Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: muddpuddle on May 15, 2010, 06:43:54 AM
-
It's bad enough I'm one of those people suffering from serious slow downs and 100% cpu usage issues since converting from the free Avast to the Pro edition. Still trying to get that worked out.
But tonight Avast! just failed horribly on me. In the midst of stumbling I was attacked by Antispyware Soft which has not only taken over my computer (can't even hit ctrl+alt+delete because the scam spyware says it's infected) but the scam has imbedded itself within the Avast! gui. Half the summary screen contains BS from Antispyware Soft with links to purchase and such.
WOW! Serious failure. Now how the hell do I get rid of it?! I ran the Avast scan but it finished far to quickly and reported no incidents!
:-\
Need some help Avast!
-
Most of the good help is out this time of night, as most are European. http://forum.avast.com/index.php?topic=53253.0 Try this link to get started, then maybe re-post in the virus/worms thread.
-
sounds like a rouge and to be honest ALL AV'S NO MATTER WHICH ONES all miss rouges at times i am a repair tech and fix many systems will every different av installed where people get rouges.
-
I believe antispyware soft is of the same family as antivirus soft.
here's a link, it should help. Ive delt with antivirus soft a month or so ago, it can be stubborn.
http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft
you can also do a forum search for the topic antivirus soft, Im sure there's some threads about it.
good luck
Sat
-
muddpuddle, I think the above information the posters have given you looks helpful for your situation.
Were you able to remove the malware with the removal tools given to you in the previous posts?
I would also re-run another scan of MBAM (Malwarebytes' Anti-Malware) as well as a Full System scan of Avast to make sure you are clean. Please post your results in the Virus section of the forum (copy and paste the url of this thread into your new thread in the Virus section). Thank you.
-
It's bad enough I'm one of those people suffering from serious slow downs and 100% cpu usage issues since converting from the free Avast to the Pro edition. Still trying to get that worked out.
But tonight Avast! just failed horribly on me. In the midst of stumbling I was attacked by Antispyware Soft which has not only taken over my computer (can't even hit ctrl+alt+delete because the scam spyware says it's infected) but the scam has imbedded itself within the Avast! gui. Half the summary screen contains BS from Antispyware Soft with links to purchase and such.
WOW! Serious failure. Now how the hell do I get rid of it?! I ran the Avast scan but it finished far to quickly and reported no incidents!
:-\
Need some help Avast!
how did you get the rogue in the first place, before blaming Avast? ::) answer this question please ;D >>> first failure is when you visit a malicious site and click on a malicious download link :) what were you looking for ?
can you post a link to the rogue download? (in hxxp, not http), and also, yeah, can you post a screen shot of the "infected avast GUI" ??? ;D
-
Maybe it was a drive by? ??? A good HIPS software is your answer.You're mistaken if you think that another AV could protect you.
-
....You're mistaken if you think that another AV could protect you.
Yep ... below a post from an Avira user who was infected by Antivirus Software:
http://www.dslreports.com/forum/r24241798-Does-anyone-recognize-this
No single malware product can protect one from all the nasties out there. Hence the best defense is using "layered" protection, be knowledgeable of the risks of using the internet (visit security forums), sandbox browser, and if using Win XP use a Limited User Account.
-
....You're mistaken if you think that another AV could protect you.
Yep ... below a post from an Avira user who was infected by Antivirus Software:
http://www.dslreports.com/forum/r24241798-Does-anyone-recognize-this
No single malware product can protect one from all the nasties out there. Hence the best defense is using "layered" protection, be knowledgeable of the risks of using the internet (visit security forums), sandbox browser, and if using Win XP use a Limited User Account.
Don't get too paranoid. Security forums are 95 % paranoia. I will not limit my account in XP and I will never use sandboxing. I also will not use any browser but IE. I've been on line 11 years now and have never been infected by anything or hacked by anyone. Just use a firewall, even the Windows ones will help (If you are able to stand the annoyances of a HIPS based firewall, use that. I personally have abandoned that as well), and a good AV program. If anything does manage to get by, the free version of Malwarebytes will be 99.9% capable of fixing things. I would also advise putting your computer behind a router and not connecting directly to a modem, even if you only have one computer in the house.
-
How did this rogue infect my system? No Idea. I don't download random files for kicks ::), nor am I downloading illegal content if that is what you are implying Logos, no p2p file sharing, I do watch various videos online (youtube, etc.). I do download the occasional game demo or full game (via Steam, D2D, Impulse,etc.) So sorry, no link to the infected file. As for screen shots, sorry, the supposed "anti-virus" wouldn't allow anything, anything on my system I tried to activate or run and I'd get a little ping sound and text bubble "this application has been blocked because it is infected". The only thing it would allow is internet access via Firefox but then it wouldn't allow any downloads or anything else (needed a way for its new customers to purchase no doubt).
The first clue something was wrong, Avast! popped up a little message giving some odd file full network access. I was online but was not running any new software. So I clicked on the message and changed the setting to block but it was apparently too late. The file which is still listed but blocked is Iburmpjtssd.exe
After that, all hell broke loose.
The Avast! summary screen had an entire extra section which included links to the Antirvus Soft/Antispyware Soft website for purchase and other information. Makes me nervous as to whether Avast! is compromised even after the fix. If you don't believe the summary screen had extra content, don't know what to tell you.
So, reboot, F8 to restart in safe mode with networking. Downloaded Malwarebytes Anti Malware, installed, and did the free scan. It found several files related to the Antispyware Soft rogue and it found several other items. Cleaned, rebooted, and everything including Avast! appears to be back to normal.
Thank you everyone who offered assistance, greatly appreciated.
Like I said, no idea how I got this. My wife's system was attacked by what she thinks was the same rogue about 2 months ago before we upgraded to the Avast! suite. Hence deciding on the full package, not just the free anti-virus. She cleaned it using Malwarebyte's tools but then erased everything (incl. Malwarebyte's Anti Malware) and it was forgotten.
Another thought, I do recall last night reading that one way in which Antispyware Soft's rogue gets into your system is through PDF files which can take advantage of security leaks in older versions of Adobe Reader. I recently uninstalled Reader as I've been using Nitro PDF for a couple years. Didn't see the point in keeping Adobe on my system. Wonder if this could be related? Nitro was my default PDF tool anyway, so probably not.
Have not tried running anything in the sandbox - will consider it.
On the positive side, this is my first major attack ever. I can't even count how long I've been online - years... Have been using Avast! free for at least a couple years and every once in a while it will detect a virus before anything happens (before Avast! we were running either Norton or something else, can't remember, and had all kinds of trouble - software issues not attacks). Spybot has been run every few weeks and cleaned up anything it has found. Guess I've been lucky.
Now if someone could just help me with the extreme slowdowns since going with the Avast! suite. Will have to look into this some more...
-
okay, where did you download Avast Pro from: exact link please. Sounds like you're running a fake version
edit: you acquired your license from Avast right? (I don't suspect you of anything, just asking...)
-
Acquired Avast! through an email link via Element5 (link has since expired).
Nearly two months of use, updates, etc. before this incident - it's the real thing.
-
Acquired Avast! through an email link via Element5 (link has since expired).
Nearly two months of use, updates, etc. before this incident - it's the real thing.
can't you at least take a pic with a digital camera and upload it here from another computer, so that at least we see something, like this modified Avast interface you're talking about?
-
Problem is already solved - Antispyware Soft gone (I hope). Getting a photo was really the last thing on my mind last night. I was a little more concerned with simply getting rid of the problem.
-
Problem is already solved - Antispyware Soft gone (I hope). Getting a photo was really the last thing on my mind last night. I was a little more concerned with simply getting rid of the problem.
and how did you solve it if I may ask, you started this thread, so thanks for sharing ::)
-
Seriously, another eye roll? If nothing else I'm getting a good laugh from you.
From a post, from me, above, "...reboot, F8 to restart in safe mode with networking. Downloaded Malwarebytes Anti Malware, installed, and did the free scan. It found several files related to the Antispyware Soft rogue and it found several other items. Cleaned, rebooted, and everything including Avast! appears to be back to normal."
-
Seriously, another eye roll? If nothing else I'm getting a good laugh from you.
From a post, from me, above, "...reboot, F8 to restart in safe mode with networking. Downloaded Malwarebytes Anti Malware, installed, and did the free scan. It found several files related to the Antispyware Soft rogue and it found several other items. Cleaned, rebooted, and everything including Avast! appears to be back to normal."
yeah, I found the tone you used somehow laughable tbh and didn't have the patience to read your entire post >>> where it appeared - somewhere in the middle of it - that you solved your problem. We'll never know where it came from, what it was exactly, how interesting ;D Can you post MBAM log?
-
@ muddpuddle
Logos is good for a good laugh.
-
@ muddpuddle
Logos is good for a good laugh.
and Yokenny is good for the recycle bin; well that's what I'd do with you personally, ditch it ;D
ps: did you pm the OP about me this time?
-
I agree with Logos 100% you gave us no proof that you were infected and you could not provide a link to were u got avast or your key. If you really think your infected run malwarebyte's antimalware. www.malwarebytes.com only download free version
-
I agree with Logos 100% you gave us no proof that you were infected and you could not provide a link to were u got avast or your key. If you really think your infected run malwarebyte's antimalware. www.malwarebytes.com only download free version
...well he said he run MBAM...that was silently written in the middle of a long post (that I didn't have the patience to read first)...but he didn't post the log, the thread is completely useless.
-
Well here is the Malwarebytes' Log if you want it. I was correct about the file Iburmpjtssd.exe, if nothing else, you could preemptively block this file from net access and whatever else is possible.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4103
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
5/15/2010 8:21:08 AM
mbam-log-2010-05-15 (08-21-08).txt
Scan type: Full scan (C:\|F:\|H:\|I:\|)
Objects scanned: 722676
Time elapsed: 1 hour(s), 39 minute(s), 51 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VB and VBA Program Settings\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ckcseock (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ckcseock (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
C:\Program Files\Registry Defender (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\backup (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
Files Infected:
C:\Program Files\Registry Defender\report.csv (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Program Files\Registry Defender\backup\8_29_2007.reg (Rogue.Registry.Defender) -> Quarantined and deleted successfully.
C:\Documents and Settings\**********\Local Settings\Application Data\uksqafsgs\lburmpjtssd.exe (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
-
[/quote] Don't get too paranoid. Security forums are 95 % paranoia. I will not limit my account in XP and I will never use sandboxing. I also will not use any browser but IE. I've been on line 11 years now and have never been infected by anything or hacked by anyone. Just use a firewall, even the Windows ones will help (If you are able to stand the annoyances of a HIPS based firewall, use that. I personally have abandoned that as well), and a good AV program. If anything does manage to get by, the free version of Malwarebytes will be 99.9% capable of fixing things. I would also advise putting your computer behind a router and not connecting directly to a modem, even if you only have one computer in the house.
[/quote]
Aha...so you use only IE,windows firewall and an AV...and you use your pc once a week and you visit only sites for kids? ;D
-
No single malware product can protect one from all the nasties out there. Hence the best defense is using "layered" protection, be knowledgeable of the risks of using the internet (visit security forums), sandbox browser, and if using Win XP use a Limited User Account.
Don't get too paranoid. Security forums are 95 % paranoia. I will not limit my account in XP and I will never use sandboxing. I also will not use any browser but IE. I've been on line 11 years now and have never been infected by anything or hacked by anyone. Just use a firewall, even the Windows ones will help (If you are able to stand the annoyances of a HIPS based firewall, use that. I personally have abandoned that as well), and a good AV program. If anything does manage to get by, the free version of Malwarebytes will be 99.9% capable of fixing things. I would also advise putting your computer behind a router and not connecting directly to a modem, even if you only have one computer in the house.
Aha...so you use only IE,windows firewall and an AV...and you use your pc once a week and you visit only sites for kids? ;D
Nope, I am online at least 8 hours a day, every day, playing online games such as World of Warcraft and Team Fortress 2 as well as browsing and searching extensively every day. I download and install new things frequently as well. I have never been infected or hacked as I said. There have been a handful of attempts but they were always blocked by my AV at the time. First McAfee, then Norton for 9 years, then Comodo, and now Avast! In fact, for the first 4 years I was on Dial up with Windows 98SE and only used an AV without even having a firewall of any kind.
-
@ muddpuddle,
your log looks fine, if your not experiencing any problems id say your good to go~grin~
im sorry but I have no idea how to address your lingering CPU problem.(i think you mentioned it in your original post for the thread)
Sat
-
[/quote] Nope, I am online at least 8 hours a day, every day, playing online games such as World of Warcraft and Team Fortress 2 as well as browsing and searching extensively every day. I download and install new things frequently as well. I have never been infected or hacked as I said. There have been a handful of attempts but they were always blocked by my AV at the time. First McAfee, then Norton for 9 years, then Comodo, and now Avast! In fact, for the first 4 years I was on Dial up with Windows 98SE and only used an AV without even having a firewall of any kind.
[/quote]
Ok,i don't want to go off-topic here anymore,if this configuration suites you,fine.I understand that some people finds annoying HIPS alerts,difficult to understand and useless.
-
muddpuddle, start using Sandboxie and you ll never again have
this kind of trouble, and more so if you do your browsing with
Firefox, NoScript and Addblock plus. That software will keep you
clean from Rogues better than any AV. Most likely Rogues wont
have a chance to run, but if it does all you have to do is delete
the contents of the Sandbox and you are back to square 1. Clean.
I use Sbxie together with Avast and Defense Wall and there is no
slowdown at all. My PC is fast and runs the same whether I am
using all 3 programs or none of them. I mention the latter because
some people think Sbxie slows down your machine but that has
never happened to mine. I am also talking about Sbxie because
you said that you might consider start using it.
Bo
-
OK, I've had that mess on my kid's computer twice
and cleared it out both times. First, restart in safe mode.
Next, turn off system restore. Then, open Internet Options.
You will find that nasty so-and-so has turned on your
proxy setting. Uncheck it. Run (or download) Malwarebytes free
and do a quick scan. Delete all files and registry entries that
it finds. Re-start in normal mode (I haven't re-started system
restore yet, I'm waiting to see if it messes up again). Their
Vista OS has remained clean for a week so far.
Now I would like to know of any URLs that carry this monster,
so I can tell my grandkids not to go there.
-
I think this FakeAV rogue was downloaded by using drive-by method. Recently there are so many infected web-page, so not to go one site can't protect your PC from them :(.
I recommend to update Windows, Adobe Reader, Java, Flash Player to correct vulnerability. Maybe your PC had some vulnerability and some exploits attacked them.