During the last few months there have been massive attacks against personal computers by so-called Anti-Virus System Pro, Antivirus Pro 2010 or similar. Once installed in your PC it is constantly barraging you with fake security alerts, such as that your computer is being attacked from an Internet (which is true except they are the attackers), will impersonate Windows Security Center with fake security alerts, etc. and will be continuously trying to trick you into buying their software by asking you to activate their protection. They are trying to scam you to paying some $50 for three months of so-called protection. (Would you give thieves your credit card to buy back your things they stolen from you?) Common anti-virus software programs do not seem to be able to prevent these attacks. The main difficulty with removing Antivirus System Pro and similar trojans is these malwares prevent you from running any program such as task manager, web browser, or antivirus software, claiming that these program files are infected.
I know people who wind up reformatting their hard drive because they could not find a way of getting rid of this infection. When I first got this virus, I've spent hours searching the web from my other computer looking for the procedures to remove it. Likely, there is a simple way of removing Anti Virus System Pro for free. The main thing to do is to restart your computer in Safe Mode. One can do it from the start menu: Start>Shut Down>Restart. Once the computer shuts down and begins restarting [while you still have blank screen], start hitting the key F8 until you hear beeps and a menu appears. In this menu, select Safe mode with Networking. Once your computer restarted in safe mode, you should be able to connect to Internet and download a free version of the program called Malwarebytes. Save it to your desktop and install. After installation firstly run Update. It took me a few minutes to install updated version. Then run Full Scan. It took it several hours to run a full scan, but it did find plenty malware files. When it finish scanning, select Display Results and then select Remove all selected malware. If you have any antivirus program installed, you can now run it too. Malwarebytes may then ask you to restart your computer. You can now restart it in a regular way and you should be OK. Note that their free version does not provide live protection- it only activates manually. I have not tried Malwarebytes paid version (at least because I already have one licensed antivirus program installed), so I can't tell if their live protection is solid. One more thing: the malware sometimes changes Internet Explorer connection setting to Proxy. If your IE does not connect to Internet in safe mode or after the clean-up, try this: Tools> Internet Options> Connections> LAN settings, then if Proxy Server is checked and you are not using proxy, uncheck Proxy Server and hit OK.
The above procedure worked for me, but of course I can't guarantee it will work for everyone. If you choose to go through these steps, you do it at your own risk- I don't give you any professional advices. Also, the malicious programs are being constantly updated. They may possibly invent a new trick that interferes with the above removal procedure. It's a shame that Microsoft Corp. with all its funds and resources as well as the anti-virus software firms so far can't provide live protection against a bunch of criminals.
January 22, 2010
Subscribe to:
Post Comments (Atom)
3 comments:
If you're using IE, you deserve to get infected.
MBAM's great for cleaning. Also combofix.
For live protection, I find Kaspersky and Nod32 to be the best.
btw, there's already a version of this virus out that will delete mbam's exec file. Several sites explain how to get around this.
You can also use a boot cd os like MiniPE to avoid even safe mode. MiniPE has preloaded AV soft and you can also run others off a usb drive.
Firefox has security holes too (see for example http://www.kb.cert.org/vuls/id/964549 ). My last virus I got while using Firefox (and by the way with registered and updated Trend Micro Office Scan). Besides this, in my machine it is loading with a snail speed. Not being an anti-capitalist, I see no reason not to use IE.
I think Google Chrome is the safest browser. And I'm using Avast Pro.
Post a Comment