Results 1 to 4 of 4

Thread: A friendly heads-up

  1. #1

    Default A friendly heads-up

    I just wanted to alert the community to a new trojan horse/phisher that is going around. It calls itself Antivirus7. I was struck by this on Tuesday. It will offer a free visrus scan during which it will request permission to download itself to perform the scan with greatest efficiency. Afterward (yes, I was scammed) it will post results containing a small assortment of supposedly infected files.

    To this point it seems innocent enough, right? Here is where red flags start jumping up. It offers a removal service that you supposedly must pay for. DO NOT DO SO. Instead, attempt to peruse the program. You will notice (a) the ToU is patheticly short, (b) there is no direct uninstall option either in the program folder, the start menu, or in the add/remove programs control panel (in Windows XP), (c) upon your closing of the program, it will commence a series of pop-ups saying file X is such and such a risk or IP address Y is attempting to access your computer, and (d) when you attempt to view a website, especially where a logon is required, you will get a notice of being blocked by the site you are trying to reach at or before your reach the third page within the site or if you attempt to log on at any time.

    (Note to mods: I did not try to log on to SC:L while I was infected. I was fortunately already done my daily visit when this happened. I was cleaned with a specially requested, by phone, McAfee service yesterday morning EST. If I perceived any threat to the community from me in any way, I would not have returned.)

    How I got rid of it:

    1) The main program can be eliminated in one way only: open your task manager, end its process, then delete the sucker. Do not leave it in your recycle bucket.

    2) This step took a while to figure out and is where I first called upon McAfee support for aid. You need to delete ALL of your temporary files. All of the files this critter damaged were temp files.

    3) McAfee did a full check-up with its most powerful tool. Because I removed the main program myself and quickly, it did not affect anything but temp files.

    Notes: My McAfee software failed to stop this because it did not install correctly. That has also been fixed. The error was the new install did not completely eliminate the previous version and they conflicted.

    Just thought I would spread the word.
    I am a master tactician. It is my execution that keeps getting me killed.

  2. #2

    Default Re: A friendly heads-up

    Thanks...I'd recommend running Malware Bytes too. That program is amazing when it comes to most crap like this.


  3. #3
    EvilGenius's Avatar Junior Member
    Join Date
    Jun 2009
    Posts
    199

    Default Re: A friendly heads-up

    Quote Originally Posted by //MavericK\\ View Post
    Thanks...I'd recommend running Malware Bytes too. That program is amazing when it comes to most crap like this.
    Yeah, malware bytes rocks - but it didn't catch the latest strain of this thing. I had to format because of this virus - the newest version is called "antispyware soft". "Antivirus 2009" is a common version as well :P

    it seems like it doesn't ask for permission to install itself anymore - it just pops up a fake scan progress bar, and next thing you know - your anti-virus is going nuts

  4. #4

    Default Re: A friendly heads-up

    Quote Originally Posted by EvilGenius View Post
    Yeah, malware bytes rocks - but it didn't catch the latest strain of this thing. I had to format because of this virus - the newest version is called "antispyware soft". "Antivirus 2009" is a common version as well :P

    it seems like it doesn't ask for permission to install itself anymore - it just pops up a fake scan progress bar, and next thing you know - your anti-virus is going nuts
    I'll look into this malware bytes program, thanks for the suggestion! E.G., That description of events matches the second attempt by this critter. It tried again yesterday, but I gave it the epic fail treatment this time.

    An update on the specifics on how I got this second one:

    I was logged into careerbuilder and clicked next page in my job search results. An ad for a college with .mbu in the file name that popped up in my load bar came up. I hit the back arrow and this critter popped up. I have alerted careerbuilder to this.

    Thanks again for the suggestion!
    I am a master tactician. It is my execution that keeps getting me killed.

Similar Threads

  1. Allow workers a free pass between friendly buildings
    By n00bonicPlague in forum StarCraft Discussion
    Replies: 31
    Last Post: 04-05-2010, 03:16 PM
  2. Prevent friendly kill
    By shadow12345 in forum StarCraft Discussion
    Replies: 4
    Last Post: 02-16-2010, 02:11 AM
  3. Which do you think will be the most creative-friendly race?
    By PosImpos in forum StarCraft Discussion
    Replies: 20
    Last Post: 07-27-2009, 12:25 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •