vacancies advertise contact news tip The Vault
facebook rss twitter

Indie retailer to discuss Antivirus 2009 virus on BBC radio

by Scott Bicheno on 5 September 2008, 08:27

Tags: ITACS

Quick Link: HEXUS.net/qao7q

Add to My Vault: x

“It’s a war out there”

Matthew Woolley, chairman of indie retail trade association ITACS and owner of Forum Computers in Lincoln (pictured) is to be interviewed by BBC radio to bring attention to a computer virus he's seeing with increasing frequency.

The Antivirus 2009 virus is the latest in a sequence of malware attacks that cheekily masquerade as the exact opposite of what they are. Typically they manifest themselves as a window that warns of malware infection and urges the user to click on a link to resolve the problem. Of course, once the link is clicked on the host becomes fully infected.

Woolley says he's seen over 40 infections in the last three to four weeks alone and he deals mainly with just the Lincoln area. He will appear on You And Yours on Radio 4 today and Breakfast on Radio 5 Live tomorrow, with the aim of bringing wider attention to the problem. For the BBC to take such an interest it must be assumed that the problem is pretty widespread.

"It's about time the IT industry started warning Joe Public about current threats, especially one this big," Woolley told HEXUS.channel. "It's a war out there and we are fighting it every day. I hope to pass the message to the millions of listeners of Radio 4 and Radio 5 Live.

We would like to hear from the HEXUS.community about any experiences you have had with this virus or any like it and what steps you took to remedy the situation.

 



HEXUS Forums :: 8 Comments

Login with Forum Account

Don't have an account? Register today!
The Beeb is right to try to bring it to the public's attention - as Matthew says, this is indeed an increasingly common infection.

It's also one that has such an elegant interface - beautiful blues reminiscent of some Microsoft apps - that it's hard to credit it as malware.

Bob
Seen 2 variants of this and both got onto the GF's laptop, took a while to clean out too.

Since that i have made a 2nd account on the laptop and limited it to guest access only as i found out who it was that was installing this junk onto the laptop.

It is rather a pain to remove :/
Sorry, should have added:

My recommended strategy to get rid of this nasty is to:

* Download (but only from the makers' sites) two freebies - Malware Bytes and SpyBot Search & Destroy - then restart and dab the F8 key to choose “safe mode with networking” before you install, update and run these two apps. Do allow them to run again on the next system restart if that ask to.

Note - If you don't have an Ethernet connection to broadband, only wireless, the “safe mode with networking” option may not give you an internet connection - which would mean you couldn't update the programs directly, you'd need to have already downloaded updaters for them before going into safe mode.

* Get out of safe mode - if you're still there

* Download Kaspersky Internet Security Suite 2009 (it will work fully for 30 days in trial mode)

* Uninstall ALL existing anti-virus software (including McAfee, Norton, AVG, Avast! - you name it) - and if needs be downloading uninstallers for these apps from their makers sites to ensure that they really have been removed.

* Install Kaspersky (it will warn you if some other anti-virus app remains - and stop you going further until you've got rid of the other apps), allow it to update - and then do a full scan.

* Consider giving a donation to the companies behind Malware Bytes and SpyBot

* Find a company that will sell you an OEM version of Kaspersky Internet Security Suite 2009 for a reasonable amount (SCAN Computers is one that has it).

Bob
Just run malware bytes anti malware on quick scan
The easiest way to fix this is to use ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Antivirus 2009 seems to be another - or a variant of - Smitfraud-based infection. Sometimes it is also worth running SmitfraudFix:

http://siri.geekstogo.com/

However, I have already encountered infections based on this fraud that are so bad, they seem to install rootkits or something similar, and essentially make Windows so slow as to be unuseable. Best thing to do is backup, format, and reinstall.

And use NOD32!