Ok, I’m first time user of this forum, and I have been reading this thread.
My background:
computer tech for last 15 years.
I just got infected for the first time since Nov 2005
I browsed to a site w firefox, nothing popped up, but the computers CPU use hit 100% then bam: the dreaded “anti-spyware” MSG. No, I did not click on anything. This gentalman here got this somehow, but to sway from judgement, he may be correct. As with all my clients. Out of the last 5 infections I’ve cleaned, 4 claim not to have clicked on anything but a link.

I have all my clients on Avast. I have stuck by them, but now I’m looking into other antivirus providers. These attacks make me good money, but I can’t in good conscience keep allowing this to happen.
I’m also moving to chrome on all browser based on the pwn2own results. Even if it a new browser and we haven’t seen it for long enough, it still has the fewest exploits. Especially from this distructive and easy attack.

Avast: I and my associates here in Tucson Az have sold hundreds of licenses for you, for over 5 years. Find a resolution to this “grayware” issue ( this wasn’t grayware). As of today, my loyalty changes - if you want to keep my business, act now; in one year all of my clients will be switched.

As with all my clients. Out of the last 5 infections I've cleaned, 4 claim not to have clicked on anything but a link.

Yeah, but that’s not “I didn’t do anything”. They clicked the link. A script ran on access to the site, and malware installed.

Please, I’m not starting a flame war here, I totally agree with you that the A/V or whatever else you have installed to stop these threads should have done so before it got installed on the machine.

I’m more or less directing this towards the OP. He stated that he didn’t do anything with the computer for a long time, and when he started it up, it had malware. Obviously, something was done to get the virus in the first place, be it visiting a website, plugging in an infected flash drive, or whatever else.

No Antivirus product will offer 100% detection. That’s a fact. But that’s why avast introduced the sandbox/process virtualization in their paid versions. It contains all threats, so only the virtual ‘computer’ will be infected. Then when you close the browser you wipe out all the contents so your real system doesn’t get infected. Were you browsing in a sandboxed browser?

Its easy to prevent this type of infection. If you use AIS then use the Sandbox
like GloobyGoob suggested and if you are using the free version then use Sbxie
and you ll never have to worry about this type of infections. All AV are terrible
against Rogues, and I mean all of them so do yourself a favor and start using
one or the other.
Bo

I know this is old thread but after fixing 25+ PCs with these variants I have found a way to fix. All of the above threads only work partially. In fact, new variants as of September auto shut down malwarebytes, superantispyware full and portable, removefakeav 1.69, mcafee stinger, and pretty much bypasses or disables all commercial AV products like Trendmicro, AVG Pro, AVastPro, Panda, Norton and Nod32. The signs of infection are clicking a link from a normal google search and ending up in a web page of another search engine showing additional links or ending in a web page of an irrelevant topic. Secondary signs are running superantispyware portable and having it shut down automatically during scan or trying to launch malwarebytes and nothing happens.

Fix: uninstall current antivirus software (which doesnt work anyway) and download AVG free, superantispyare free and portable and malwarebytes. if possible, download the manual updates for each of these. it’ll take a few attempts to get to these web pages as the rogueware will try to divert your searches. after downloading these files, install them but do not start or update the programs. instead, reboot into safe mode without network connection and then run a full sweep starting with superantispyware installed version, then malwareybtes. if software says needs to reboot to remove and you havent finished the sweep with the other software, reboot but go straight back into safe mode.

After both software sweeps are finished, reboot normally and run the superantispyware portable. if the portable shuts down automatically during its scan, you are still infected. also, malwarebytes will not start. most of the rogueware will have been removed however, so run AVG full clean and then test with portable again. system should be free of rogueware.

EDIT*: this rogueware appears to be able to jump computers on the same network if there are loose permissions - even computers that are governed by domain controllers. before purging these nasties, unplug the network cable or wireless antenna. hope this helps someone.

Fix: uninstall current antivirus software (which doesnt work anyway) and download AVG free. Why in the world should the op install avg? if this rogue was able to bypass avast im pretty sure that it would probably do the same with avg, plus the op had originally said in the first post that he removed the rogue with malwarebytes anyway. No av is 100% safe and that’s why a layered approach to security is best so to have malwarebytes pro running in realtime with avast would be a much better soloution imo and a decent firewall.