AntiVirus 2008 malware

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi,

Has anyone found a foolproof way of removing AntiVirus 2008 malware. I have run Ad-Aware software but the problem still remains.

Thanks,
Mark

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

is this nortons 2008 you are wanting to remove?

 

Hi,

Please see: http://www.bleepingcomputer.com/malware-removal/remove-antivirus-xp-2008

Mark

 

ah right, my brother had something similar.

go to the trend micro website and run their full scan this should remove the issue. If not find a decent anti virus program like NOD32 (you have to pay for this) and that will work.

 

The page you linked to tells you how to get rid of it.

 

I missed that bit

 

How do people end up with a machine full of malware. I can't remember the last time my AV found something, I don't have some special security, just a NAT router and the usual AV and anti-spyware apps.

 

Me too.

I think people are not aware of what malware actually is and they do not realise what could cause future problems for them like pop ups etc.

I have fixed computers for a few people over the last two weeks, they all said they had AV progs installed the problem was none of them had kept up their payments or updating procedures so they were knackered.

 

I have spoken to folks before that think if they have antivirus installed its impossible for them to get a virus. It must all be down to bad surfing habits, and not keeping their software up to date. You get the scare mongers that put people off upgrading. There was a guy on another forum I post on asking if he should upgrade to firefox 3 as he heard it had some bugs, he was still running an old old 2.xxx version. The potential for problems with the latest version are low, the potential to have known exploits taken advantage of and the lack of current security in the old version made it a bit of a no brainer, get it upgraded!

The scum bags! The first rule of downloading pr0n, scan it with your AV before you run the .exe...

 

it can be done carefully you know, not that I have ever done it

 

FF 3 caused me no issues, better to upgrade than stay the same.

 

Hi,

This method has not seemed to remove the malware? Has anyone else managed to remove ir successfully?

 

All the files and reg keys are listed on that webpage at the bottom, if an automated app wont clear it out I would go in and delete all the bits manually.

 

try the trend micro web site like I said above that should work.

 

Kaspersky online scanner works well also, I usually use it when my AV can't detect the virus, most of the time Kaspersky online scan does...

 

Try SmitFraudFix:

http://siri.geekstogo.com/

...it should be run in Safe Mode.

Also, the newest 2008 variant messes with the Display Properties dialogue. You'll probably need to restore some missing tabs through the registry as it sets a malware file as your desktop in an attempt to keep your system infected. The tabs are removed to keep you from changing the desktop wallpaper away from the malicious file.

Restore missing desktop tab:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000

Restore missing screensaver tab:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=dword:00000000

Hope this helps.

 

Hi,

Thanks for all the feedback. I did manage to clean the computer after a lot of effort and using different scanners. In the end I installed StopZilla on the customer's computer. Ad-Aware, SpyBot etc were not able to remove everything.

It was the most heavily infected computer I have come across.

Mark

 

SmitFraud is awesomely clever - one of the best-executed malware scams ever - second only to the SpyAxe fake anti-malware frauds often served up via compromised banner ads. First time I saw it I was blown away by just how convincing it would seem to the average home user. Ever since then I've come to realise that most machines infected with it would be better off with a format and reinstall - and thats just what I recommend for any home jobs I end up doing nowadays. Unless they absolutely HAVE to keep everything installed - in which case I tell 'em that I'll do it, but bill 'em by the hour for my time (sometimes runs to four hours, amounting to about 250 quid).