I was on the bay and I went to a site to check out a sample video of a quantom of solace torrent, when some box popped up, when I clicked it all my programs closed, my computer logged out to my main logon screen and the login boxes disappeared. I restarted my computer and this program ive never seen before is now on it called Antivirus Pro 2009, I keep getting this popup http://img122.imageshack.us/my.php?image=34396679rc2.png

notice the misspellings?


So my windows security center seemed to have installed this, but this big red X in the bottom right is saying I have been infected, it even said at one point something about a trojan, but I have no idea what this red X program is, I cant right click on it, all it does is open up my windows security center which opens up AV Pro 09. It did a scan and said in order to delete the files I need to buy a registration code... my first guess was that this is a fake program to get my credit card... however, there are noticeable effects... I have searched on google for antivirus and antispyware tools and every link on google about any sort of antivirus program brings me to a bullshit page. I cant go to AVG.com or anything, it says firefox cant make the connection, but other site work fine...


Guys, any idea what this is? I have norton but I cant get it to run and it says my internet security was shut off...

What can I do? and is this actually any threat?

Antivirus 2009 is a well-known spyware program. You should get All three of: Malware Bytes Anti-Spyware (free), Spybot Search and Destroy (free) and Ad-Aware Free Version. Run them in Safe Mode, scan your entire system with each one and remove anything they find.

That should have your system in working order, but no promises. If all else fails, reinstall Windows and all your applications.

Ok then, well Im going to install the latest version of Norton. Another problem with the trojan/whatever I found is no USB ports are recognized... I unplugged my wireless USB adapter for a little while earlier to prevent any net communications possible going on with this crap, and I plug it in and it isnt even seen by the computer, neither are any of my flash drives in any other ports. So the internets been shot down. Im gonna run norton tonight and hope to got itl even run.

You're the third person in two weeks that I will have helped with this.

win + r > msconfig > Startup

In there disable everything (deselect all), then tick what you actually want to boot. AV2009 causes machines to lock up on boot sometimes, due to running thousands upon thousands of dll files. Rundll32 took up all processing power on a 2gig laptop at boot..

Now to delete those files:
Win + R
c:\username\AppData\Roaming\ (type in your actuall username)

If you don't have the option already selected, open up the folder options and select "show hidden files and folders".

Now all those nasty little dll's will show up, delete them. They will be named something like "CA001, CA002, CA003".


Now download 'CCleaner'
http://www.ccleaner.com/

Run a full system clean, (takes two minutes), and a full registry scan. Run the reg scan about 4 times, sometimes it dosen't pick everything up until a few sweeps. Save all your registry backups to the ccleaner directory.



Now download AVGantivirus
http://www.download.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html

Run a full system scan, and that should take the program.

Download Spybot search and desroy:
http://www.vnunet.com/vnunet/downloads/2128856/spybot-search-destroy

Full scan will take out all the little traces.



Note:
Don't bother with norton, AVG and spydoc will do you fine.

Ok well I guess I screwed up in msconfig, I changed normal startup to basic startup and now my computer bluescreens and restarts everytime I turn it on. The info you gave me wouldnt help much anyways though because you forgot the part with where I have a bad virus that wont let me access those avg/spyware whatever websites. Im kind of giving up on windows, I have a seperate installation of Linux on my computer, sabayon, but it doesnt recognize my netgear usb adapter =/ and internet is kind of necessary for me

I was on the bay and I went to a site to check out a sample video of a quantom of solace torrent, when some box popped up, when I clicked it all my programs closed, my computer logged out to my main logon screen and the login boxes disappeared. I

When you see those boxes, use task manger to close it. usually clicking anywhere on the box screws you.

nice thread. i was getting ready to post a topic about how i recently contracted the AVP 2009 virus. but now i no longer need to.

thanks alot guys

Why is it that downloading it installs/runs it?

Edit: I may be wrong, but the impression I got from a quick search was that downloading it installed/ran it, which really doesn't make sense because no computer is stupid enough to autorun stuff it downloads, right?

So a coworker of mine contracted our friend AntiVirus 09. I burned him a CD of AVG and Spybot. Upon installing spybot, (in safe mode w/ networking) it goes to download the latest update but apparently it cant connect. I figure AV09 is blocking it maybe? Of course he can't manually download the spybot update because AV09 redirects web page traffic. So then he went to install AVG but it wont let him install with another anti-virus program. He's got McAfee but the definitions are a few months out of date, and when he ran it it found nothing.

Ideas on how to get spybot running?

Oh and he's concerned that his external backup hard drive might have been infected as it was plugged in when he contracted AV09 (via email attachment) I said it was unlikely; am I right?

So a coworker of mine contracted our friend AntiVirus 09. I burned him a CD of AVG and Spybot. Upon installing spybot, (in safe mode w/ networking) it goes to download the latest update but apparently it cant connect. I figure AV09 is blocking it maybe? Of course he can't manually download the spybot update because AV09 redirects web page traffic. So then he went to install AVG but it wont let him install with another anti-virus program. He's got McAfee but the definitions are a few months out of date, and when he ran it it found nothing.

Ideas on how to get spybot running?

Oh and he's concerned that his external backup hard drive might have been infected as it was plugged in when he contracted AV09 (via email attachment) I said it was unlikely; am I right?

It'll be fine as long as there's no executable in his backup.

It'll be fine as long as there's no executable in his backup.

Wrong. The intruder could have modified a data file that will be given as input to another program, replacing it with a specially constructed file that the vulnerable program will fail upon the attempt to process the file and subsequently, his system will be compromised. Install GNU/Linux. (http://gnewsense.org)

Sure, but if we cant remove AV09 becuase we cant run spybot or AVG and the already installed anti-virus program doesn't find it, the backup drive is of no importance.

So, how can I get any sort of anti spyware program running?

Fixed! Use system restore and went back. Works great.

Fixed! Use system restore and went back. Works great.

Wow, after all that shit it causes, it doesn't even delete restore points. What a lol.

Wow, after all that shit it causes, it doesn't even delete restore points. What a lol.

Of course it doesn't, it just backdoors them more subtly so that now his computer is a CP repo.

Woot windows!

Of course it doesn't, it just backdoors them more subtly so that now his computer is a CP repo.



This ^.
NEVER trust a *computer* that has been compromised.
You wipe the whole hard drive, and possibly any media that contains executables.

subtly

when some box popped up, when I clicked it all my programs closed, my computer logged out to my main logon screen and the login boxes disappeared.

Real subtle. Might as well the make the wallpaper 'brb compromised'.

Real subtle. Might as well the make the wallpaper 'brb compromised'.

Maybe it's doing that to provoke a system restore, because it's discovered a way to modify the backups in order to implement a kernel backdoor, gaining SYSTEM level permissions where previously it only had ADMINISTRATOR.

Well, my coworker called Dell and they said run system restore.

Of course its coming from dell, so take that info with a salt shaker.

Wrong. The intruder could have modified a data file that will be given as input to another program, replacing it with a specially constructed file that the vulnerable program will fail upon the attempt to process the file and subsequently, his system will be compromised. Install GNU/Linux. (http://gnewsense.org)

The odds of that happening are very low.
And, and most system under which the program is available are vulnerable too, in the context of the running process, of course.
Not considering platform specific details, a different system won't fix the problem.

The odds of that happening are very low.
And, and most system under which the program is available are vulnerable too, in the context of the running process, of course.
Not considering platform specific details, a different system won't fix the problem.

Um, no, that's completely wrong and/or just unintelligible. All program vulnerabilities are due to bad input of some kind. Think "buffer overflow" or something like that. The virus could replace say, a WMV file, with another one that exploited a vulnerability and executed further malicious code. It isn't hard to write shellcode that downloads a program and runs it.

And yes, a different system would fix the problem. You wouldn't get the virus to start off with, and the malicious file wouldn't be able to exploit cross-platform. Of course, if you just magically ignore all of that, then yes, dogs are cats, windows is GNU/Linux, and a different system won't fix the problem.

Was the file a wmv? Because once, a long time ago, I stupidly downloaded a wmv from frostwire and it was able to install some phony antivirus software without my permission. I'm assuming wmvs have some kind of vulnerability.

Of course, if you just magically ignore all of that, then yes, dogs are cats, windows is GNU/Linux, and a different system won't fix the problem.

Ok, and what if, the file is meant to be read by a program that relies on a vm?
For example a music player written in some byte code language, which is vulnerable to a LCE.

Fixed: Swithing to a different system won't necessarily fix the problem, but may fix it depending on how smart the virus is.

All program vulnerabilities are due to bad input of some kind.

Well, most RCE or LCE are, it depends on your definition of vulnerability and input.
Some people consider revealing the source code a vulnerability, and that's output, then input to the screen, then input to my eyes. :-)