Captured "System Security 2009" files - stopped all exe files

I don’t know if this is the correct method to communicate this to avast! tech support but here it goes. (please correct me if needed)

The reason I am trying to contact you is I have yet to find anyone discussing this scareware’s behavior of completely stopping executable files. It even stopped Task Manager. A pop up appeared from the system tray saying the file was infected and was stopped. I have captured copies of the scareware files and wondered if you would like a copy of them. If so please tell me how to safely deliver them and let me know if you want the log files I’ve collected.

My current client got infected with the rogue scareware “System Security 2009” under Windows XP Home SP3. He was using a free version of McAfee from Comcast which didn’t detect it when he was infected. When I started working on it I couldn’t run any executable files including Task Manager. A task bar pop up would say the program I was trying to run was infected. About the only thing I could do was shut down the computer through the Start button.

I managed to shutdown and get into Safe Mode stopping all startup processes and programs with MSCONFIG. On reboot I un-installed McAfee then installed Malwarebytes’ Anti-Malware running a full system scan. It found the following;
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 99
Registry Values Infected: 5
Registry Data Items Infected: 2
Folders Infected: 34
Files Infected: 167

After MAB fixed problems found on the first round I kept running it until it found nothing. I restarted the processes and installed avast! Home Edition and did a boot scan. It found nothing. Then I ran MAB full scan again with an updated avast! running and avast! detected one more infected file in the directory of another user of the computer. I have been repeating this process with no more infected files detected.

Regards,
B. Rodgers Jeffrey
http://brjtechworks.com

If you were able to have captured a copy of the files to a usb, etc. before quarantining them in MBAM, you could scan the files on a system with avast and send any undetected copies to avast.

Send the sample to virus@avast.com zipped and password protected with the password in email body, a link to this topic might help and undetected malware in the subject.

Or you can also add the file to the User Files (File, Add) section of the avast chest (if it isn’t already there) where it can do no harm and send it from there. A copy of the file/s will remain in the original location, so you will need to take further action and can remove/rename that.

Send it from the User Files section of the chest (select the file, right click, email to Alwil Software). It will be uploaded (not actually emailed) to avast when the next avast auto (or manual) update is done.

Be aware that Malwarebytes’ Anti-Malware (MBAM) is for home use only and a Technician’s licence is needed for business use:
http://www.malwarebytes.org/forums/index.php?showtopic=14247
http://www.malwarebytes.org/corporate.php

Thanks. File sent. Hope it helps with the fight.

Left message at MBAM site inquiring about Tech License. No word yet.