fake antivirus trojan on deviantart.com

My son’s Vista laptop is currently booted to save mode to run Avast free home edition version 5. His antivirus definitions are, and always are, up to date and he’s never had a problem with Avast before. The scan is currently 27% done and has found nothing so far.

This evening while visiting DeviantArt.com (I’ve since learned that many, many users across the web are reporting similar infections from DeviantArt), he was simply reading one of his own (text) files, and a virus warning, a fake one, popped up. He clicked the ‘x’ at the top right to close the popup, and a java notice showed up in the system tray area for a moment. Next thing he knew, one of the fake antivirus trojans was popping up warnings all over the place, not allowing him to open Avast, etc. He didn’t write down which one it was, unfortunately, he just panicked. He shut down his computer, but when he rebooted, the problem was still there … popping up fake antivirus notices and attempting to trick him into “buying the full version”. A green shield was in his system tray.

I helped him boot the computer to safe mode, and he’s running Avast now.

Does Avast detect and remove these things? I know there are a number of them out there, and it seems that this issue has been popping up randomly on DeviantArt for well over a year, so I’m hoping the current virus defs will cover it. Why would Avast allow this to just install itself? He’s always very careful to make sure his version of Avast is up to date and all shields running. Does anyone have a clue how something like this would have slipped past it? Apparently it comes through one of their ads, from a remote site (don’t advertisement-run sites bother to check before just allowing an infected website to advertise?)

And most importantly, with a fully up to date version of Avast run in Safe Mode clean his computer for him?

I think your PC may have the Vundo/Virtumonde trojan. Plus your Java may need to be up-to-date.

Download and Run MalwareByte’s Anti-Malware.

Next

Download and run HiJackThis 2.0.3 by Trend Micro and post or attach a log.

Hello, I’m the one that actually had this problem (Gayze’s son). Avast did not find anything from safemode, but the program you suggested did and the problem seems to be gone now. I will attach the Log file for both programs as suggested.


Welcome to the forums, GayzeN & SparkyDH :slight_smile:

It is good to know that your problem has been solved.

Please come back often and learn more.


Hi there, please run MBAM again and let it remove them all.

He selected to remove them all the first time through, but I’ll suggest my son run the program again.

I did two more scans, and nothing was found. So I assume that means the problem is gone. I haven’t had anymore issues.