I’m work for an IT consulting company and we use Avast exclusively with our customers. However in the past month or so, we have been getting call after call about these new fake antivirus viruses…so far I have seen “Microsoft Anti-Virus”, “XP Antivirus”, “MS Antivirus 2008”, “MS Antivirus 2009”, and “Vista Antivirus”.
We have been able to remove them successfully for the most part, but what concerns me is that avast doesn’t catch them. For a test I intentionally infected a system and found that while avast did pop up a warning, the virus (or spyware or malware or whatever we want to call these programs) just forced itself past.
From a search I see that there are many others that have this same problem, and I am just wondering if an update is coming that will close this hole? Do we know why it’s showing up as a legitimate program?
I guess I just want to let the devs, and users alike know that this is really starting to be a problem virus, and that so far avast isn’t stopping it.
These Fake Anti-Virus Programs are actually spyware/scumware/malware, the site bestantivirus2009DOTcom is still being advertised through Google Adwords and uses browser exploits like setslice and AOL IM exploits to secretly install this fakeware/malware. SAS and MBAM are anti-spyware programs that will do a reliable removal of these annoying fake av rogues.
People have a good protection against this if they use Firefox 3 with the NoScript extension installed.
Normal users should be taught that not all pop-ups or message prompts come from M$ or their machine and are therefore to be trusted. Another thing is that there are users that click at anything not hindered by any knowledge what they are doing. Those are beyond help, and form the greatest threat for themselves and other Internet users,
Sleepy me wasn’t paying attention to what I was doing today and infected myself with with antivirus 2009. I installed avast today and it recognizes it, just doesn’t seem to be able to banish it. :-\
I would like to concur with Casey’s comments. I too work for an IT company that recommends Avast. Antivirus 2008, 2009, XP 2008, XP Security Center are all SCAM ‘Malware’ that also infect other computers, send spam emails and install backdoor trojans. Avast only seems to get them after they’re installed and have caused all the damage.
We have had to clean 6 computers in the last 2 weeks - with varying degrees of success. AVAST should pick up these viruses. As far as I can work out they are being installed from the ‘UPS Delivery failure’ and ‘Airline ticket confimation’ spam emails. The attachment comes in a zip format.
I know I could install other 3rd party applications across the 600 computers we look after, but we brag to our clients how good Avast is! Plus they’ve paid for it already.
Hope you guys can come up with a solution soon.
Hoges
I ran the setslice program given by Polonus on my IE6 and got
WebView object was not scriptable for some reason.
This means you are likely immune to the vulnerability given your current configuration.
So IE6 can be tweeked to safety for this infection
are there any instructions for ZProtector.exe?
there are two exe files in the folder
ZProtector
and
ZGprotector
I ran the Z version ang got the message that my ActiveX was protected already
Thank you Spywareblaster , spyware doctor also blocks
I absolutely agree…unfortunately it just isn’t always that cut and dry.
Avast is still an excellent product, and we will continue to use it, I just wanted to raise a bit of awareness as to how big of a problem this is becoming.
This is a comment for those who are looking for a little easy help, I am not a geek nor Guru… just some comments about how I removed this from my computer.
I downloaded the fake-ant virus win32 with the netbooster worm when I was looking for some keno programs. It took me several hours to get rid of it. I have great regard for Avast and still use it but it could not get rid of this virus. I downloaded the free version of StopZilla 5.5 which would only quarantine the 82 objects, to completely remove the files Zilla wants you to buy the paid version, but once you know all the criteria you should be able to remove most of the files yourself, then use one of the several free removal tools which are available online.
This is an ugly way to spend your days off!!! Good luck
Well I have never heard of StopZilla prior to your post (I guess I lead a sheltered life ;D), but I get a distinctly bad feeling when it comes to a free scan reporting multiple infections only to ask me to pay for their removal.
There are many such rogue applications that use this tactic but StopZilla doesn’t seem to be one of these.
StopZilla.com
OrgName: Performance Systems International Inc.
RogueRemover is a utility that can remove various rogue antispyware, antivirus and hard drive cleaning utilities. Rogue applications are applications that rather than remove spyware, provide false positives, distribute malware or spyware, advertise, or provide useless uninstallers. The main point is that rogue applications are useless and eat up system resources.
Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
Personally I think both of the other two have better detections, but spyware terminator free also offers resident protection, where the free versions of the others don’t.
Note: Having installed ST, I hope you don’t install the toolbar or crawler or the anti-virus module that also comes with it.
Crawler has a bit of history about being adware, collecting info to deliver adverts that might be relevant based on your browsing. It isn’t a good idea to have two resident AVs though this one they say isn’t resident, but I’m not sure. It has processes running on boot, though that may just be to enable you to do right click scans on single files.