"Lil' Abner" <blvstk@dogpatch.com> wrote in message
news:Xns9DC8D53811B70butter@wefb973cbe498...
> "wasted" <rubbish@xxnone.notreal.com> wrote in
> news:W9Odnft-3s7OcsvRnZ2dnUVZ8k6dnZ2d@brightview.co.uk:
>
>> Greetings
>>
>> Daughter's laptop got hit by AntivirusGT. Constant "alerts" popping up
>> about this, that and the other infection, and of course it would fix
>> them if she paid out. She couldn't access antimalware websites because
>> of redirects.
>>
>> She brought it to my house yesterday for me to try and fix. I
>> downloaded onto my computer, changed name and saved to CD, both MBAM
>> and SUPERANTISPYWARE.
>>
>> Installed MBAM, and ran it without updating (because I wasn't letting
>> it link to my network at any cost) - it found nothing in normal mode,
>> and during the scan there were the same incessant popup "alerts" from
>> AVGT. Went to safe mode - no popups occurring, but MBAM still found
>> nothing.
>>
>> Whilst still in safe mode, installed SAS, again without updating - and
>> it found and removed stuff referring to AntivirusGT.
>>
>> Rebooted to normal mode - success, it's gone!
>>
>> Sent daughter home and from there she updated MBAM and SAS and ran
>> both - nothing more found and all is OK.
>>
>>
>> Questions:-
>>
>> 1. Should I have installed MBAM in safe mode?
> Yes, but Safe Mode with Networking so you can get updates. But bypass your
> router if you're worried about your other computers. Personally I never do
> when I'm in Safe Mode and haven't ever had a problem.
>
>> 2. If the answer to question 1 isn't relevant, any guesses/info on
>> whether MBAM would have "worked" had I allowed it to update. I'm
>> worried about this because I pay for the full version myself to have
>> the real-time protection. I moved to it from SAS because at that time,
>> on my 64bit system, SAS could only be updated by uninstalling and
>> reinstalling
>
> I had the same problem the other day. I installed it in Safe Mode but it
> wouldn't let me update so I ran it anyway and it found nothing. I finally
> updated it from another computer (vis memory stick) and then it found all
> kinds of stuff. So the updates defintely make a difference. It turns out
> that the malware had enabled a proxy server in IE and that is why I
> couldn't update. I'll remember to check that the next time I try to
> update.
>
>> 2. How does this AVGT get onto computers in the first place.
>
> Never heard of that exact one but I imagine it's just another variant of
> all the other rogue antimalware/antivirus apps.
> My customers always ask me the same question. There's lots of ways they
> may
> have gotten it.
> From http://en.wikipedia.org/wiki/Rogue_security_software
> "Some rogue security software, however, propagate onto users computers as
> drive-by downloads which exploit security vulnerabilities in web browsers,
> pdf viewers, or e-mail clients to install themselves without any manual
> interaction.
> More recently, malware distributors have been utilizing SEO poisoning
> techniques by pushing infected URLs to the top of search engine results
> about recent news events. People looking for articles on such events on a
> search engine may encounter results that, upon being clicked, are instead
> redirected through a series of sites[6] before arriving at a landing page
> that says that their machine is infected and pushes a download to a
> "trial" of the rogue program."
>
> OK, now a question from me. How did you manage to install SuperAntispyware
> in Safe Mode? Every time I've tried it, I got a popup saying it couldn't
> be
> installed in Safe Mode.
Thanks for the input Lil' Abner - the Safe Mode installation just "did it"
from the installation file. I had renamed the file but have no idea whether
that made the difference or not.
__________ Information from ESET NOD32 Antivirus, version of virus signature database 5338 (20100803) __________
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
Reply With Quote