antivirus 2008

has anybody been getting nailed by this **** bug antivirus 2008 ??? i am spending so much time ridding machines of this bug and another one with a big red wallpaper.

is there not one really good program that can remove these malware programs. have searched the computer for the files related to this 2008 problem but cant find any so it apparently wasnt totally installed. however when opening up i.e. it is giving me this page that says reported insecure browsing but i can continue but cant get rid of this first page.

my clients have spybot, spywareblaster, either antivir or avg8, ccleaner and some have spy sweeper.

advice would be greatly appreciated.

 

Most of those are SmitFraud\Zlob variants and SmitFraud Fix will help removing them. tho with the combined threats these days, there's usually more than one infection aboard.

Google is your friend but don't go off running tools you don't know how to use or when to use them, proper order and such.

It's not that easy anymore.

 

kinda thought smitfraud was the best way to go. id say 70% of my time with my clients is ridding them of nasty bugs. most of them are getting really hard to remove and a lot of times its easier to rebuild the machine from scratch.

thanks.

 

MalwareBytes is good

 

thanks i'll check that one out.

these bugs are getting to be a real pain in the butt and there getting really better at what they do and harder to get rid of.

 

ran both smitfraud and malwarebytes still seem to have this antivirus 2008 stuck in the i.e. browser.

when i.e. is first brough up it attempts to take you to the home page of yahoo then it brings up this page that says "reported insecure browsing ". when looking at the properties of one of the links it shows antivirus2008. if you click the home icon it takes you to your proper home page and from that point on the browser is okay but if you shut the browser down and bring back up the other page comes up.

security on i.e. is set to normal/default.

any ideas ???

 

MalwareBytes does not have particularly glowing reviews. Here is one:

The Bad

Full scan of system drive is not something you'd want Malwarebytes' Anti Malware to do just now. During the scan the application heated up the CPU a bit, fluctuating up to 84% of usage.

The Truth

It is an early beta and it shows. There are still lots of issues to fix and options to implement. My opinion is that there is not yet the time to use the software regularly. During our testing it picked up false positives like no other malware scanner.

 

james - thank for the heads up on malwarebytes. program looks impressive.

now if i could figure out how to get this antivirus2008 off the browser.

 

You're gonna have to post a HJT log into the proper forum, taking pot shots is wasting everyone's time.

And with regards to MBAM and CPU usage, I expect most scanners are going to be using up CPUs when scanning, I don't see the problem with that. Not likely any app wouldn't use up CPUs.

And it's not in beta either, some new versions, but the ones publicly available are final release versions. Pretty sure of that.

 

actually malwarebytes worked it got rid of the browser problem. all seems good in the world. thanks all.

 

need to continue this post on antivirus2008....

does anyone know where this critter is coming from and how to stop it from hitting my clients. granted it brings me income but this bug is getting ridiculous.

on all my clients machines i have installed spybot with teatimer active, spywareblaster, ccleaner which i know wont protect anything, also some of these clients even have spysweeper but it still gets by.

what really surprises me is i have never gotten hit and some of the sites i visit one would believe they are questionable but have never been infected with it. so is there a program out there that can stop this critter before it infects machines ??/

 

The short answer is no. The best thing for reducing the amount of infections is two fold, maintaining proper security layers, which you have some, but not all.

I'd implement some other layers:

• IE-SPY ADS.
• MVPS Hosts File
• hpHostsIt contains more sites as they tend to include domains\IPs which are involved in even the slightest way with malware distribution or sites involved in any other sort of salacious activities. Basically, lay with dogs, get fleas type of thing. It's database updates directly feed SiteHounds.
• SiteAdvisor or SiteHound. Each provide similar protection, tho SiteAdvisor also rates sites on business practices and spam. SiteHound will offer some content advice as well as security alerts on known rogue sites.

Secondly, and most importantly is you need to educate your user base. In an corporate environment this means making some hard decisions with what to lock down and where. The primary infection vector is social engineering. Users need to learn to think before they click, most don't.

I'd also offer another anti-spyware tool:
Malwarebytes Anti-Malware. IMHO it is far superior to Spybot and Ad-Aware at detection and removal based on the runs I've done and on what I've had users do.

While they do not offer 'real time' protection in the free version, you're still likely to get more of anything that does sneak in. Updates to the database and the basic code are frequent. It may be young in it's infancy in relation to the others, it warrants a strong look.

As for where this infection is coming from, off shore & eastern bloc countries are usually the end point. Pretty much fruitless to try to get to them legally as the countries they base out of usually have bigger problems than Net criminals.

 

TeMerc - i will look at those other layers and see how i can implement them to my clients. the biggest problem i have with my clients is them doing what i instruct them to do. even tho i make spybot scan auto weekly i find when i go back to visit them that they have never done the updates. so the updates are in one case 3 years old which means thousands of new definitions are not loaded. malwarebytes seems to be an easy program for one to use so definitely i will start putting that on their systems.

as far as site advisor is concerned doesnt ie7 phishing function do this ???

thanks....greg

 

That review of MBAM 0.68 Beta by Marcin Kleczynski at Softpedia is from last September. MBAM is now at version 1.17.

 

whiskyman

as far as taking up all the processing sorta like what norton and mcafee seem to be doing lately.

unfortunately malwarebytes seems to be the only program that is successfully removing antivirus2008. even when i have run smitfraud that isnt removing it. spysweeper isnt nor is spyware doctor so what other choices are there other than the pain of manually searching for all the files it puts on the systems.

 

Sunbelt's CounterSpy. Simply the best.

 

Maybe you can send these clients a friendly email occasionally reminding them to update their security tools. Or get them subscribed to a forum which has a thread that is routinely updated and subscribe them to that thread so they'll get alerted to the updates.

And while IE7 does do phish protection, I don't suppose it wold hurt to have a secondary back up, tho SA offers more which I find invaluable with site rating, but just as with all other security tools, it's not infallible.

 

I'm surprised Tom didn't reference sending them here. Definately a good read for you too, Greg.