DOC! computer trojan/virus nasty

NutmegCT · Oct 18, 2010

So I come home from work and find a note from my neighbor stuck in my door. Hmmm, wonder why he didn't just email me ...

His computer has picked up the "Antivirus Studio 2010" nasty: "100s of files infected! Click here to purchase Antivirus Studio to clean your computer!"

Keeps popping up every few minutes. Ran a full system scan using AVG, but no improvement.

So after googling several pages of suggested fixes, all seeming to be quite vague, even the Kaspersky suggestions, I thought "Doc will know what to do!"

My neighbor's computer has been running AVG for several years. Always updated each night. For some reason, AVG didn't catch the Antivirus Studio thing (neighbor clicked a "dubious link on a dubious site", and the nasty was installed.

Is there a downloadable "get rid of Antivirus Studio 2010" tool somewhere in cyberspace? Something that doesn't require manually editing the registry and searching/deleting hundreds of files one at a time?

Thanks.
Tom

leecreek · Oct 18, 2010

Malwarebytes and SuperAntiSpyware run in safe mode would be my first attempt to remove. YMMV

DrEntropy · Oct 18, 2010

You have a PM, Tom.

drooartz · Oct 18, 2010

I was at a computer security conference last week, and one of the messages was that anti-virus software is rapidly approaching the point of uselessness. Viruses and malware are getting sophisticated enough that they are getting difficult to ID. Basically the bad guys are currently winning.

70herald · Oct 18, 2010

I used

https://www.prevx.com/freescan.asp

to repair my home computer after a virus hit it a few years ago and it did a good job. None of the McAfee didn't even pick up the fact that there was a problem. Very much recomended.

RonMacPherson · Oct 18, 2010

VIPRE....

Guest · Oct 18, 2010

drooartz said:
I was at a computer security conference last week, and one of the messages was that anti-virus software is rapidly approaching the point of uselessness. Viruses and malware are getting sophisticated enough that they are getting difficult to ID. Basically the bad guys are currently winning.

That's why I don't have any.

DrEntropy · Oct 18, 2010

drooartz said:
I was at a computer security conference last week, and one of the messages was that anti-virus software is rapidly approaching the point of uselessness. Viruses and malware are getting sophisticated enough that they are getting difficult to ID. Basically the bad guys are currently winning.

Too true. One naieve employee and a company can be facing disaster. IT departments are spending ever-increasing numbers of hours chasing this junk. What a waste of resources.

drooartz · Oct 18, 2010

We spend quite a bit of time trying to combat this stuff at the school district where I work. We can do all the techy stuff, but that doesn't help when an employee (or a few) go ahead and give out their account info to a phishing attach.

Why try fancy coding when you can just ask for the password.

If nothing else, it keeps me and my friends employed.

NutmegCT · Oct 18, 2010

Flash! looks like Malwarebytes *may* have worked.

I restarted the machine in WinXP safe mode with networking. Then downloaded and installed Kaspersky antivirus. First run of Kaspersky: "a newer version is available".

Kaspersky downloaded the newer version, and started the installation again. "Cannot install due to possible infection. Please download Kaspersky virus removal tool."

Downloaded Kaspersky virus removal tool. Ran it and immediately got "Cannot run due to possible infection. Please go to Project911.Kaspersky-labs.com."

Went to said website and found it just wanted me to download and run a "registry filter", and send the report back to kaspersky for manual analysis.

Decided this was getting ridiculous, so followed a friend's advice and used Housecall.Trendmicro.com

Ran it (an online scan app) and found/deleted about a dozen possible problem files, but none with the name or indication of Antivirus Studio 2010. Ran it again, found zero. Restarted machine in normal mode, but got the blasted Antivirus Studio 2010 problem again.

Then I restarted in safe mode, downloaded, installed and ran MalwareBytes. Did a full scan (about 2 hours). Found and fixed 67 problems, but no mention of antivirus studio 2010. Ran the full scan again, and got 14 problems, four of which actually said "Antivirus Studio 2010". Deleted those also. Ran again and got 0 problems.

Restarted in normal mode, and so far (knock wood) in 30 minutes have seen no trace of Antivirus Studio 2010 and its friendly little nag screens.

Before going to bed I'm going to run the MalwareBytes full scan again.

Thought you guys might like to know how the saga is progressing. Frankly, I can't imagine most end users having the perseverance to trudge through all this at home. I may toss the whole shebang out the window and buy a Remington Standard (typewriter, not gun).

Tom

drooartz · Oct 18, 2010

NutmegCT said:
Thought you guys might like to know how the saga is progressing. Frankly, I can't imagine most end users having the perseverance to trudge through all this at home. I may toss the whole shebang out the window and buy a Remington Standard (typewriter, not gun).

Glad you're working your way through this. It's a real pain.

Most users don't have the first clue how to handle these things. A good friend of mine makes some nice extra cash doing the clean up work for other folks.

It's a real failing in the computer industry that the average user is unable to either care for their machines or know who to trust to do it for them. We (it's my line of work too, after all) really need to do better.

DrEntropy · Oct 19, 2010

Drew said:
It's a real failing in the computer industry that the average user is unable to either care for their machines or know who to trust to do it for them. We (it's my line of work too, after all) really need to do better.

I find the ~LAST~ thing any organization/business is willing to spend money on is end-loser training. Eyes glaze over and not much happens 'til the gremlins are running barefoot in the machine.

When a box shows signs of infection it gets dragged back to th' hovel for the seek-and-destroy. A lot of patience is key. When the machine is in the work environment, invariably there is not enough time to do the deed thoroughly. Inturruptions, closing times, irritated supervisors, employees who think their printer (or video, application, etc.) issue is a priority over what looks like my pacing around the electromechanical "patient" for nothing... reducing the irritation for all involved takes the removal of the machine to a place where it (and I) can run uninterrupted.

Tom: Re-run MalwareBytes in 'normal' mode, Trend 'full system scan' as well. reboot twice after all is clean. With any MS O/S the Master Boot Record has two iterations. One can be 'seen', another is 'hidden' and requires a second reboot to acquire the same info as the one out front.

Then tell your neighbor: if you see that notification again, the first, best thing to do is PULL THE POWER PLUG on the machine. :wink:

PAUL161 · Oct 19, 2010

I now back up my entire computer on an external hard drive, plus, this is what I now use for some security, WebRoot, for how long, who knows??? PJ

https://www.webroot.com/En_US/land-3up-wi...164-e-200768247
Get Worry-free Online Protection TODAY!

NutmegCT · Oct 19, 2010

I have to agree on the "end user beyond help" idea. But after working 20+ years as a network manager for a "large public university in the north east", I have to add:

There seems to be great piles of money for administrators to supply equipment (i.e. capital expenditure) to the end users, but never any money for administrators to supply support (i.e. salaries) to help the end users.

Plop the box on the user's desk, maybe help them unpack it, and say "for any questions, just call your network manager".

oy

And this network manager, who supported 500+ machines for faculty, staff, public labs, servers, etc., had *no* support team.

I was it. And I was IT. (get it? nyuck nyuck nyuck)

Doc - have now rebooted three times in normal mode and run MalwareBytes successfully each time. Thanks again.

Now where did I leave the Elite type ball for my IBM Selectric ...

T.

leecreek · Oct 19, 2010

Malwarebytes, SuperAntiSpyware and SpyBot-Search and Control. All three will find some different things. Update and scan each week. Avira and Avast pretty good Anti-Virus. Light on footprints. This is all free stuff.

DrEntropy · Oct 19, 2010

Tom said:
There seems to be great piles of money for administrators to supply equipment (i.e. capital expenditure) to the end users, but never any money for administrators to supply support (i.e. salaries) to help the end users.

'twas ever thus. The "magic box" will do whatever you want it to, without anything but the push of a button. After all, it's nothing but a big fancy toaster, right? :shocked:

Tom said:
I was it. And I was IT. (get it? nyuck nyuck nyuck)

Ran herd on a similar situation for a time in the mid-to-late 90's.

Began following the BOFH model after about a year of trying to tread water. :devilgrin:

In about '95 the head of the org was replaced by a "volunteer" who in an opening meeting said: "Everyone is replaceable."

Took him at his word, left with a: "That's a relief. I need replacing."

Resultant succession of wannabees created a snowball effect which took hiring a consulting firm (three years later!) to square up, tons of time and money. :smirk:

DOC! computer trojan/virus nasty

Share this page

NutmegCT

Great Pumpkin

leecreek

Jedi Warrior

DrEntropy

Great Pumpkin

drooartz

Moderator

70herald

Luke Skywalker

RonMacPherson

Guest

Guest

Guest

DrEntropy

Great Pumpkin

drooartz

Moderator

NutmegCT

Great Pumpkin

drooartz

Moderator

DrEntropy

Great Pumpkin

PAUL161

Great Pumpkin

NutmegCT

Great Pumpkin

leecreek

Jedi Warrior

DrEntropy

Great Pumpkin