| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 117064 | 2011-03-31 22:29:00 | The fake AV epidemic | linw (53) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1190974 | 2011-04-01 00:38:00 | Trojan remover and malwarebytes found the entries in safe mode. That was it. Even tho both removed them it still ran in normal windows | Speedy Gonzales (78) | ||
| 1190975 | 2011-04-01 02:30:00 | What's the point of these nasty apps, to take down a PC for the sake of it? Or are they setting up these machines to do something, ie. spam emails etc |
Halwende (3418) | ||
| 1190976 | 2011-04-01 02:32:00 | To piss you off / annoy you / block access, and to scare you. Hence their name scareware | Speedy Gonzales (78) | ||
| 1190977 | 2011-04-01 02:46:00 | Many of them 'scan' your computer, tell you you are infected, and then want you to download their fixit tool for quite a few dollars. They might even debit your visa several times to make sure! They could also sell on your visa details, presumably. | linw (53) | ||
| 1190978 | 2011-04-01 02:46:00 | What's the point of these nasty apps, to take down a PC for the sake of it? Or are they setting up these machines to do something, ie . spam emails etc I guess there's some gullible people who will actually click on the "buy/register" button and hand over their credit card details . . . actually, some clown did just that but it didn't "repair" his PC :lol: I had to :badpc: Keeps us in money cleaning them, but you kind of get over them when you do them on a weekly basis!! Love the ones that screw with the hosts file too - generally have to nuke it with a bootable 'nix cd, as they lock it down nicely . |
Renegade (16270) | ||
| 1190979 | 2011-04-01 02:58:00 | Well, got the netbook that was supposed to be infected but not sure how bad as I never saw any popups etc. Malwarebytes found 5 antispy2011setup.exe files in Temp Internet Files. Funnily, MSE didn't find them on its scan but later popped up a message about them. It also popped up one about obfuscator.AY. Scans don't find anything, now, but deleted all temp files anyway. Hosts file OK. I will have to get back to the owner to try to find out exactly what gave them the fright. OK - user has reported back and it certainly was a scareware popup he saw. Best I try a few more scanners! |
linw (53) | ||
| 1190980 | 2011-04-01 03:09:00 | Use rkill. If nothing else works. Or search for whatever it is, And follow the instructions. Use ccleaner and remove the temp files etc | Speedy Gonzales (78) | ||
| 1190981 | 2011-04-01 03:20:00 | Because they're really spyware. Avs aren't good at spyware. Thats no excuse. Most AV's claim to scan for spyware. they just arnt very good at it. Its now hard to justify the cost of pay AV products to customers (even NOD) as they just really dont work. But, given the rate that new spyware is written, no AV EVER will be able to keep up. they have to wait for the infections to spread & be known before they can write them into the sig updates. No software will protect from user idiocy, i thinks perhaps thats the real problem :badpc: |
1101 (13337) | ||
| 1190982 | 2011-04-01 03:31:00 | Whats rkill? I've never had to use it before? Never even hear of it prior to this thread come to think of it? | Chilling_Silence (9) | ||
| 1190983 | 2011-04-01 03:40:00 | Its a program (983k exe file) that can terminate the processes (and probably removes the registry entries of malware while its running like the one I killed last night) . Its mentioned on the Bleepingcomputer site (where they've got writeups ) on how to remove annoying things . I had to use it for this last night, since other programs wouldnt run ( . bleepingcomputer . com/virus-removal/remove-windows-expansion-system" target="_blank">www . bleepingcomputer . com) . You can use it with malwarebytes . Altho it'll probably remove more than malwarebytes (since this thing wouldnt let malwarebytes run) . Or anything else |
Speedy Gonzales (78) | ||
| 1 2 3 | |||||