Results 1 to 10 of 10
  1. #1
    Star Lounger
    Join Date
    May 2009
    Posts
    84
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I'm sure some of you have been hit with fake antivirus attacks that seize control of your computers. Last year it was AntiVirus 2009. This week I have had a couple attacks from IS2010 (Internet Security 2010). It locked the registry and task manager. The first attack lasted a couple days until I ran Loaris Trojan Remover. Because it was a demo copy, I had to remove the identified files manually, but it did unlock the registry and task manager. The registry was key to deleting the brains of the scareware.

    Question: How do I prevent future attacks at the point of entry? The usual message boxes display and the IS2010 icon appears in the system tray. By that time, it's too late. The registry is locked. Malwarebytes did a full scan that lasted 9 hours! And, it didn't find anything. Only Loaris was able to get me back into the registry to delete the IS2010 folder.

    Any ideas for foiling attacks at the precise second they start? Is there anything I can add to the registry or elsewhere to specifically block IS2010? IS2010 also caused my computer to shut down in 60 seconds every time I tried running some other security programs.

    Thanks,
    Charlie
    charlie6067

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    Which legit security software are you using at the moment? I use Norton AntiVirus and I've never been infected with any of these rogue security programs. I once got a message that Windows AntiVirus 2009 (or similar) found a large number of infections. I killed my browser then restarted Windows and nothing had been installed...

  3. #3
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts
    To avoid being infected in future I would advise:

    • Installing one of the well respected anti-virus software products
    • Keep your virus signatures up to date
    • Learn to recognise REAL alerts from your anti-virus software
    • NEVER click OK or similar buttons on alerts that appear to come from any anti-virus software that you have not intentionally installed

  4. #4
    Star Lounger
    Join Date
    May 2009
    Posts
    84
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Hans and Stuart - thank you for your replies. I use McAfee and will follow your suggestions.

    Thank you and have a great New Year!

    Charlie
    charlie6067

  5. #5
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    Two additional thoughts:

    (1) Beware of unpatched software vulnerabilities, as they can allow "drive-by" and other surreptitious installs. The Secunia scanners can give you an afternoon's work cleaning up vulnerable software, but hopefully you can find time.

    Home Users: Secunia PSI (free)

    Office Users: Secunia OSI (limited online scan) (free) or check the corporate product option

    (2) Consider a URL blocking toolbar. Your McAfee product may have one, but if not, or if you want to try another one, check out Trend Micro's. More info: [topic=769273]Web Threat Benchmark Testing[/topic].

  6. #6
    New Lounger
    Join Date
    Jan 2010
    Location
    Charleston, SC, USA
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I am now suffering with the dreaded IS2010 on my computer. Not sure yet whether I will be able to save my system or if a complete reformat will be necessary. What concerns me the most right now is that I was running a Windows XP firewall and virus protection AND McAfee Firewall and Anti-virus and I have RegCure installed to monitor my registry when I got hit. What could I have done to prevent this from happening? It has really messed up my machine.

    A tech friend is looking at it right now to determine the extent of the damage, but I will be happy to hear from anyone with any suggestions or answers.

  7. #7
    New Lounger
    Join Date
    Jan 2010
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by fstcook View Post
    I am now suffering with the dreaded IS2010 on my computer. Not sure yet whether I will be able to save my system or if a complete reformat will be necessary. What concerns me the most right now is that I was running a Windows XP firewall and virus protection AND McAfee Firewall and Anti-virus and I have RegCure installed to monitor my registry when I got hit. What could I have done to prevent this from happening? It has really messed up my machine.

    A tech friend is looking at it right now to determine the extent of the damage, but I will be happy to hear from anyone with any suggestions or answers.
    It's been a couple of months since I had to deal with IS2010, but I ended up having to use a number of programs to tear it out - unfortunately the only ones I can remember using at this point are MalwareBytes (spelling?) & Dr Web Cure It.

    Also, once I was pretty sure I had everything gone, I found I could not get any of my browsers to connect to the internet so I had to use LSP Fix to correct the issue. I think there was also an issue with being locked out of the registry but I found a program that allowed me to overcome that issue, but I can't remember what it was called.

    All it all I think it took 6-8 hours to get everything back to square one.

    As I'm new here, only have a moment to respond and not really sure if I can link to to these programs I'm leaving it up to you to track them down.

    If I figure out/remember what other programs were used I'll come back and post. Good luck!

  8. #8
    2 Star Lounger
    Join Date
    Dec 2009
    Location
    Calif
    Posts
    182
    Thanks
    0
    Thanked 14 Times in 13 Posts
    Hi All :

    When it comes to finding the best "Removal Instructions" for One of the many "Rogue" programs that keep appearing on the Net, I usually start by checking the Bleepingcomputer Site . The One for Internet Security 2010 is at
    http://www.bleepingcomputer.com/viru...-security-2010 . The ONLY potential problem is that the
    "Guide" starts with a Recommendation to use their "rkill" program, which recently has been ineffective, so I recommend using the Alternative FREE "exeHelper" program,
    available at http://www.raktor.net//exeHelper/exeHelper.com (direct link).
    Double-click on exeHelper.com to run the fix. A black window should pop up, press any key to close once the fix is completed.

    As far as increasing One's Chances of PREVENTING a "Rogue" from getting on a computer, I recommend you BUY
    Malwarebytes Anti-Malware PRO version, available at http://www.malwarebytes.org/mbam.php .
    For the BEST in what counts in Life :

    http://www.ctftoronto.com

  9. #9
    New Lounger
    Join Date
    Jan 2010
    Location
    Centennial, Colorado, USA
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I see variants of rouge security products all the time - in fact, the bench at work is usually full of our client's machines that all have similar but not quite identical infections. My favorite ways of dealing with infections such as these are to boot to safe mode, go see what suspicious files are in the Windows, system32, and Program Files, move anything suspicious to a different directory so they are disabled, then fix some of the various registry problems (group policies, Run entries), reset IE and ensure any proxy settings are removed, then run a good HijackThis and clean out suspicious entries there. After that I'll boot into normal mode and run Webroot Spy Sweeper and MBAM. This will usually clear all signs of infection.

  10. #10
    New Lounger
    Join Date
    Jan 2010
    Location
    san diego, ca
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I've been successful many time fixing friends computers that have been infected with Anti-virus 2009, by using system restore to go back to a point before they were infected, both with XP and Vista.

    Found this out when I tried it as a last resort after using Norton, McAfee, Malbytes and Spybot, which all failed. And, you don't have to clean up the registry!!!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •