGT get onto computers in the first place. > > | Cheers > > | JP > > > > No. What you should have done is updated another computer. > > Obtained the "rules.def" file (the latest signatures). > "C:\Documents and Settings\All Users\Application > Data\Malwarebytes\Malwarebytes' > Anti-Malware\rules.ref" > > And copied the latest rules to that infected computer then ran MBAM. > > > -- > Dave Thanks David - didn't realise there was a file that could just be copied - I could have got it from my own computer!! Of course there won't be a next time (!!!), but I've copied your input just in case! __________ Information from ESET NOD32 Antivirus, version of virus signature database 5338 (20100803) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
From: wasted on 3 Aug 2010 12:31 "Lil' Abner" <blvstk(a)dogpatch.com> wrote in message news:Xns9DC8D53811B70butter(a)wefb973cbe498... > "wasted" <rubbish(a)xxnone.notreal.com> wrote in > news:W9Odnft-3s7OcsvRnZ2dnUVZ8k6dnZ2d(a)brightview.co.uk: > >> Greetings >> >> Daughter's laptop got hit by AntivirusGT. Constant "alerts" popping up >> about this, that and the other infection, and of course it would fix >> them if she paid out. She couldn't access antimalware websites because >> of redirects. >> >> She brought it to my house yesterday for me to try and fix. I >> downloaded onto my computer, changed name and saved to CD, both MBAM >> and SUPERANTISPYWARE. >> >> Installed MBAM, and ran it without updating (because I wasn't letting >> it link to my network at any cost) - it found nothing in normal mode, >> and during the scan there were the same incessant popup "alerts" from >> AVGT. Went to safe mode - no popups occurring, but MBAM still found >> nothing. >> >> Whilst still in safe mode, installed SAS, again without updating - and >> it found and removed stuff referring to AntivirusGT. >> >> Rebooted to normal mode - success, it's gone! >> >> Sent daughter home and from there she updated MBAM and SAS and ran >> both - nothing more found and all is OK. >> >> >> Questions:- >> >> 1. Should I have installed MBAM in safe mode? > Yes, but Safe Mode with Networking so you can get updates. But bypass your > router if you're worried about your other computers. Personally I never do > when I'm in Safe Mode and haven't ever had a problem. > >> 2. If the answer to question 1 isn't relevant, any guesses/info on >> whether MBAM would have "worked" had I allowed it to update. I'm >> worried about this because I pay for the full version myself to have >> the real-time protection. I moved to it from SAS because at that time, >> on my 64bit system, SAS could only be updated by uninstalling and >> reinstalling > > I had the same problem the other day. I installed it in Safe Mode but it > wouldn't let me update so I ran it anyway and it found nothing. I finally > updated it from another computer (vis memory stick) and then it found all > kinds of stuff. So the updates defintely make a difference. It turns out > that the malware had enabled a proxy server in IE and that is why I > couldn't update. I'll remember to check that the next time I try to > update. > >> 2. How does this AVGT get onto computers in the first place. > > Never heard of that exact one but I imagine it's just another variant of > all the other rogue antimalware/antivirus apps. > My customers always ask me the same question. There's lots of ways they > may > have gotten it. > From http://en.wikipedia.org/wiki/Rogue_security_software > "Some rogue security software, however, propagate onto users computers as > drive-by downloads which exploit security vulnerabilities in web browsers, > pdf viewers, or e-mail clients to install themselves without any manual > interaction. > More recently, malware distributors have been utilizing SEO poisoning > techniques by pushing infected URLs to the top of search engine results > about recent news events. People looking for articles on such events on a > search engine may encounter results that, upon being clicked, are instead > redirected through a series of sites[6] before arriving at a landing page > that says that their machine is infected and pushes a download to a > "trial" of the rogue program." > > OK, now a question from me. How did you manage to install SuperAntispyware > in Safe Mode? Every time I've tried it, I got a popup saying it couldn't > be > installed in Safe Mode. Thanks for the input Lil' Abner - the Safe Mode installation just "did it" from the installation file. I had renamed the file but have no idea whether that made the difference or not. __________ Information from ESET NOD32 Antivirus, version of virus signature database 5338 (20100803) __________ The message was checked by ESET NOD32 Antivirus. http://www.eset.com
|
Next
|
Last
Pages: 1 2 Prev: Receiving files from myself? - solved Next: Security Web Site That Identifies Viruses at Target URL? |