• Welcome! The TrekBBS is the number one place to chat about Star Trek with like-minded fans.
    If you are not already a member then please register an account and join in the discussion!

Spyware's getting worse!

Aldo

Aldo

Admiral
Admiral
Last night I was surfing the web, when all of a sudden a (alleged) antivirus program did a scan of my computer. It said that I had over 3000 viruses on my computer. At first I panicked and I clicked on the button that would clean it up. Well it said I had to pay for the full version. This set off a warning bell.

So I did a little research (turns out the thing is called XPAntivirus), and came up with http://news.softpedia.com/news/XP-Antivirus-Still-Available-81845.shtmlhttp://forums.cnet.com/5208-6122_102-0.html?forumID=44&threadID=288404&messageID=2732973

Anyways, it turns out this program installs itself on your computer and is almost impossible to remove (add/remove doesnt work, you can't uninstall it), basically it's a scam to get you to pay 60 bucks for the full version...and who knows if that even does anything!

I have no idea how this got on my computer, but I urge all fellowe TrekBBsers to take caution when surfing, spyware is getting worse, and harder to avoid.

FYI: Yeah, we finally got it off the computer, but it was pretty difficult task.
 
:lol: What great timing. Just today someone in our office managed to infect the network with a virus (that installed XP Antivirus no less) by opening up an email that told them $400 had been charged to their credit card for airline tickets and opening the zip file attached. *sigh* This caused an absolute nightmare for me. Managed to nip it at the bud, it only ended up spreading to four computers but nonetheless, sucked. We were shocked it got through our firewall and filters, actually. This was a rare event.

Actually XP Antivirus isn't even all that bad. A chore to remove, yes, but not all that bad. I've seen much, much worse. I've seen blood.
 
I'm curious, what happens if you do pay for XP Antivirus? I'm sure no one here is dumb enough to pay for it, but I'm just curious.
 
Aldo said:
I'm curious, what happens if you do pay for XP Antivirus? I'm sure no one here is dumb enough to pay for it, but I'm just curious.
Click to expand...

Basically you pay off and give your CC info off to god-knows-who in Russia for them to do whatever they'd like with it.

Brikar99 said:
Messianni said:
Actually XP Antivirus isn't even all that bad. A chore to remove, yes, but not all that bad. I've seen much, much worse. I've seen blood.
Click to expand...

I play for blood.
Click to expand...

Thunderdome it is.
 
Messianni said:
:lol: What great timing. Just today someone in our office managed to infect the network with a virus (that installed XP Antivirus no less) by opening up an email that told them $400 had been charged to their credit card for airline tickets and opening the zip file attached. *sigh* This caused an absolute nightmare for me. Managed to nip it at the bud, it only ended up spreading to four computers but nonetheless, sucked. We were shocked it got through our firewall and filters, actually. This was a rare event.

Actually XP Antivirus isn't even all that bad. A chore to remove, yes, but not all that bad. I've seen much, much worse. I've seen blood.
Click to expand...

Somebody here did exactly the same thing yesterday with XPAntivirus2008. Worse still it installed a new desktop background with a big picture saying he had lots of viruses and a screensaver that mimicked the computer crashing and restarting with a blue screen! It also rewrote the registry to remove the desktop and screensaver tabs in display properties so you couldn't remove them.

Getting rid of the program and associated crapola was easy enough, but finding out which registry keys it had altered to restore the tabs took a lot longer.

Frankly i'm just shocked that not only did it get past the firewall, but that people still click on the damn things.
 
Pingfah said:
Messianni said:
:lol: What great timing. Just today someone in our office managed to infect the network with a virus (that installed XP Antivirus no less) by opening up an email that told them $400 had been charged to their credit card for airline tickets and opening the zip file attached. *sigh* This caused an absolute nightmare for me. Managed to nip it at the bud, it only ended up spreading to four computers but nonetheless, sucked. We were shocked it got through our firewall and filters, actually. This was a rare event.

Actually XP Antivirus isn't even all that bad. A chore to remove, yes, but not all that bad. I've seen much, much worse. I've seen blood.
Click to expand...

Somebody here did exactly the same thing yesterday with XPAntivirus2008. Worse still it installed a new desktop background with a big picture saying he had lots of viruses and a screensaver that mimicked the computer crashing and restarting with a blue screen! It also rewrote the registry to remove the desktop and screensaver tabs in display properties so you couldn't remove them.

Getting rid of the program and associated crapola was easy enough, but finding out which registry keys it had altered to restore the tabs took a lot longer.

Frankly i'm just shocked that not only did it get past the firewall, but that people still click on the damn things.
Click to expand...

That is exactly what happened to ours yesterday too! Uncanny. Yeah those reg keys were a bitch.
 
is this "XP antivirus" an actual Microsoft product or just a scam claiming to pass off as one? The only anti-virus I ever used is Norton, Spybot & Lavasoft Adaware, b/c it was recommended here. Those free antivirus antispam checkers in banner ads always seemed suspect to me...
 
I got this little bastard too. Luckily whoever came up with it overegged the pudding - there was no way in hell I was ever going to believe I had 3000 viruses/spybots on my system. It's basically aimed at people who panic easily and don't have much computer knowledge. Having immediately disconnected from the internet in case it was trying to send my details elsewhere, I established that I couldn't get rid of it with my existing anti-viral/spyware programs - but was able to kill some of it's processes using Task Manager, which stopped the repeated popups telling me my machine was infected/at risk/about to explode/turn into a jellyfish. Then went back online and a few minutes Googling got me MalwareBytes anti-malware software, which cleaned it off easily. I'd recommend using that package should you be unfortunate enough to pick it up, since manually removing it involves a shitload of editing in your system registry which could really fuck up your PC if you get it wrong.
 
I wish I had seen this thread earlier. I got something that is either this malware or something remarkably similar. I tried everything I knew of to get rid of it, and I ended up reformatting my hard drive.
 
Scumware like this is a pain, but getting rid of it does keep me in chocolate biscuits at work :D There's only been one that I've not been able to manually shift with the help of Hijack This, my collection of malware removal utilities and the trusty Registry Editor and that was a Dell with a Winfixer infection that had screwed up the registry so badly it'd barely boot at all. Most though can be got shut of with a bit of patience and a spare hour or two ;) Main thing to remember (as an techie/sysadmin) is of course to never underestimate the stupidity of your users......

GM
 
My Dad's computer and a friend of mine both had gotten nabbed by that one. It was a bear to get rid of.

One of the things it did was set the company's web page as the desktop wallpaper which would reload the thing every time. It also disabled task manager and the ability to change your desktop settings.

Somebody should file a class action suit against the company as they are basically extroting people and falsely reporting virus.
 
Some of these stories sound pretty bad. The worst it did on my computer was change my wallpaper and change my homepage to AOL.com (have no idea why it did that). And of course the fact it kept telling me I had viruses.

As far as I can tell it didnt do anything else, though I am keeping an eye out.
 
If someone could invent a single program that was 100 percent reliable at detecting, removing, and preventing malware they'd be rich. As of now, one needs a fireware, virus scanner, and multiple anti-spyware applications just to be minimally protected.

Problem is, most of the current anti-malware programs are only 50-80% effective. Worst of all, they don't always completely remove the threats and the users have to be experts at manually editing the reg keys--which is very dangerous in itself.

Some of the really insipid spyware can bury itself so deep into a system that even a complete hard-drive wipe can't remove it.

To make matters worse, relying on definitions to catch malware is always leaving the user behind the bad guys. By the time definitions come out, you may already be infected.

It is an arms race, one that will never be won by the good guys. I think more effort should be made to catch hackers/ID thieves/malware writers/etc., and when they are convicted, throw the keys away.
 
Ugh, I managed to get the little bastard yesterday too. It never offered to sell me anything, just replaced my wallpaper with a virus warning. I thought it was a WinXP feature so I promptly sicced AVG and Spybot on it. Theres no sign of it now, but I'm still missing a couple of buttons on my Display settings window.
So is there a site anywhere that explains how to undo the damage to the Registry?
 
Last edited:
Agreed, nasty stuff.

I was infected by one from a porn site (I know, I know :rolleyes: ) and while it only took me a day to get rid of it, it was tough. Firewall, Kapersky, Pest Patrol, SpyBot, it was impervious to all of those. The only thing that worked was downloading Malwarebytes' Anti-Malware, a free program and well worth it. I can't tell you now the name of the malware but it was the same thing as people described here, an anti-virus program, or at least masking as one.

Yes, those folks should be sued out of existence!
 
You must log in or register to reply here.
If you are not already a member then please register an account and join in the discussion!

Sign up / Register


Back
Top