Author Topic: Serious Antispyware Soft rogue attack!!! (formerly: may have lost all faith...)  (Read 15045 times)

0 Members and 2 Guests are viewing this topic.

muddpuddle

  • Guest
It's bad enough I'm one of those people suffering from serious slow downs and 100% cpu usage issues since converting from the free Avast to the Pro edition.  Still trying to get that worked out.

But tonight Avast! just failed horribly on me.  In the midst of stumbling I was attacked by Antispyware Soft which has not only taken over my computer (can't even hit ctrl+alt+delete because the scam spyware says it's infected) but the scam has imbedded itself within the Avast! gui.  Half the summary screen contains BS from Antispyware Soft with links to purchase and such.

WOW!  Serious failure.  Now how the hell do I get rid of it?!  I ran the Avast scan but it finished far to quickly and reported no incidents!  

 :-\

Need some help Avast!
« Last Edit: May 15, 2010, 06:46:22 PM by muddpuddle »

Gargamel360

  • Guest
Re: I may have lost all faith in avast! this evening...
« Reply #1 on: May 15, 2010, 07:05:57 AM »
Most of the good help is out this time of night, as most are European.  http://forum.avast.com/index.php?topic=53253.0   Try this link to get started, then maybe re-post in the virus/worms thread.

zfactor

  • Guest
Re: I may have lost all faith in avast! this evening...
« Reply #2 on: May 15, 2010, 07:12:40 AM »
sounds like a rouge and to be honest ALL AV'S NO MATTER WHICH ONES all miss rouges at times i am a repair tech and fix many systems will every different av installed where people get rouges.

Saty

  • Guest
Re: I may have lost all faith in avast! this evening...
« Reply #3 on: May 15, 2010, 07:51:31 AM »
I believe antispyware soft is of the same family as antivirus soft.

here's a link, it should help. Ive delt with antivirus soft a month or so ago, it can be stubborn.

http://www.bleepingcomputer.com/virus-removal/remove-antivirus-soft


you can also do a forum search for the topic antivirus soft, Im sure  there's some threads about it.

good luck

Sat

SafeSurf

  • Guest
Re: I may have lost all faith in avast! this evening...
« Reply #4 on: May 15, 2010, 11:53:15 AM »
muddpuddle, I think the above information the posters have given you looks helpful for your situation. 

Were you able to remove the malware with the removal tools given to you in the previous posts? 

I would also re-run another scan of MBAM (Malwarebytes' Anti-Malware) as well as a Full System scan of Avast to make sure you are clean.  Please post your results in the Virus section of the forum (copy and paste the url of this thread into your new thread in the Virus section).  Thank you.

Hermite15

  • Guest
Re: I may have lost all faith in avast! this evening...
« Reply #5 on: May 15, 2010, 01:19:15 PM »
It's bad enough I'm one of those people suffering from serious slow downs and 100% cpu usage issues since converting from the free Avast to the Pro edition.  Still trying to get that worked out.

But tonight Avast! just failed horribly on me.  In the midst of stumbling I was attacked by Antispyware Soft which has not only taken over my computer (can't even hit ctrl+alt+delete because the scam spyware says it's infected) but the scam has imbedded itself within the Avast! gui.  Half the summary screen contains BS from Antispyware Soft with links to purchase and such.

WOW!  Serious failure.  Now how the hell do I get rid of it?!  I ran the Avast scan but it finished far to quickly and reported no incidents!  

 :-\

Need some help Avast!

how did you get the rogue in the first place, before blaming Avast? ::) answer this question please ;D >>> first failure is when you visit a malicious site and click on a malicious download link  :) what were you looking for ?

can you post a link to the rogue download? (in hxxp, not http), and also, yeah, can you post a screen shot of the "infected avast GUI" ???  ;D
« Last Edit: May 15, 2010, 01:45:30 PM by Logos »

JoeBlack40

  • Guest
Re: I may have lost all faith in avast! this evening...
« Reply #6 on: May 15, 2010, 01:45:34 PM »
Maybe it was a drive by?  ??? A good HIPS software is your answer.You're mistaken if you think that another AV could protect you.

Jon_T

  • Guest
Re: I may have lost all faith in avast! this evening...
« Reply #7 on: May 15, 2010, 05:16:33 PM »
....You're mistaken if you think that another AV could protect you.

Yep ... below a post from an Avira user who was infected by Antivirus Software:
http://www.dslreports.com/forum/r24241798-Does-anyone-recognize-this

No single malware product can protect one from all the nasties out there. Hence the best defense is using "layered" protection, be knowledgeable of the risks of using the internet (visit security forums), sandbox browser, and if using Win XP use a Limited User Account.

Dch48

  • Guest
Re: I may have lost all faith in avast! this evening...
« Reply #8 on: May 15, 2010, 06:28:47 PM »
....You're mistaken if you think that another AV could protect you.

Yep ... below a post from an Avira user who was infected by Antivirus Software:
http://www.dslreports.com/forum/r24241798-Does-anyone-recognize-this

No single malware product can protect one from all the nasties out there. Hence the best defense is using "layered" protection, be knowledgeable of the risks of using the internet (visit security forums), sandbox browser, and if using Win XP use a Limited User Account.
Don't get too paranoid. Security forums are 95 % paranoia. I will not limit my account in XP and I will never use sandboxing. I also will not use any browser but IE. I've been on line 11 years now and have never been infected by anything or hacked by anyone. Just use a firewall, even the Windows ones will help (If you are able to stand the annoyances of a HIPS based firewall, use that. I personally have abandoned that as well), and a good AV program. If anything does manage to get by, the free version of Malwarebytes will be 99.9% capable of fixing things. I would also advise putting your computer behind a router and not connecting directly to a modem, even if you only have one computer in the house.

muddpuddle

  • Guest
Re: I may have lost all faith in avast! this evening...
« Reply #9 on: May 15, 2010, 06:45:00 PM »
How did this rogue infect my system?  No Idea.  I don't download random files for kicks ::), nor am I downloading illegal content if that is what you are implying Logos, no p2p file sharing, I do watch various videos online (youtube, etc.).  I do download the occasional game demo or full game (via Steam, D2D, Impulse,etc.)  So sorry, no link to the infected file.  As for screen shots, sorry, the supposed "anti-virus" wouldn't allow anything, anything on my system I tried to activate or run and I'd get a little ping sound and text bubble "this application has been blocked because it is infected".  The only thing it would allow is internet access via Firefox but then it wouldn't allow any downloads or anything else (needed a way for its new customers to purchase no doubt).

The first clue something was wrong, Avast! popped up a little message giving some odd file full network access.  I was online but was not running any new software.  So I clicked on the message and changed the setting to block but it was apparently too late.  The file which is still listed but blocked is Iburmpjtssd.exe
After that, all hell broke loose.

The Avast! summary screen had an entire extra section which included links to the Antirvus Soft/Antispyware Soft website for purchase and other information.  Makes me nervous as to whether Avast! is compromised even after the fix.  If you don't believe the summary screen had extra content, don't know what to tell you.  

So, reboot, F8 to restart in safe mode with networking.  Downloaded Malwarebytes Anti Malware, installed, and did the free scan.  It found several files related to the Antispyware Soft rogue and it found several other items.  Cleaned, rebooted, and everything including Avast! appears to be back to normal.

Thank you everyone who offered assistance, greatly appreciated.

Like I said, no idea how I got this.  My wife's system was attacked by what she thinks was the same rogue about 2 months ago before we upgraded to the Avast! suite.  Hence deciding on the full package, not just the free anti-virus.  She cleaned it using Malwarebyte's tools but then erased everything (incl. Malwarebyte's Anti Malware) and it was forgotten.

Another thought, I do recall last night reading that one way in which Antispyware Soft's rogue gets into your system is through PDF files which can take advantage of security leaks in older versions of Adobe Reader.  I recently uninstalled Reader as I've been using Nitro PDF for a couple years.  Didn't see the point in keeping Adobe on my system.  Wonder if this could be related?  Nitro was my default PDF tool anyway, so probably not.

Have not tried running anything in the sandbox - will consider it.

On the positive side, this is my first major attack ever.  I can't even count how long I've been online - years...  Have been using Avast! free for at least a couple years and every once in a while it will detect a virus before anything happens (before Avast! we were running either Norton or something else, can't remember, and had all kinds of trouble - software issues not attacks).  Spybot has been run every few weeks and cleaned up anything it has found. Guess I've been lucky.

Now if someone could just help me with the extreme slowdowns since going with the Avast! suite.  Will have to look into this some more...



Hermite15

  • Guest
okay, where did you download Avast Pro from: exact link please. Sounds like you're running a fake version

edit: you acquired your license from Avast right? (I don't suspect you of anything, just asking...)
« Last Edit: May 15, 2010, 07:27:08 PM by Logos »

muddpuddle

  • Guest
Acquired Avast! through an email link via Element5 (link has since expired).
Nearly two months of use, updates, etc. before this incident - it's the real thing.

Hermite15

  • Guest
Acquired Avast! through an email link via Element5 (link has since expired).
Nearly two months of use, updates, etc. before this incident - it's the real thing.

can't you at least take a pic with a digital camera and upload it here from another computer, so that at least we see something, like this modified Avast interface you're talking about?

muddpuddle

  • Guest
Problem is already solved - Antispyware Soft gone (I hope).  Getting a photo was really the last thing on my mind last night.  I was a little more concerned with simply getting rid of the problem.

Hermite15

  • Guest
Problem is already solved - Antispyware Soft gone (I hope).  Getting a photo was really the last thing on my mind last night.  I was a little more concerned with simply getting rid of the problem.

and how did you solve it if I may ask, you started this thread, so thanks for sharing ::)