Hello Avast Community.
I got attacked by the Win7 Antivirus Trojan/Worm/Virus/Malware/Software. It was probably embedded in a temporary file and installed itself through a Background Task. It went RIGHT THROUGH the antivirus of Avast! and MalwareBytes. Disabling the antivirus and using trojan software to open pop-up windows that have a Yes or No kinda situation. The first popup window said “Windows 7, 1 important update detected, Win7 Antivirus” I didn’t close it because shortly after, who would’ve guessed? Win7 Antivirus pops up! It is basically a image to describe it, not a really program but an image. I got rid of it by Hardbooting the computer, going to setup, putting a Bootup Password. Trying to enter Windows Repair but the bar wouldn’t budge so another hardboot. Then it popped up, do you want to do a System Repair or do you want to start windows normally. I did just that, I started windows up and opened control panel, went to recovery then BAM. Error after Error after Error just popped up on the screen, another hard boot. Then this time I got the Safe Mode prompt, after going to setup and disabling my Internet Connection Driver, I entered Safe Mode without connection. Then I opened Control Panel, went to recovery, rolled back a month, but it did not delete the Virus so I went to Run, (after recovery), appdata, and deleted basically all local temporary files and the virus disappeared with it. The virus probably didn’t run because it wasn’t in the Registry and was probably installing itself at the time I deleted it. Can you guys create an anti-body for the virus? It installed itself through the Temporary Files because I didn’t download anything that would’ve done such a thing.
It went RIGHT THROUGH the antivirus of Avast! and MalwareBytesdid you update Malwarebytes before you scanned ?
Remove Win 7 Antispyware 2012 and Vista Antivirus 2012 name changing rogue (Uninstall Guide)
http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012
Can you guys create an anti-body for the virus?what is an anti-body ? if you mean signature...then you must upload a sample to avast lab
Can you guys create an anti-body for the virus?
Anyone who can would surely get a Nobel Prize! 
Agreed, as these RougeAVs generate random signatures that make detecting them much harder. You would have to rely on a sandbox to see what it actually does.
HAHA! Just got attacked for the Second Time now, I had it removed but got it from a different site this time. Reboot, Restore, lasts about a day or two. Probably going to get it another time!
Let me explain my experiences of this virus and what I know it does already.
Shuts down User permissions!
You will not be able to run any program after it is Initialized
Closes all User opened programs!
If you have a browser open, too bad, you just lost your information.
Opens 2 Windows:
Win7 Antivirus (imitation)
Windows Update (another imitation)
UNDETECTABLE:
Goes right through anti-viruses because of it’s speed. It is activated about 25-28 seconds after downloaded. (I know, I counted)
Timeline?
1st - Disable Antivirus
2nd - Disable User Permissions
3rd - Open Imitation Windows
4th - Delete C:\Windows
[EDIT]
Also completely destroys Mozilla Firefox and destroys Avast if your not fast enough, Avast will give a message saying
“Unable to start scan.
There are no more endpoints available from the
endpoint mapper.”
You knew it was downloading and yet you let it continue? ???
When it is downloading you’ll see a spinning vista icon (like somethings loading) on your cursor then about 25-28 seconds later it’ll open. There is nothing you can do to prevent it though, I got a customized Download Folder that I can easy access and it will not download there, however I think it came from the Temporary Data folder that processes images in websites. Because I was always on the internet when it happened and I seemed to get a popup for a split second then it’ll close itself, then about 5 seconds later you see the loading wheel on your cursor.
Immediately terminate your browser. If that doesn’t work, hit/hold the power button on your PC.
If I were you, I would keep Task Manager or Process Explorer minimized on your Task Bar so you could hard stop your browser.
It goes without saying that your infected which is what is causing the repeated infections after you restore. Remember system restore only restores critical system components for the most part.
any solution from anyone,because the same thing happened with me before,but I have used first maleware bytes and then again scanned with avast.I got good results
http://imagicon.info/cat/5-64/vbulletin-smile.gif
Well, the virus must have updated since last time you’ve seen it. Because it kills off Avast on my computer. Thanks to a link in one of the posts I now have an anti-body program to counterattack the virus. I have not tried the anti-body yet, but the next time I get the virus I’ll use it against it. I’m risking a thousand dollar computer by just getting that virus (not intentionally). That virus is dangerous to mess with I know that much, the first time I got the virus I panicked and almost lost the computer because I had about half of the WINDOWS OS deleted from the computer but managed a System Restore. I did a few scans recently and I do not have the virus anymore, however I could be attacked once again. The virus is very pesky and probably will stay on the internet and keep hitting over and over until the group is caught. We need avast to have a immunity and countermeasure against the virus. Since it is a live program.
Okay ;D I tested the RKill program and it works, if you use Internet Explorer and you encounter that virus it is an instant attack, there is no “Download Time” no pop-up ad or warning, your just with the virus and it will pop up and attack. The RKill is a good way on getting rid of that virus, I recommend it. I got eou.exe for the last attack, I reported the site that was infected with the virus.
Has anybody sent the sample of this fakeAV to avast virus lab?
we all want to be protected against this nasty malware…
Fake antivirus overwhelming scanners
http://www.networkworld.com/news/2009/100209-fake-antivirus-overwhelming.html
I can send a sample of the virus, it’ll take about an hour to get it though, I cannot get the virus on a work computer. You can send the sample of the virus through RKill, Rkill doesn’t destroy the virused EXE file but disables it, so it would be possible to send it.
Hard shutdown, disconnect from the internet, or terminate browser, as DonZ63 said.
Do you remember what website you were on?
What browser were you using?