How did this rogue infect my system? No Idea. I don’t download random files for kicks ::), nor am I downloading illegal content if that is what you are implying Logos, no p2p file sharing, I do watch various videos online (youtube, etc.). I do download the occasional game demo or full game (via Steam, D2D, Impulse,etc.) So sorry, no link to the infected file. As for screen shots, sorry, the supposed “anti-virus” wouldn’t allow anything, anything on my system I tried to activate or run and I’d get a little ping sound and text bubble “this application has been blocked because it is infected”. The only thing it would allow is internet access via Firefox but then it wouldn’t allow any downloads or anything else (needed a way for its new customers to purchase no doubt).
The first clue something was wrong, Avast! popped up a little message giving some odd file full network access. I was online but was not running any new software. So I clicked on the message and changed the setting to block but it was apparently too late. The file which is still listed but blocked is Iburmpjtssd.exe
After that, all hell broke loose.
The Avast! summary screen had an entire extra section which included links to the Antirvus Soft/Antispyware Soft website for purchase and other information. Makes me nervous as to whether Avast! is compromised even after the fix. If you don’t believe the summary screen had extra content, don’t know what to tell you.
So, reboot, F8 to restart in safe mode with networking. Downloaded Malwarebytes Anti Malware, installed, and did the free scan. It found several files related to the Antispyware Soft rogue and it found several other items. Cleaned, rebooted, and everything including Avast! appears to be back to normal.
Thank you everyone who offered assistance, greatly appreciated.
Like I said, no idea how I got this. My wife’s system was attacked by what she thinks was the same rogue about 2 months ago before we upgraded to the Avast! suite. Hence deciding on the full package, not just the free anti-virus. She cleaned it using Malwarebyte’s tools but then erased everything (incl. Malwarebyte’s Anti Malware) and it was forgotten.
Another thought, I do recall last night reading that one way in which Antispyware Soft’s rogue gets into your system is through PDF files which can take advantage of security leaks in older versions of Adobe Reader. I recently uninstalled Reader as I’ve been using Nitro PDF for a couple years. Didn’t see the point in keeping Adobe on my system. Wonder if this could be related? Nitro was my default PDF tool anyway, so probably not.
Have not tried running anything in the sandbox - will consider it.
On the positive side, this is my first major attack ever. I can’t even count how long I’ve been online - years… Have been using Avast! free for at least a couple years and every once in a while it will detect a virus before anything happens (before Avast! we were running either Norton or something else, can’t remember, and had all kinds of trouble - software issues not attacks). Spybot has been run every few weeks and cleaned up anything it has found. Guess I’ve been lucky.
Now if someone could just help me with the extreme slowdowns since going with the Avast! suite. Will have to look into this some more…