Warning here for everyone:

SOMEHOW.... I just got a "driveby" installation of this AWFUL piece of malware / virus.  (Search the net..... it is a BAD persistent one.)  It fakes that your computer is stuffed full of viruses and trojans.  Then it tries to get you to buy this great new package.  But it is totally BOGUS and a ripoff attempt. 

DO NOT PAY FOR IT!!!!!!!!!!!!

I had to go into the registry multiple times, download some utilities, download Malwarebytes freeware spyware killer, manually delete tons of crap, use the "run" option to start stuff it was blocking form working, run WinXP in safe mode, and finally use an old restore point to get this thing killed. 

It starts restricting your access to your own computer as you try to stop it.  VERY devious piece of software.  And the people who wrote it are reading the online tactics being posted ....and writing blocks as fast as people are suggesting them.

It took me a full day of literally full time work to get the D$#@ thing off my PC!  And I have active antivirus and spyware blockers running.  First time something like this EVER got thru the "walls".

Beware.

Malwarebytes remover seem to work for the last of it (after I did a lot of manual work), but the November 2010 version of the virus now will not let you install that remover once you are infected.  THAT took some gymnastics to get around!!!!!!   

It even eventually blocks stuff like Google searches!  It disables TaskManager so you can't kill processes.  It infects Internet Explorer and Firefox.  It hides multiple copies in all sorts of places.  It is all over the Registry.  It installs folders everywhere.  It is a real bugger!

So get that abovementioned piece of FREE software on your machine NOW....before you catch this one.  And likel soon it won't just block the installation of the program... it'll block it working.  So this is just an interim solution.

best,

.....................john

The Snake 87 wrote on Nov 16^th, 2009 at 3:29pm:

Wow... that sounds like a real B*tch, John. Glad you were able to get that thing taken care of... I could only imagine the damage it would have caused on your sim and the time it would have taken to reinstall all of that and your simpit

I've been using Malwarebytes since Nick recommended... great little program that is.

I wonder if I had this at one point before reformatting my system...well not reformatting compleatly but rebuilding the file system...


cus my PC slowly started BSODing and other things like that...and then installer programs (well some times) wouldnt work correctly...hmmmm...


I use malwarebytes, spywareblaster and a few other utilities for antivirus (don't plan on mentioning what incase the idiots who like being shit heads and doing shit like this do happen to read this)...


oh and for the shit head who do this to others and happen to read threads like this...be warned your being watched...by who...you won't know...

Any software popping up claiming you have viruses/asking you to pay, is usually a virus itself. They have been going around for years. If you didn't get the program yourself, then it is going to be fake. I did not install 'Antivirus 2009', so when it pops up telling me I have a virus, it is clearly a fake as I never installed it on my computer (if it was legit, which it isn't).

Old tricks, but they still catch people out. Also, read, to the letter, what a lot of those pop ups say. Usually there are quite a few typing mistakes which is another sign that they are fake.

ShaneG wrote on Dec 4^th, 2009 at 7:34am:


Yup.... devious little devils.  Click anywhere on them and bingo........ virus install.

Some of these do a great impersonation of a Windows System message too........ that you then innocently click on.. ..... and Bingo!  Virus install again.

I use Task Manager to kill "unknown" pop-up windows....even if they look like Windows messages.

best,

..................john

Steve M wrote on Dec 6^th, 2009 at 2:36pm:

Destruction is not the best means of recovering.

Booting into safe mode and running a variety of anti-virus and other clean-up programs should clear up most of those issues as it will stop the virus from activating/hiding/moving around/infecting, so then you can remove it.

flaminghotsauce wrote on Dec 3^rd, 2009 at 11:07am:


Same here, Though I do use AV...just not as much...hehe


machineman9 wrote on Dec 3^rd, 2009 at 4:27pm:


I actually purposly went to a site that I knew had one of these things on it just so I could grab the source HTML code...interesting code and well....it was a good laugh...love them...sad there are people who would do some thing as dumb as this but hey could be worse...


*mockingly* OOOOO You're infected, buy our software which is a virus, it will protect you....



YEA RIIIIIIIIIIGHT...Ill just "borrow" your code and see how it could be used to stop idiots from doing stuff like this....or better yet educate every one I can....that's a better idea....LOL!!!


Steve M wrote on Dec 7^th, 2009 at 5:50pm:


Safe mode (if you can get to it) is good for that IF you can get your anti virus and what not updated to the most current defitions with out causeing the intruder to activate...

as for the HDD...hope you took a hammer to it before tossing it...cus I love people who just toss the old hard drives out and don't take a hammer to them...hehe



Oh and for those of you who are unfortunate enough to get this evil...sick...low down POS "program" installed on your PC...keep reading...the following will be helpful and DO IT QUICKLY (as in first time you notice it find it and kill it with vengeance...)

Advanced Virus Remover manual removal:

Kill processes:
AVR.exe

HELP:
how to kill malicious processes: Ctrl + Alt + Del, then locate the process you need to kill and right click on that process, then hit END PROCESS TREE

Delete registry values:
HKEY_CURRENT_USER\software\avr lastd
HKEY_CURRENT_USER\software\avr lastscan
HKEY_CURRENT_USER\software\avr lastvfc
HKEY_CURRENT_USER\software\avr virlist
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run advanced virus remover
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run advanced virus remover
HKEY_CURRENT_USER\Software\AVR
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\International\CpMRU

Delete files:
AVR.exe Advanced Virus Remover.lnk

HELP:
how to remove harmful files: use a drive eraser utility like eraser (allows you to erase and over write files)

Delete directories:
C:\Program Files\AdvancedVirusRemover


again if this pops up on your screen, close it and immeadiatly go on a hunt for its parts...

indeed, thats true....as for fixes its sad they are stupid enough they are doing stuff like that to try and make people think they are infected and all that...

thats why when ever I get a call like this at my work I educate the person about this stuff so they don't get all scared (plus they use macs not PCs)

What a surprise ;o

Basically anything that pops up on your screen telling you your computer is infected and that this weird program that just suddenly pops up can fix all your problems.

These guys who make these are so smart.



thank goodness I have loads of antivirus stoff lol