Results 1 to 20 of 20

Thread: a nasty virus around!!!!!

  1. #1
    Banned
    Join Date
    Dec 2004
    Posts
    2,023
    Thanks
    162
    Thanked 79 Times in 58 Posts

    Icon2 a nasty virus around!!!!!

    sorry if in the wrong section !!
    Hi ,, just be careful
    There is a really bad virus doing the rounds that appears as a pop up and says the following
    : ANTIVIRUSPRO2009 YOUR PC IS INFECTED… CLICK HERE TO REMOVE .. DON’T!!!!!!!!!!!!
    As soon as you do malware is sent and crashes ones pc to the point will take hours to remove
    read this on a site!

  2. #2
    V.I.P
    Join Date
    Dec 2004
    Posts
    1,964
    Thanks
    193
    Thanked 183 Times in 92 Posts
    Thought you meant the one me and most of my family have got. Dreadfull chesty cough, shivers,shakes. Still suffering after three weeks. Bloody nuisance.

  3. #3
    Senior Member BigDave's Avatar
    Join Date
    Nov 2008
    Posts
    213
    Thanks
    1
    Thanked 0 Times in 0 Posts
    Thanks for the warning m8.

    Regards BigDave

  4. #4
    Junior Member
    Join Date
    Jan 2005
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    many thanks for the info

  5. #5
    V.I.P williamtell's Avatar
    Join Date
    Dec 2004
    Posts
    1,185
    Thanks
    501
    Thanked 137 Times in 103 Posts
    yeah a friend of mine downloaded that, the email was from panama
    very faint at the bottom of program, managed to delete, through the registry but a pain all the same.

  6. #6
    V.I.P Detlef's Avatar
    Join Date
    Dec 2004
    Posts
    6,197
    Thanks
    718
    Thanked 2,034 Times in 1,173 Posts
    Quote Originally Posted by Detlef View Post
    If your browser suddenly jumps to look like the image below, close the browser and start again.

    Do not click on any of the boxes or links. You will already have seen that it has "temporarily customised" your browser and disabled the ability to view the source.

    Although it looks innocuous it actually contains some pretty nasty scripts and is about 50k in size..
    It seems to be a variant of the one above.

    It spoofs a typical (valid) warning page but all links just run a nasty set of scripts that spread BHOs and malware all over your PC.

    I was lucky the first time and did a "save page" then "view source" before clicking anything on the page.

  7. #7
    V.I.P zad's Avatar
    Join Date
    Dec 2004
    Posts
    1,226
    Thanks
    11
    Thanked 32 Times in 10 Posts
    word of waring in future...... if ever you get a popup box like this always use the esc key to close it......

    have heard of a few new ones that activate by clicking on the X icon

  8. #8
    V.I.P simon 2003's Avatar
    Join Date
    Dec 2004
    Posts
    2,940
    Thanks
    937
    Thanked 680 Times in 388 Posts
    yea ive got a freind with this on her lappy,needs removing from reg i think

  9. #9
    Banned
    Join Date
    Dec 2004
    Posts
    2,023
    Thanks
    162
    Thanked 79 Times in 58 Posts
    thanks for telling me dont click on the x..
    i am trting to find the escape key on my keyboard!!!!!!!!!!!!

  10. #10
    Junior Member mouhsine's Avatar
    Join Date
    Dec 2004
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Icon2

    if you get it!!!! combofix is the solution. and no other spy or antivirus can help it.

  11. #11
    V.I.P mrbleu500's Avatar
    Join Date
    Mar 2008
    Posts
    2,976
    Thanks
    1
    Thanked 1 Time in 1 Post
    Quote Originally Posted by mouhsine View Post
    if you get it!!!! combofix is the solution. and no other spy or antivirus can help it.
    Better still, Spybot's TeaTimer will block it in the first place

    Saved my home pc from being infected with this nasty little load, highly recommended...

  12. #12
    V.I.P williamtell's Avatar
    Join Date
    Dec 2004
    Posts
    1,185
    Thanks
    501
    Thanked 137 Times in 103 Posts
    although a sat forum i,ll be brave and hope this helps.

    Kill the process av2009.exe using task manager(Ctrl+Alt+Del)
    Now go to all programs and uninstall the antivirus 2009. it will say that its been uninstalled successfully
    Kill the process av2009.exe
    Now go to C:\Program Files and delete the folder antivirus 2009

    Registry editing

    Open regedit by Start->run->type regedit and press enter
    Navigate to
    HKEY_CURRENT_USER\Software\Micros oft\
    Windows\CurrentVersion\Run
    and delete name with data as C:\Program Files\Antivirus 2009\av2009.exe

    HKEY_CURRENT_USER\Software\
    39148080807332159842981568027496\
    Options
    delete this key

    HKEY_CURRENT_USER\Software\Micros oft\
    Windows\CurrentVersion\Explorer\M enuOr...
    Start Menu2\Programs\Antivirus 2009
    delete this key

  13. #13
    V.I.P FXMan's Avatar
    Join Date
    Jan 2005
    Posts
    365
    Thanks
    2
    Thanked 1 Time in 1 Post
    Removed this from a couple of PCs recently.

    The worst of the two infections had the entire machine locked down until a "ransom" of $70 was paid! This was true even in "safe-mode"!

    Malwarebytes (which I highly recommend) will easily sort it if your machine isn't as badly infected as in the second scenario I had.

  14. #14
    V.I.P zyban's Avatar
    Join Date
    Dec 2004
    Posts
    189
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yep can back up FXMan. Malwarebytes will do the trick

  15. #15
    Dudez Donator
    Join Date
    Feb 2005
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    i opened a mail from fedx and my kapersky kicked in and stopped it,just to be sure i also ran maleware and avg.,also on another good forum i read that next monday 24=11=08 is going to be a very bad day for virsuses so be careful what you open and also how you open your mail.

  16. #16
    V.I.P Detlef's Avatar
    Join Date
    Dec 2004
    Posts
    6,197
    Thanks
    718
    Thanked 2,034 Times in 1,173 Posts
    Quote Originally Posted by FXMan View Post
    Removed this from a couple of PCs recently.

    The worst of the two infections had the entire machine locked down until a "ransom" of $70 was paid! This was true even in "safe-mode"!

    Malwarebytes (which I highly recommend) will easily sort it if your machine isn't as badly infected as in the second scenario I had.
    When it is that bad then you need to boot from another source. Hirens boot CD is pretty good. The latest has McAfee AV on it but if you know the offending file names, it has several good file managers which can delete them because your HDD isn't the system.

  17. #17
    Junior Member
    Join Date
    Nov 2005
    Posts
    24
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thanks for the warning m8.

  18. #18
    V.I.P FXMan's Avatar
    Join Date
    Jan 2005
    Posts
    365
    Thanks
    2
    Thanked 1 Time in 1 Post
    Quote Originally Posted by Detlef View Post
    When it is that bad then you need to boot from another source. Hirens boot CD is pretty good. The latest has McAfee AV on it but if you know the offending file names, it has several good file managers which can delete them because your HDD isn't the system.
    The infection doesn't actually stop processes from running, it just makes it appear that way. I was able to get processes to start and also to access those which weren't via Windows Task Manager. Once "in" it wasn't too difficult to get the machine sorted, but on the surface, the PC appears to be completely locked up.

    The writers of this virus are cheeky buggers though, wanting money to free up your PC from "infections". The only infection is the "anti-virus" virus itself!!

  19. #19
    V.I.P
    Join Date
    May 2005
    Posts
    1,259
    Thanks
    474
    Thanked 604 Times in 293 Posts
    I've seen a few PCs too with this particularly nasty malware.

    As above, Malwarebytes Anti-Malware is the tool to use.

  20. #20
    Senior Member
    Join Date
    Jun 2008
    Posts
    93
    Thanks
    6
    Thanked 0 Times in 0 Posts
    another bad one to watch out for is a popup (windows defender),this is not microsoft (windows defender)..This is worse than (antivirus2009) will block any attempt to remove or try to run system recovery.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •