"Vista Security" malware is a more advanced version of "Anti Virus 2000"

This is a partial cross-post from the Computers & Internet group. I felt it was important for everyone on DU to be aware of this.

Basically, this strain of malware pretends to be anti-virus software that has "found a threat" on your computer. It does a pretty good job of looking legitimate, including putting a little shield icon in the system tray and putting up those annoying "cartoon balloons" that make Vista so easy to hate. The entire purpose is to get you to "activate your security" or "get the full version" so you'll fork over credit card information.

The problem is that it makes the machine useless for anything productive. The windows pop up all over the place, some can't be moved and stay on top, and it redefines ".exe" so programs you try to run pass through it. The older ones just took control of IE but the new one takes over Firefox as well. Removing it is the only thing to do and DO NOT USE THE MACHINE FOR FINANCES until you are sure that it is gone.

If you are comfortable with removing it yourself, see my post in the Computers and Internet group: http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=242x30344

If not, get thee to a computer geek. Whatever you do, DO NOT click on any of the buttons in the pop-ups. I've read that some of them are actually entirely fake windows and the "X" box is an active hot button for its evil purposes. I haven't (and won't) try that to verify it.

Beware DU. I hope this helps.

I've come across this one a few times, fortunately it's not hard to remove once you figure out where the av.exe file is hiding. Of course, you have to fix your EXE file association too...but other than that...

Had a friend call me on this one, his wife almost paid for a 'subscription' for this, had to sit them down and explain to them to NEVER pay for something that pops up suddenly on their PC and ALWAYS check with me first!

It hits like 56 registry entries in addition to the files it mucks with. The older "Anti Virus 2000" only hit 2 registry entries and 4 files. Each strain is different. AntiMalware does the trick, but getting it to run with the new flavor of this malware is the real trick.

I forgot to mention, it is also adept at bypassing certain antivirus products, including Symantec (which it also disables) and Microsoft Security Essentials (at least as of two weeks ago).

Seriously; if anyone has paid money for anti-virus software without a boot disk, they were ripped off.

a crucial project--nasty, nasty stuff. People who create that are just evil and need to do hard time, IMHO.

That's adding insult to injury.

I don't know about Vista, but I've been able to contain these problems on my XP machines by using utilities from malwarebytes.

http://www.malwarebytes.org/

On those PCs, I let the one-year Norton or whatever expire. Shit slows down everything.

Of course I don't do any finance or enter personal information on a PC, ever.

PC owners: take nothing for granted, visit the Computers and Internet group often!!!

The restore disks and documentation that come with your PC are vital if you have to reload the OS and start from scratch, which is sometimes not a bad idea.

The Malwarebytes anti-malware did the job for me.
I got the free verson from cnet.com.

This bug was a massive pain in the butt as it wouldn't let me use internet explorer to look for a solution.
It also ate up massive amounts of CPU power and almost constantly gave me phony pop-ups about supposed intrusions.
I ended up using the Firefox browser to download the fix and have had no trouble since.

on my computer and looked at the remedies I could do and I didn't have confidence to fix it on my own...then after about three days of having issues, Norton Anti-virus took care of it and no problems since. I was lucky.

I didn't click on anything associated with the Vista scam, I recognized some of the things they listed as attacking my computer as things that Norton had already dealt with. Like I said, I was lucky.

Nasty little thing...

I still run XP so my malware was called "XP Guardian 2010." I knew right away it was a scam but made the mistake of thinking if I closed the pop-up box that would be the end of it. Silly me. I run Norton, so one of their techs was able to remove it but what a frakking pain. It took over EVERYTHING, including the ability to remove programs through the Control Panel (the list of programs doesn't show up, you see).

So, I've added to the following list of "nevers":

1. Never eat anything bigger than your head.
2. Never drink at a place called "Pop's"
3. Never eat at a place called "Mom's"
4. And never, never, ever click on a pop-up box. Use alt-F4 to close it instead.

This is what I wish for the bastards that created this and cost me $100: :nuke:

That's been a standing rule in our house and all three of my daughters have known it since they were infants. The "Jumbo Mambo Mocha Sundae" came close when my youngest was six.

A coworker got this on his computer, and Alt-f4 would not close the pop-up. It's usually a good trick though.

.

You know the kind -- the screen is grayed over and the ad is on top. There's usually a "click here to skip this ad" link somewhere. I really don't trust ANYONE anymore so, how do I close those? Alt-F4 just closes the browser.

I run XP with Firefox, NO Script and Avast! .
I have a pop up blocker, so never get a pop up.
Will that work to prevent this latest nasty lil bugger?

A lot of sites won't work without Javascript and Java is often required as well. Still, I haven't found out exactly how it manages the infection so I can't say with certainty that it will avoid the problem.

As for pop up blockers, that's for browser pop ups, not operating system pop ups. Same word, different thing. These are no different than one that just appears on your screen to tell you some piece of software has updated itself to a new version.

However AVG-Free catches this virus before any damage can be done.

~

Case in point: I could not get rid of a nasty virus last month...did everything... IT KILLED MY XP (and no, repair was not an option).

I put in a new drive and did a new install with anti-virus and Firefox before connecting to the Internet. So I plug in my old drive via USB and did a AVG scan. Guess where that nasty was hiding?

System Restore has worked for me before but that has nothing to do with virus.




I am glad SR worked for you.:)

Is it in the MS security update or are people clicking on those flashing things at the top of websites? Sorry to sound stupid, I'm still on XP, but my daughter has Vista and I'm concerned about her not getting the come-on onto her puter in the first place.

She was using AOL and she had its "preview pane" enabled, bad idea, I disabled it. I believe that Outlook Express also still has its preview pane enabled by default as well, but I have not used OE in quite some time.

if enabled beyond text would let the pop-up enable, huh?

One reason I set everything to income as text only. Then I get a link to an html page if I want to see the whole glory.

My daughter uses hotmail and a company server, so I'll warn her, as I believe she uses a preview window as well.

Thanks.

You implicitly authorize it to do stuff to your machine simply by visiting. What gets me is that M$ would allow this IN THE FIRST PLACE! I mean come on, it changes the meaning of ".exe"!!! The real question is WHICH web site caused it. This little nasty camps out for a bit before making itself known and deletes all or part of the history so the user will probably only have the last few sites they visited in their head when it shows up and can't look back through the history to find the source.

E-mail is always a hazard if you click on an embedded link. Simply opening one shouldn't be a problem.

to if, when, where, and how to enable sites that one approves of. Basically I've just had to learn if I go to a site and clicks don't work I have to choose to enable certain scripts, then you have a list of scripts to choose from, so you can enable the entire page, just a video box, or any combination therein, and revocations of enabling requests can be made global. I have for example googlesyndication blocked globally, I never see a googlesyndication ad on any site, nor is it allowed to track me.

Even if they make extensions as functional as they are in Firefox, you can bet they will never allow their own ads/spyware content to be blocked. googlesyndication and google-analytics were the first things I blocked when I installed NoScript. Firefox was already faster than M$IE. Probably doubled in speed when I blocked that shit.

a Nazi because I have most all avatars and signature images blocked through AdBlock as soon as I start lurking, and had no idea that the fellow I was agreeing with had nazi stuff for avatar and signature. I guess that's good though, because it means I have to judge on content and with no avatars, it's easier to forget who and focus on the what.

I've contracted this virus a couple times and it seemed impossible to kill. I have XP and the system restore worked fine. Do it in safe mode if it doesn't work normally.

run although pretty much every other anti-malware I tried got blocked. I was able to remove pretty much everything - to the point where I could copy off files - but there was one virtumonde trojan remaining that I couldn't get rid of, and the computer was trashed to the point that a clean install seemed most time-effective...