[Judas]

Anyone seen these before..


i've just received my 9th computer in the past month with anyone of the named programs that have completely infiltrated the computer reguardless of the protection measures in place, zone alarm, norton, nod32, avg, mcafee, avast, kaspersky (spelling)....so on and so forth.... in either single or combination of each others. Camodo firewall is on of machine that is also infected. Router or not with firewalls..... doesn't seem to matter what's going on.


Anyways, after seeing a consider number of these, i can't seem to figure out exactly where they are picking this thing up from.....i beleive it has got to be a self inflicted infection.

The program almost perfectly mimicks an anti-virus scanner..... but appears to while running a scan, to infect the system further with other viruses. In one example, the machien with AVG would be running the antivirus xp 2008 scan, at the same time avg would be picking up as viruses the same files that were just recently scanned by antivirus 2008.... You can't remove the damn thing as it actually locks down the admin privilages of the system, even through safe mode manual removeall is exceptionally difficult depending on how long it's been intergrating itself into the damn machine.

What's of interest is that it'll claim to have found viruses and then "vault" or "remove" them.... also it has a habit of randomly allowing the user of the computer a false sence of the computer not acting sluggish.... i think it's programed in such a way to not constantly tax the machine. going into a low priority or idle state at unspecific intervals....

It's one fowl beast though, even the most common and uncommon scanners and removeal can't seem to get rid of it, IF they are able to detect it. Super Anti-Spyware has had the best luck, but has yet to completely remove it.


The 2009 version of this nasty bugger just appeared today for me. And it's even worse as it acts more like norton 360.. taking control of the firewall/disk management/backup systems (actually prevents someone from coping things to clipboard and so forth without running through that program)/anti-virus/anti-phishing....etc...

Has anyone else come across these? JUST a FYI for anyone that hasn't noticed them, make sure you avoid it at all costs.

[jayrelay]

ya , I have seen it twice in the last couple months. It is a pain did manual removal from recovery console and it crippled the system. so far haven't found an easy fix, recovery disc, restore point and repair from windows installation seem to work, I think. the first infection had vista i did a system factory recovery , the second was one that had it for months and they actually followed the links and paid 79$ for the full version (???? oh man ????), there was a third system I myself accidentally infected with my usb drive but that was on the a college network, so I quietly moved to another terminal.

anyway, let me know if you find a easy fix I will do the same.

It appears it leeches on to several system files and has many different methods of staying alive

[BlueMak]

So, if you are forced to use USB drives from time to time, what do you suggest doing? Would it be possible to force Windows to not autorun anything there is in such a drive?

[Judas]

you can disable windows Autorun.


however i've yet to have a case where i've gotten my USB flash drives infected.

i haven't seen a vista machine get infected aside from one, and that's the users fault. Another case of agreeing to everything and clicking yes on everything... some people take the internet far to serious (with the popups and whatnot claiming your infected and such)


The last machine i just received i finished up a super anti-spyware which removed a good portion of everything, but the result was a corrupted windows, refusing a normal/safe mode and even a recovery console fixed up system to even boot. I had to do a windows "repair" install to get it to boot and the damn thing was still present, just not "active", i was able to then pull the files off the hardrive that the owner had rather as safely as i could, and then now the system is currently being low level formated for good measure.