Can Avast stop this virus or adware?

[olddog]

For those interested in reading some factual information about this scam software

http://www.bleepingcomputer.com/malware-removal/remove-power-antivirus-2009

Note: If you are using the URL blocks I posted earlier in this thread they will prevent you from accessing this information because of the wild cards used. It is safe to just temporarily untick the "Enable URL Blocking" in the Web shield to enable you to access the bleepingcomputer information pages.

[Rick F]

Thanks Olddog and David,

I see by clicking on the 'Bleeping link' above that URL blocking works with it set to normal or high (see att below).  Then temporarily unticking 'URL Blocking', I can access that site again.  (This is one of the first links I found when starting to research this a few days ago.)

Question... Is there a way to add an actual address to URL Blocking?  IE... 91.208.0.2xx (x'd out two of the numbers).  When I try to do this avast adds the 'http://' in front of the numbers.  Not sure it will work that way.

BTW, I'm thinking that maybe I didn't get a full infection of this because I use "drop my rights" for IE and OE launch.  Maybe it helps with some of these.

Thanx.

[DavidR]

You're welcome.

Well the first thing that avast would see are the user friendly domain name unless they used an IP address.

When an IP address is used it should have the http element in front of it when it is used as a URL, so I don't know if using the * wildcard before the IP address would enable you to do this.

The other consideration is where you have x'd out the last two digits (I don't know why you have done this, just for the forum, etc.), the IP address is also likely to be variable, so you could put in ?? which would represent any two characters, but if there were only two numbers in the last IP group than that would fail as it must have three numbers.

It would still require that the domain name url were blocked.

DMR would certainly cramp this beasts style.

[Rick F]

Thanks.

Yes, I X'd out the last two so no one on the forum would try that site.  It's a static site as I saw that same alert from my ZoneAlarm when it tried to load (St. Petersburg, Russia).

[normishmael]

URL blocking,at least with Ad-Blocker Firefox extension does not work,as the fake scan never seems to show the same URL twice.
wildcarding does not seem work either.
I am not sure the turn off PC with the on/off button is a good or nessasary idea,as it is bloody hard
on Windows.
Killing the process of your Browser in task manager seems to be enough.
What does work is to disable Java script. The Fake scans will not work,the merry go-round of "Ckick ok to clean your computer,or cancel to proceed" does not happen.
The page will pop up,but is inert.
If you use fire fox it is even possible to do this after the high jack-starts.
As far as hidden registry keys instaled during the fake scans,all I know is a thorough
cleaning at Bleeping-Computer did not turn anything up.
The big myth is that these things only grab you on pornsites.

[DavidR]

If you press and Hold the power off button for at least 5 seconds, that does attempt to closs down a little more tidily.

I have had to do that on a number of occasions on my old system when it had effectively locked up without any really harmful issues, yes on occasion it asked to do a chkdsk (that system was formatted to FAT32 more prone to file system errors, etc.), but again no lasting issues.

There are times when there are no other options than the power button, if you have to go down that rut press and hold for at least 5 seconds you will see that it is shutting down.

Firefox with NoScript will avoid javascript unless and untill you explicitly give permission for scripts to be run.

If you are using XP then I would also suggest running all web facing applications, browsers, email clients, etc. under DropMyRights or run your system on a limited user account as this limits the potential damage e.g. writing to system folders and creating registry entries outside user areas.

On Vista you have UAC and you are also running as a standard user without administrator rights until you elevate the level with the administrator password, etc. I don't use Vista so I don't know if DMR runs, is needed or works under Vista.

[Rick F]

If you are using XP then I would also suggest running all web facing applications, browsers, email clients, etc. under DropMyRights or run your system on a limited user account as this limits the potential damage e.g. writing to system folders and creating registry entries outside user areas.

I use 'DropMyRights' and maybe that's why I didn't get the infection. Not sure but I know it helps. I created a 'DropMyRights' for IE and OE and those icons are the ones I have on my quick launch toolbar. You just have to remember when installing Window's security fixes, to use your regular browser.