Announcement

Collapse
No announcement yet.

Two Hours of Agravation or What You Have to Look Forward To

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 4
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 template Next
  • #1

    Two Hours of Agravation or What You Have to Look Forward To

    Apparently, there is a new version of Winantivirus2008 (also known as AntivirusPro 2008, AntivirusXP 2008, and others). Winantivirus 2009! Whoo-hoo!

    Yeah.

    The SOB is even more aggravating to get rid of this time. I was unsuccessful at getting my usual cleaning programs (Malwarebytes' antimalware and SmitFraudFix) to even run. Others that were suggested were likewise blocked. It hijacks searches in your browser, so I had to research on another computer. Many of the filenames for manual removal have changed, so I got to slog through the menus to look for them. I found some, and stopped the constant popups and irritations that try to get you to buy the program. Some of the infection remains however, hidden in the depths of the PC.

    Frankly, I currently plan to wipe the HDD and reinstall. It will be faster at this point. If anyone stumbles on a good list of bad files/registry keys for manual cleaning, or a new cleaner, I'll be happy to try it out next time. Right now, the usual stuff isn't cutting it.

    And if anyone just happens to have the adress for the bastard who writes these blackmail programs, I know a lot of people who are keeping their knives sharp for him.
    The Rich keep getting richer because they keep doing what it was that made them rich. Ditto the Poor.
    "Hy kan tell dey is schmot qvestions, dey is makink my head hurt."
    Hoc spatio locantur.
    Tags: None
  • #2
    Quoth Geek King View Post
    And if anyone just happens to have the adress for the bastard who writes these blackmail programs, I know a lot of people who are keeping their knives sharp for him.
    im keeping my knives very dull for him, but oiling up my .45, i have had 4 different computers infected by the 08 version, and have devised many a horrible torturous death for this person/s. ive not heard of the 09 version until now, but i will keep my eyes out for a fix for ya now that i know its out.
    This is a drama-free zone; violators will be slapped. -Irving Patrick Freleigh
    my blog:http://steeledragon.wordpress.com/

    Comment

    • #3
      i heard about the 09 version about 2 weeks ago...

      i was at a client site doing a server install, and the customer comes up to me... (she had just gotten a new computer)

      "I have a popup that says i should install microsoft antivirus 2009, should i do that?"

      me: NOOOOO!!!

      Comment

      • #4
        I've found Spybot Search and Destroy to work very well with removing WAV2k8 and WAV2k9. It's free, reliable, effective and neat (not too much eye-candy). I recommend it to you, it's at least worth trying
        A man can be stupid and not know it, but not if he is married.

        Comment

        • #5
          Argh! I HATE this virus.

          First, it won't let you go to any security site to download the tools. Second, it redirects all searches to some BS promo site. Third, even if you do download removal tools the virus won't let you update them.

          It's actually due to a rootkit that the virus installs. It CAN be removed, but sadly because of our "allowed software list" we can't download any rootkit removers. We have to play dumb and tell clients we know of no software that gets rid of it and we need to format. Or, send the remote session to the chat techs who will run them round and round with Ad-aware and Spysweeper (both allowed) for a couple of hours to delay the end result of having to format.

          Comment

          • #6
            Quoth pacman View Post
            I've found Spybot Search and Destroy to work very well with removing WAV2k8 and WAV2k9. It's free, reliable, effective and neat (not too much eye-candy). I recommend it to you, it's at least worth trying
            The problem is, after apparently this 2009 version blocks the usual programs from running. It causes them to error out as if the .exe were corrupt, or else nothing happens. Yes, I did try them on another computer to make sure.

            I've tried MalwareBytes AntiMalware, SmitFraudFix, Spybot, and SuperAntiSpyware (it was suggested over on majorgeeks). All of them are blocked, even after changing the names of the .exe files to try to sneak them by filters. Once this one gets it's hooks into the system, it's a pain to remove.

            Just had a thought--maybe I could pop the hard drive out and slave it to another PC for scanning. Hmm. I'll have to try that.
            The Rich keep getting richer because they keep doing what it was that made them rich. Ditto the Poor.
            "Hy kan tell dey is schmot qvestions, dey is makink my head hurt."
            Hoc spatio locantur.

            Comment

            • #7
              /shudder

              I would go bonkers if I had something like that infect my system. I am not sure where my restore disk is... damned over seas moves!

              Comment

              • #8
                What about online scanners? The ActiveX components in those are blocked as well, I assume? AdAware, Threatfire, HijackThis? Tried those already?

                I think you only want to put the HDD in another pc if you're ready to format it as well in case something unwanted happens.
                A man can be stupid and not know it, but not if he is married.

                Comment

                • #9
                  Something like Bart PE works as well.

                  Runs off a memory key or CD and you can set it up to have the latest AV\Malware installed
                  Lady, people aren't chocolates. D'you know what they are mostly? Bastards. Bastard-coated bastards with bastard filling. Dr Cox - Scrubs

                  Comment

                  • #10
                    On the subject of what to do to the author(s) of this cack:

                    Rusty Spork.

                    That is all.

                    Comment

                    • #11
                      Oh yeah, we've gotten that particular 'guest' on a couple computers at work. This one's even more blatant in its 'pitch' from what I've seen. The thing even goes so far as to fake a BSOD, then puts up a fake Windows XP splash screen as it appears to 'reboot' your machine. On both screens, it has lines to the effect of 'Your machine crashed because an unregistered WinAntiVirus XP 2009 was detected on your system.' or 'Microsoft recommends WinAntiVirus XP 2009.'

                      Add me to the list of people who would love to get their hands on the writer's address.
                      A fact of life: After Monday and Tuesday, even the calendar says W T F.....

                      Comment

                      • #12
                        I remember when these fake alerts first started appearing with "Spyaxe" there was maybe a half a dozen. Now there are HUNDREDS, mainly because enough clueless users fall for the scam that the authors deem it profitable to keep going.

                        One time I went to remove one of the fake programs and the client yelled out "Don't remove that I paid for it!" I had to break it to her that it was a virus itself, and she might want to call her credit card to cancel the account.

                        Comment

                        • #13
                          IIRC, WAV2k(X) was created by some jackass in Russia, and (then) state AG Elliot Spitzer (D-Jail) was seeking some sort of way to haul its creator into court over here. Of course, Russia (being the f-ed up country it is) said that he committed no crime, and (again IIRC, this was about three years ago on the castlecops website) that people infected with this spyware (it's not a virus) should pay the creator for downloading and installing his work!

                          Comment

                          • #14
                            I'm lucky, I've only cleansed this biatch twice so far... Once a friend berated me for uninstalling his antivirus....

                            sigh
                            I pet animals, I rescue insects, I hug trees.

                            "I picture the lead singer of Gwar screaming 'People of Japan, look at my balls! My swinging pendulous balls!!!'" -- Khyras

                            Comment

                            • #15
                              Quoth Chromatix View Post
                              On the subject of what to do to the author(s) of this cack:

                              Rusty Spork.

                              That is all.
                              I think I have a better idea: take a cheese grater to his "family jewels."
                              Human Resources - the adult version of "I'm telling Mom." - Agent Anthony "Tony" DiNozzo (NCIS)

                              Comment

                              Previous 1 2 3 4 template Next
                              Working...
                              X