Ive been called to remove this app from two laptops and both had fully installed and working anti virus installed, those being the highly regarded nod32 and Mcafee. I was not there to see how it was installed, but I suspect via mail? Has any one else seen this yet, here are the removal instructions which I followed sucessfully. Just aheads up, if you have seen it did you have norton installed? Personal Antivirus screen shot, this can ruin a users day!
I don't have anti anything on my PC's any more. I don't tend to download viruses so I don't see why I need them.
Drive by downloads, infected banner ads, network aware viruses. I don’t download much and nothing from untrusted sites, but the AV still gets tripped once in a while and give the opportunity to abort connection.
I got something similar while watching family guy on a dodgy looking Russian website (learned my lesson) and I was using Google Chrome with AVG running. AVG couldn't touch it, so I got a program called Malwarebites' Anti Malware which worked a treat, give that a try.
+1 for Malwarebytes, great little prog. Seen this git a few times, blocks access to the add/remove programs control panel and stops Malwarebytes (and probably others) updating on XP Pro. Malwarebytes kicks it's sorry ass. Usually I do a sweep with Sophos, Windows Defender and an online scan at Ewido or F-Secure afterwards to make sure.
I had this come up on my lappy once, this was back when i was still in the nod32 camp, switched my pc and all others in the house over to norton, never seen the bugger since
I must admit I'm rethinking my choice of antivirus now, as my AVG free was about as good as a one legged man in an ass kicking contest
I remove this for a living. I've not seen ANY AV able to take it once it's full-blown. Malwarebytes does wonders, if you catch it early, but after a while, you just have to format/reinstall. This one is network aware, and will actively infect flash drives, as well. It's spreading like wildfire, and I don't know of any real way to stop it. The ones I get come in 75% of the owners have no idea what LimeWire is, do no torrenting and hve not a trace of pr0n on their PCs. My only guess is that hole of the internet, MySpace, or possibly Facebook, as that's the only common places they normally list. Some of the older ones don't even do that. Solution in the short-term? Kill social networking. Solution in the long term, kill social networking, and everything older than Vista, and get everyone to build decent AV (of which there is precious little) or just put idiots on thin clients.
I've had a few machines with it, too. If I can't get it off with hijackthis and some sifting, I format reinstall. Mainly because we don't get the time to spend hours getting a machine back to its pre-infection state, which is doable, but you can easily lose a day doing it. Most of my works customers have just outright blocked anything that might be social networking sites.
This also highlights the need for reliable backups, system restore points or at least one air-walled machine. We had a network aware virus on a much lower level than this try to take on the machines at home after my little brother brought his rig back from a friend's house. Although he can afford to (have me) reformat his machine, there are others here with data that simply can't be lost. It was dealt with and my little brother got beats for his troubles, but still.
It's not us that need it, it's the idiots that we work alongside that need the help/advice. Sadly, Exchange via Firefox is just not an option and the people I know ain't smart enough to use two web browsers, IE for Exchange (ONLY) and Firefox for everything else. Me? I've had three viruses in 12 years. Just careful about downloads and what web pages I visit.
I don't need noscript or adblock. I find them to be wastes of my time-I honestly get by it in a much easier way-I don't normally install Flash. Problem solved. If one person asks me how I watch YouTube with no Flash, I'll stab them with a freshly laundered sock.
i've seen a lot of these lately, it's the same thing as antivirus2009, antivirus360, system protection center, and a couple other permutations of those. a normal malwarebytes scan doesn't always get it all, but running malwarebytes from safe mode will. combofix or spyhunter will also get it, but combofix can potentially wreck other things and spyhunter isn't free. afaik none of the antiviruses can protect from it, in addition to all the ones mentioned in this thread, i've seen it on computers with kaspersky, avira, and sophos.
I've seen Kaspersky stop and remove these. The problem lies with the response to the "do you want to allow..." question.
I cleaned it up under the name of XP Antivirus 2009 after someone had let their son use their laptop. This was over a year ago and there wasn't anything that could kill it automatically at the time, so I was using ProcExp to kill all its handles and processes and deleted its list of files manually. It was a resilient *******, that's for sure.
