"AntiVirus Soft" malware on my PC

[blogspotter]

What a Pain.... I went through it last month, and removed it with Malaware.. but I had to install something before running malaware to first remove the trojan that won't make me run malaware scan.. i just can't remember what it was...

PS: it is TDSSKiller .. it removes the rootkit trojan that will stop you from running anti spywares.. here is the link http://support.kaspersky.com/downloads/utils/tdsskiller.zip

Just follow the prompts

 

[Deckah]

I had it. Pretty sure it was from a hidden iframe. Anyways it opened java applet and was stored in application data inside the local/java folders. I just restarted and close my net connection, got it out with NOD and hijackthis. It had a hidden start up and did rely off the net connection. Basically just denied everything I tried to run, then popped up "teh solutionz(virus prog)" trying to get me to download/pay for the soft.

Hijackthis should get it out. Depending on which one you have. You might check services, but I did and it doesn't register anything in there.


EDIT: Another thing that comes to mind. NoScript(XSS, does java) will block these types of things. I had it, just not enabled at the time.

 

[turbolapp]

If it happened on the Photobucket site- its possible the person that exposed you to it did a "legit" CPM banner buy with creative that allowed them to rotate in malware or browser exploits when noone was looking. I've seen that happen on Facebook even, with malware like AntiVirus Soft. Then again, you could have also downloaded something else that caused the problem.

You know it boggles my mind that this stuff is going on all over the place and yet the people that are sending "spam" with regular affiliate offers (that people can choose not to click on, or even choose not to read at all, for that matter) are the ones going to jail? Talk about displacement of aggression. Where are the people being prosecuted for this shit? I mean this was way more annoying that anything I receive in my inbox. And can you imagine if I had actually clicked on the offer and downloaded their shit? Man all my moniez would have been in Russia by now.

 

[Jizzlobber]

So how'd you make out cleaning up?

By the way, for the Apple solution providers - are you guys even running UBot? If so, how's that working out for you through virtualization?

 

[Infinite Keith]

Spybot S&D and Malwarebytes.org

This.

Malwarebytes is awesome and was the only anti-virus that got rid of that fucking internet security virus.

If it happened on the Photobucket site- its possible the person that exposed you to it did a "legit" CPM banner buy with creative that allowed them to rotate in malware or browser exploits when noone was looking. I've seen that happen on Facebook even, with malware like AntiVirus Soft. Then again, you could have also downloaded something else that caused the problem.

I got it from Daily Motion and my GF got it from Bloody Disgusting. They have been hitting some legit sites the last few weeks.

 

[turbolapp]

So how'd you make out cleaning up?

By the way, for the Apple solution providers - are you guys even running UBot? If so, how's that working out for you through virtualization?

I installed the malwarebytes and that pretty much took care of it that I can see. I've also adjusted alot of my pc settings and am in ultra paranoid mode looking for weird files...going...hmmm when did I download that? what is that? *sigh*

So if I have to work in IE...is there anything I can do to avoid crap like this in the future? I mean I can't even turn on an ad blocker or anything

How microsoft managed to take over the world and then drop the ball so hard in just 15 years is a total fail.

 

[DewChugr]

When you get it fixed create a second user, make it an admin. Make yourself a regular user. Regular users can't install software, so this helps keeps crap like this down. When you do need to install something right click on the installer and run as and use the admin login account.

Also, your browser can be redirected to, or blocked from sites by manipulation of your hosts file. Check it here C:\windows\system32\drivers\etc\

 

[b_sun]

So sick of the Apple Fan Boi Faggotry. If you love your computer, fucking great, love it. Every single virus thread I see some apple ball-sack chimes in with APPLES DON'T GET TEH VIRUS U SHOULD SWITCH. No one is going to make a virus for a platform that 20% of the world uses. The rest of us prefer to use a computer, that will ya know, run almost everything.

 

[evelynds]

i might not make many friends by asking this... but does anyone know the payout on this AntiVirus Soft affiliate program? apparently cj offers it.

 

[dably]

You know it boggles my mind that this stuff is going on all over the place and yet the people that are sending "spam" with regular affiliate offers (that people can choose not to click on, or even choose not to read at all, for that matter) are the ones going to jail? Talk about displacement of aggression. Where are the people being prosecuted for this shit? I mean this was way more annoying that anything I receive in my inbox. And can you imagine if I had actually clicked on the offer and downloaded their shit? Man all my moniez would have been in Russia by now.

The problem is the majority of the people doing this are in Russia or some other country with little or no internet laws.

Personally I would always do a fresh install after getting something like this. It is just to easy to make a virus that bypasses antivirus definitions and there are to many files that can be infected (many of these application bind themselves to legit applications) and the only way to know they are gone is to reformat.

 

[TheUltimate6]

This thing is kicking my virtual ass today. It's taken over my proxy settings blocking any of my files or browsers from loading. I'm currently in safemode trying to work through getting this crap out. I'm following the instructions from

Remove Antivirus Soft (Uninstall Guide)

I just wanted to see first, if this site is pretty legit? (it wants me to download something called "rkill") and if anyone else has come in contact with this nasty little bugger.

Have you tried the following;

• Download Rkill can (find link here rkill (stops malicious processes) - PCA Forums)

you'll want to run that first in safe mode, you may need put on a USB and run form that.

That should stop all known malicious software, so programs that prevent anti virus software from running will be stopped

• Then run Malwarebytes (Malwarebytes.org)

you'll want to update and then run. It's normally pretty good.

• I also then ran CCLEANER (CCleaner - Download)

went to startup and looked for malicious software. I believe it shares a similar name to a legit process; although obviously if it's something like

IOUEOJKLJFOIEUJKLJ.exe

then delete it, select disable then delete.


All the software is usable free, I didn't put any afflinks in the text obviously.

I'll see if I can find a more in depth guide but that's the jist of it.

GOOD LUCK BRO!

 

[1nspire]

Could you use the system restore feature and reboot your pc prior to the infection?

 

[Lapris]

So sick of the Apple Fan Boi Faggotry. If you love your computer, fucking great, love it. Every single virus thread I see some apple ball-sack chimes in with APPLES DON'T GET TEH VIRUS U SHOULD SWITCH. No one is going to make a virus for a platform that 20% of the world uses. The rest of us prefer to use a computer, that will ya know, run almost everything.

Thought they had less than 10% ?

:R:

 

[xtacx]

So sick of the Apple Fan Boi Faggotry. If you love your computer, fucking great, love it. Every single virus thread I see some apple ball-sack chimes in with APPLES DON'T GET TEH VIRUS U SHOULD SWITCH. No one is going to make a virus for a platform that 20% of the world uses. The rest of us prefer to use a computer, that will ya know, run almost everything.

Yeah, except I run your OS, in OSX, and it runs even better.

Anyone who uses a term like 'fan boi faggotry' just is oblivious to the fact, yes there are many cases where osx won't be good for them, however from my experience 90% of people are just putting up with it because they just don't know any better, oh and if you are in AM, and not running osx - you're doing it wrong.

 

[justo_tx]

i might not make many friends by asking this... but does anyone know the payout on this AntiVirus Soft affiliate program? apparently cj offers it.

$2.75 per sale.

 

[zimok]

Yeah, except I run your OS, in OSX, and it runs even better.

Anyone who uses a term like 'fan boi faggotry' just is oblivious to the fact, yes there are many cases where osx won't be good for them, however from my experience 90% of people are just putting up with it because they just don't know any better, oh and if you are in AM, and not running osx - you're doing it wrong.

PC's can run circles around the capabilities of your apple console.

 

[evelynds]

$2.75 per sale.

thanks, man. i saw they also offer additional products with payouts up to $7. it will be hard to find traffic for this other than mailing i think, though.

 

[JamesH]

So sick of the Apple Fan Boi Faggotry. If you love your computer, fucking great, love it. Every single virus thread I see some apple ball-sack chimes in with APPLES DON'T GET TEH VIRUS U SHOULD SWITCH. No one is going to make a virus for a platform that 20% of the world uses. The rest of us prefer to use a computer, that will ya know, run almost everything.

lol u mad?

 

[tainted]

The problem is the majority of the people doing this are in Russia or some other country with little or no internet laws.

Not really. There are plenty of people state-side pushing this stuff as well. And yes, they do drive traffic doing CPM buys here and there. I don't know anyone pushing it on facebook though; they tend to ban fairly quickly.

$2.75 per sale.

That's pretty fucking low.


Here is an excellent writeup a buddy of mine from the security biz sent me a couple of years ago. The antivirus researchers
hacked into the Russian's affiliate accounts and merchant accounts and posted earnings:
Rogue Antivirus Dissected - Part 1 - Research - SecureWorks

Some pretty impressive earnings (in dollars).
Affiliate ID Affiliate Username Account Balance (USD)
4928 nenastniy $158,568.86
56 krab $105,955.76
2 rstwm $95,021.16
4748 newforis $93,260.64
5016 slyers $85,220.22
3684 ultra $82,174.54
3750 cosma2k $78,824.88
5050 dp322 $75,631.26
3886 iamthevip $61,552.63
4048 dp32 $58,160.20

Those earnings are for a single week. So yeah, there's money to be had here

 

[Vox]

Could you use the system restore feature and reboot your pc prior to the infection?

Nope, it totally corrupts your system restore.
And for those bashing IE browsers, you can also get infected with Chrome.