Simviation Forums

[JBaymore]

Warning here for everyone:

SOMEHOW.... I just got a "driveby" installation of this AWFUL piece of malware / virus.  (Search the net..... it is a BAD persistent one.)  It fakes that your computer is stuffed full of viruses and trojans.  Then it tries to get you to buy this great new package.  But it is totally BOGUS and a ripoff attempt. 

DO NOT PAY FOR IT!!!!!!!!!!!!

I had to go into the registry multiple times, download some utilities, download Malwarebytes freeware spyware killer, manually delete tons of crap, use the "run" option to start stuff it was blocking form working, run WinXP in safe mode, and finally use an old restore point to get this thing killed. 

It starts restricting your access to your own computer as you try to stop it.  VERY devious piece of software.  And the people who wrote it are reading the online tactics being posted ....and writing blocks as fast as people are suggesting them.

It took me a full day of literally full time work to get the D$#@ thing off my PC!  And I have active antivirus and spyware blockers running.  First time something like this EVER got thru the "walls".

Beware.

Malwarebytes remover seem to work for the last of it (after I did a lot of manual work), but the November 2010 version of the virus now will not let you install that remover once you are infected.  THAT took some gymnastics to get around!!!!!!   

It even eventually blocks stuff like Google searches!  It disables TaskManager so you can't kill processes.  It infects Internet Explorer and Firefox.  It hides multiple copies in all sorts of places.  It is all over the Registry.  It installs folders everywhere.  It is a real bugger!

So get that abovementioned piece of FREE software on your machine NOW....before you catch this one.  And likel soon it won't just block the installation of the program... it'll block it working.  So this is just an interim solution.

best,

.....................john

[The Snake 87]

Thanks for the heads up, I will definitely keep this in mind!

[SubZer0]

Thanks for the heads up, I will definitely keep this in mind!

Wow... that sounds like a real B*tch, John. Glad you were able to get that thing taken care of... I could only imagine the damage it would have caused on your sim and the time it would have taken to reinstall all of that and your simpit

I've been using Malwarebytes since Nick recommended... great little program that is.

[a1]

Thanks for the heads up.

[jaime]

I wonder if I had this at one point before reformatting my system...well not reformatting compleatly but rebuilding the file system...


cus my PC slowly started BSODing and other things like that...and then installer programs (well some times) wouldnt work correctly...hmmmm...


I use malwarebytes, spywareblaster and a few other utilities for antivirus (don't plan on mentioning what incase the idiots who like being shit heads and doing shit like this do happen to read this)...


oh and for the shit head who do this to others and happen to read threads like this...be warned your being watched...by who...you won't know...

[flaminghotsauce]

This is hysterical to me. I never get anything like this. I am coming up on two years with no anti-virus, and only the wireless router as a firewall. Behind this firewall I've been running two Vista machines, one is now W7, several XP machines, a few Linux machines, and there are still a couple of windows 2000 machines.
I strongly urge Linux for surfing, online banking etc. as it's HARD to have an infection, intruder, etc. get hold of the machinery. But of course my gaming is on Windows....

I routinely work on other's machines and remove Norton and McCafee AV as I view them as viruses. I tell people to not go to questionable sites, buy a router, and not run AV. I have not had anyone yet complain that this simple formula hasn't worked. It all gets down to what you do while online.
There are sites out there that will spawn windows that look just like XP or VISTA windows that warn of stuff on your computer. It's especially funny when surfing on a Linux distribution to see an XP window pop up!

[machineman9]

Any software popping up claiming you have viruses/asking you to pay, is usually a virus itself. They have been going around for years. If you didn't get the program yourself, then it is going to be fake. I did not install 'Antivirus 2009', so when it pops up telling me I have a virus, it is clearly a fake as I never installed it on my computer (if it was legit, which it isn't).

Old tricks, but they still catch people out. Also, read, to the letter, what a lot of those pop ups say. Usually there are quite a few typing mistakes which is another sign that they are fake.

[ShaneG_old]

Some of these pop-ups are designed to install the virus to your system, if you click the 'Red X'  to close the window.

If one pops up, it's best to close the window from the task bar.

[JBaymore]

[quote]Some of these pop-ups are designed to install the virus to your system, if you click the 'Red X'

[Steve M]

I have had a couple of these buggers in past years. I used to push the power button on the case and shut down immediatly. Last spring that didnt even work. I just tossed my hard drive and formatted a new one. Nothing I had in my arsenal wanted to recognize what it was. Whatever it was it moved through the system slowly over three days, corrupting one program after another, untill finally I couldn't boot anymore. I even disconnected the ethernet cable at the first sign of trouble.

[machineman9]

I have had a couple of these buggers in past years. I used to push the power button on the case and shut down immediatly. Last spring that didnt even work. I just tossed my hard drive and formatted a new one. Nothing I had in my arsenal wanted to recognize what it was. Whatever it was it moved through the system slowly over three days, corrupting one program after another, untill finally I couldn't boot anymore. I even disconnected the ethernet cable at the first sign of trouble.

Destruction is not the best means of recovering.

Booting into safe mode and running a variety of anti-virus and other clean-up programs should clear up most of those issues as it will stop the virus from activating/hiding/moving around/infecting, so then you can remove it.

[Steve M]

I have had a couple of these buggers in past years. I used to push the power button on the case and shut down immediatly. Last spring that didnt even work. I just tossed my hard drive and formatted a new one. Nothing I had in my arsenal wanted to recognize what it was. Whatever it was it moved through the system slowly over three days, corrupting one program after another, untill finally I couldn't boot anymore. I even disconnected the ethernet cable at the first sign of trouble.

Destruction is not the best means of recovering.

Booting into safe mode and running a variety of anti-virus and other clean-up programs should clear up most of those issues as it will stop the virus from activating/hiding/moving around/infecting, so then you can remove it.

I know, but I couldn't boot in safe mode at all. Turned out to be a blessing in disguise, I got rid of a bunch of junk I didn't need.

[jaime]

This is hysterical to me. I never get anything like this. I am coming up on two years with no anti-virus, and only the wireless router as a firewall. Behind this firewall I've been running two Vista machines, one is now W7, several XP machines, a few Linux machines, and there are still a couple of windows 2000 machines.
I strongly urge Linux for surfing, online banking etc. as it's HARD to have an infection, intruder, etc. get hold of the machinery. But of course my gaming is on Windows....

I routinely work on other's machines and remove Norton and McCafee AV as I view them as viruses. I tell people to not go to questionable sites, buy a router, and not run AV. I have not had anyone yet complain that this simple formula hasn't worked. It all gets down to what you do while online.
There are sites out there that will spawn windows that look just like XP or VISTA windows that warn of stuff on your computer. It's especially funny when surfing on a Linux distribution to see an XP window pop up!

Same here, Though I do use AV...just not as much...hehe

Any software popping up claiming you have viruses/asking you to pay, is usually a virus itself. They have been going around for years. If you didn't get the program yourself, then it is going to be fake. I did not install 'Antivirus 2009', so when it pops up telling me I have a virus, it is clearly a fake as I never installed it on my computer (if it was legit, which it isn't).

Old tricks, but they still catch people out. Also, read, to the letter, what a lot of those pop ups say. Usually there are quite a few typing mistakes which is another sign that they are fake.

I actually purposly went to a site that I knew had one of these things on it just so I could grab the source HTML code...interesting code and well....it was a good laugh...love them...sad there are people who would do some thing as dumb as this but hey could be worse...


*mockingly* OOOOO You're infected, buy our software which is a virus, it will protect you....



YEA RIIIIIIIIIIGHT...Ill just "borrow" your code and see how it could be used to stop idiots from doing stuff like this....or better yet educate every one I can....that's a better idea....LOL!!!

I have had a couple of these buggers in past years. I used to push the power button on the case and shut down immediatly. Last spring that didnt even work. I just tossed my hard drive and formatted a new one. Nothing I had in my arsenal wanted to recognize what it was. Whatever it was it moved through the system slowly over three days, corrupting one program after another, untill finally I couldn't boot anymore. I even disconnected the ethernet cable at the first sign of trouble.

Destruction is not the best means of recovering.

Booting into safe mode and running a variety of anti-virus and other clean-up programs should clear up most of those issues as it will stop the virus from activating/hiding/moving around/infecting, so then you can remove it.

I know, but I couldn't boot in safe mode at all. Turned out to be a blessing in disguise, I got rid of a bunch of junk I didn't need.

Safe mode (if you can get to it) is good for that IF you can get your anti virus and what not updated to the most current defitions with out causeing the intruder to activate...

as for the HDD...hope you took a hammer to it before tossing it...cus I love people who just toss the old hard drives out and don't take a hammer to them...hehe



Oh and for those of you who are unfortunate enough to get this evil...sick...low down POS "program" installed on your PC...keep reading...the following will be helpful and DO IT QUICKLY (as in first time you notice it find it and kill it with vengeance...)

Advanced Virus Remover manual removal:

Kill processes:
AVR.exe

HELP:
how to kill malicious processes: Ctrl + Alt + Del, then locate the process you need to kill and right click on that process, then hit END PROCESS TREE

Delete registry values:
HKEY_CURRENT_USER\software\avr lastd
HKEY_CURRENT_USER\software\avr lastscan
HKEY_CURRENT_USER\software\avr lastvfc
HKEY_CURRENT_USER\software\avr virlist
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run advanced virus remover
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run advanced virus remover
HKEY_CURRENT_USER\Software\AVR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU

Delete files:
AVR.exe Advanced Virus Remover.lnk

HELP:
how to remove harmful files: use a drive eraser utility like eraser (allows you to erase and over write files)

Delete directories:
C:\Program Files\AdvancedVirusRemover


again if this pops up on your screen, close it and immeadiatly go on a hunt for its parts...

[JBaymore]

jamie,

The newer versions of this one shut off your access to using Task Manager.

[jaime]

indeed, thats true....as for fixes its sad they are stupid enough they are doing stuff like that to try and make people think they are infected and all that...

thats why when ever I get a call like this at my work I educate the person about this stuff so they don't get all scared (plus they use macs not PCs)