BEWARE AntivirusXP2008 an UGLY Malware-Worm-Virus!
Watch out closely if you ever see a box pop up or website for Antivirus xp 2008
It is a FAKE Rogue ANTIVIRUS
Don't click anything or it can automatically install on your computer.
Well we were recently struck with a nasty virus/ worm/ malware on our kids computer,
our teenage daughter was surfing the net to get some current events for her class at school and when we returned to the computer,
we had a big blue screen with lots of text and then when that would go away you would see a box in the middle of your screen with white and red saying WARNING your computer has been infected. Then, we try to restart computer, it wouldn't do that, well finally we were able to get on it and trying to figure out what had happed so
figure that a system restore was the quickest thing to go do and if she had clicked on a pop up or something that we would have it fixed in no time.
Well to our aggravation, the restore section on the computer when you go to run a system restore and click to get a restore point, it had a message that said there are no restore points so you cannot use the restore feature! ACK!
this software disables your restore.
We kept getting annoying pop up screen with the red and white and WARNING some of the things it mentioned was virtumonde and privacyremover.64. We were thankful of course that she was using the kids computer, not our business computers!
Well we could get online and click internet explorer and go to google, but when searching for anything, when you would click to go into a site, this virus has something attached that redirects where you are going so you cannot go to the websites you are trying to, very scary deal. Tried it with Yahoo search, same thing.
We thought it would be fairly easy to just download a fix, put it on the desktop and then go back in safe mode and remove the program. With this malware on the computer, it was not allowing the computer to go to the web addresses we were trying to. It forwards you to strange domains and you can watch the address bar and see the numbers and web addresses it is sending you too and it is not anything like what you click on.
We were researching like crazy on our other computers to see how others had fixed this same problem.
the warning screen that pops up on the computer is actually a screensaver that is installed and it will look like windows is restarting too during the process. This is only a screensaver, after all the malware is removed you have to gain your settings back to have your own screensaver again.
We were able to fix this and
Ended up having to go into our msconfig and in the start menu uncheck some of the options that sounded like anything strange or like the antivirusxp2008 etc.
restart the computer, then try to remove files. Then we ran spybot search and destroy and it found numerous files then a spybot update, ran again and removed even more files, then we restarted in safe mode and ran spybot just in case there were any files that might have been missed if they were trying to run or something.
It found a few that it wouldn't remove but it did finally allow removal while in safe mode.
We restarted the computer. reset the screensaver and appears to have removed all the software, this is something that is so frustrating to deal with, they also recommended ccleaner.com on one of the sites, its a free program that will clear up the files on your computer.
another thing that was recommended but we didn't try was malwarebytes.com
I hope you never see this on any of your computers but if you do, I hope some of the information will help you get
started on restoring and if you ever see the site AntivirusXP2008 it has cnet or pcworld and other ratings listed but it is a FAKE Antivirus and will cause you all kinds of havoc. So just beware and stay safe online!
Posted by pittser at September 18, 2008 10:36 AM
\| TrackBack
Do you like to write? Get your own article on Deal of Day! Send email to The Mayor for more information!
