# beware of MS antivirus! Its a TROJAN



## peter bunce (Dec 29, 2007)

Hi, 
A warning - IF your machine suddenly gets, low down on the screen, and icon saying 'ms anitivirus', AND the task bar (by the clock) suddenly gets a new mass of icons in it you have the above Trojan. 

No I haven't got it, but my brother did! And it is a 'so & so' (to say the least, to remove as some of the 10 files involved are locked and have to be unlocked first, and even then are reluctant when being removed. 

Have a look at Google on it, note that the last 2 words go together. 

In addition - 

Futhermore there is a fake message around purporting to be from Microsoft re upgrading Vista which (again by my brother) he has not got! 

Microsoft's reply is as follows - 

“It is a fake communication, not from us ( USA/Frankfurt, or any of our divisions )” 

Microsoft also said “they had reports of it in regard to users of WINXP” 

His antivirus said that the message contained a threat so it was deleted!


----------



## AppleYankee (Jan 3, 2008)

Great place to look for help on "malware" 
http://www.microsoft.com/security/malwareremove/default.mspx 
Jan


----------



## Guest (Sep 4, 2008)

What did he use to trash it? 
Toad


----------



## blueregal (Jan 3, 2008)

Get Webroot "Spywear" and "antivirus" have had several trojans detected with it and removed by it promptly! The Regal/DesktopModules/NTForums/themes/mls/emoticons/w00t.gif


----------



## Dwight Ennis (Jan 2, 2008)

This is similar to *Antivirus Gold 2008* (and *Antivirus Gold 2009*) which are also buggers to ge rid of. I've had to do that twice at work where I have everyone set to "Limited User." That did prevent it from getting into the Registry, but it insinuates itself into the Documents and Settings files for that user account. Though I did manage to (manually) get rid of it, I never did figure out how it sets itself up to run each time that user account is activated. 

These programs constantly pop up windows proclaiming bogus "infections" of the machine and trying to get you to buy their "antivirus product." These constant pop-ups render the machine essentially useless for any other activity.


----------



## ThinkerT (Jan 2, 2008)

I had to contend with something like this once. To get rid of it, I had to do a 'restore' on the computer, resetting it back several days (prior to the infection). Even so, it *still* would have been there; when I manually searched the computer for keywords in the files that pest used, I found it had somehow embedded two 'seed' programs. Fortunately I was able to kill those. Dang thing was constantly sending up popups, and actually tried to block the 'legit' anti-virus sites.


----------



## Bob Starr (Jan 2, 2008)

Recently got one called Antivirus XP 2008. Real pain in the a**. Replaced my desktop with a big warning sign saying I had a multitude of spywares. Replaced my screensaver with a fake Windows XP screen. I used a very effective free program called Malwarebytes. Took it right out. McAffee did not take it out, in fact the trojan would crash the computer.


----------



## Semper Vaporo (Jan 2, 2008)

It would be nice to know how you folk acquired these virii/Trojans: what web site did you visit, what program did you download, etc.??? If you would divulge this information, then the others of us would be forewarned to not do those things and be spared the angst of getting rid of them. 

Secondly, how did you know that the program you ran to cure the problem was not just another virus/Trojan that will do worse things than what it claims it is curing?


----------



## Bob Starr (Jan 2, 2008)

Posted By Semper Vaporo on 09/05/2008 10:11 AM
It would be nice to know how you folk acquired these virii/Trojans: what web site did you visit, what program did you download, etc.??? If you would divulge this information, then the others of us would be forewarned to not do those things and be spared the angst of getting rid of them. 
Secondly, how did you know that the program you ran to cure the problem was not just another virus/Trojan that will do worse things than what it claims it is curing? 




It's hard to say where I got it. I'd be the first to admit that I go to some places on the net that maybe I shouldn't. You can pay a price being an explorer. Secondly, I did some research before I put the malwarebytes program in my computer. Research is easy on the internet. I certainly did consider that I could be just trading programs for a cure. But I did find lots of reputable sites that recommended the program.


----------



## ThinkerT (Jan 2, 2008)

Recently got one called Antivirus XP 2008. Real pain in the a**. Replaced my desktop with a big warning sign saying I had a multitude of spywares. Replaced my screensaver with a fake Windows XP screen. I used a very effective free program called Malwarebytes. Took it right out. McAffee did not take it out, in fact the trojan would crash the computer. 

*THAT* is the one I had to deal with - or its first cousin. I was able to beat it with the calender `restore' deal, the inbuilt 'search' function and the 'delete' key. I had to use the restore deal because once on board, this thing attaches itself to the files you cannot normally modify or delete. 

I ran across it on a rather obscure science fiction review/fan site - at least I think that is what it was. The google bit looked like just another typical miniexcerpt from some novel or other - the sort of teaser deal that abounds on the web - but there was nothing there but this pain in the butt.


----------



## SteveC (Jan 2, 2008)

For what it's worth, one site that has always seemed to have a good reputation for providing reliable help is MajorGeeks.com


----------



## Dwight Ennis (Jan 2, 2008)

It would be nice to know how you folk acquired these virii/Trojans: what web site did you visit, what program did you download, etc.??? If you would divulge this information, then the others of us would be forewarned to not do those things and be spared the angst of getting rid of them.
I'm the IT Manager for the company I work for. Since these were on other employee's machines, I have no idea where they went or how they got it. 
Secondly, how did you know that the program you ran to cure the problem was not just another virus/Trojan that will do worse things than what it claims it is curing?
That's why I like to remove them manually.


----------



## Becky Francis (Jan 2, 2008)

I had the Antivirus XP 2008 hit me last week. My AVG apparently did not stop it. Don't know how it got there. AVG has been telling me I have multiple threats trying to access my computer and then there is that stupid little license agreement window that keeps popping up. I contacted Greg Elmassian and had me back everything to my external hard drive I was going to try to get the computer to him. In the meantime he gave me this site http://www.malwarebytes.org/mbam.php. I have yet to do it. I don't know enough about computers to manually remove the virus the way IT people like Greg and Dwight can do so I hope I can do it with the program. 

I went out and bought a new computer instead. My old laptop was 5 years old and had broken hinges. Always propping the thing up to use it. When I get the virus removed, and can maybe reformat it, I'll have a backup computer. 

I was also trying to copy some recipes from the old computer to a CD. It got all the way through to the finish. It said it was finished. I remove CD. Click finish and it locks the computer up. I then have nothing on the desktop, no icons, no start tray, no task tray, NOTHING. So the only way out of it was to press my power button, wait and repower. I did that 3 times. Funny thing now, is that the license agreement window isn't popping up anymore and there are no more AVG Trojan alerts popping up. I did do a couple of computer scans after that happened. 

Anyone have an explanation as to why that suddenly happened.? I do assume that the computer is still affected. I have not transferred the data from external to new computer yet. I want to pick up AVG Internet Security to install before I do that. Right now I'm using AVG Free. 

Becky


----------



## Dwight Ennis (Jan 2, 2008)

Anyone have an explanation as to why that suddenly happened.? 
Sometimes Windows will experience a catastrophic failure (the Registry gets corrupted or somesuch). When that happens, Windows will, upon the next boot-up, restore a known good earlier version of system files (essentially doing a System Restore). In such cases, you'll generally see a message alluding to that process having just taken place. 

If that's what happened here, it sounds like the earlier version used for the restoration was one from before the system was infected.


----------



## KYYADA (Mar 24, 2008)

I hate to get loads of the "check this out" little e-mails from family and friends, you know the ones with all the attachments and jokes. I always just trash them. I tell my wife at work never to check them always just delete. Lots of bad things are e-mailed.


----------



## Becky Francis (Jan 2, 2008)

So, Dwight, is it still infected? Do I have corrupted files. When I run a scan it it finds cookies. Greg said this was the worst virus they had seen yet. Is the old computer still in trouble? 

Becky


----------



## Dwight Ennis (Jan 2, 2008)

Becky - the Antivirus XP 2008 is a variant of the Antivirus Gold that I mentioned earlier. I don't know that I'd call it the worst in terms of a virus... it doesn't steal your identity or destroy data... but it's certainly one of the most insidious, and renders the machine practically useless until eradicated. I'd say if your old machine is no longer popping up those dire warning windows and is functioning normally, you're probably okay. 

Since you've already bought a new machine, if I were you, I'd copy off the files you want from the old machine to the new, either via a home network if you have one or using a USB memory key. You should be safe doing so since Antivirus XP doesn't infect other files or the like. Once you're sure everything you want is off of it, you can reformat it as you mentioned. You might even be able to get the hinge fixed


----------



## Becky Francis (Jan 2, 2008)

I have some memory sticks. I could use those. Don't know how much they will hold but can do a little at a time. I did run a scan using AVG on the old computer after all of this happened. It also ran it's regular scheduled scan. Now, I could uninstall AVG and then re-install it. Using my new computer with AVG 8.0 I ran selected scans of certain documents and all of my pictures. They all came back with no infections. If I do put them on the memory sticks, and then go to my new computer and insert and run another scan of what is on the stick, I should be OK, right? I DO NOT WANT TO PUT THAT VIRUS ON THIS NEW COMPUTER!!! 

The only thing I noticed that cause me to reboot 3 times was the CD drive. Otherwise, everything seems to be OK, because I'm not getting the pop-ups or the warnings any longer. I was getting a lot of Trojans, but nothing is showing up now. Would it have affected the CD drive? Or after 5 years has it bit the dust? I haven't tried it since. When copying it says it is finished. I remove the CD and click finish. It then says the disk was not completed, even though it said it was finished and the drawer had popped open. When I starting closing the open windows that is when everything just disappeared from the desktop. Everything! The only way to get anything back was to re-boot by turning off power. 

Should I run that free malwarebytes or not? 

Becky


----------



## Bob Starr (Jan 2, 2008)

Hi Becky! 
Malwarbytes is the program that I used in my computer to get rid of the virus and it worked. I have run other spyware to see if it is a threat and it appears not to be. 
Before I did anything, tho. I went to the msconfig files and did a selective start up so that I would not have their annoying windows popup. There are two files that you have to uncheck. This program replaces your desktop with a warning page and your screensaver with a phony Windows blue screen. I have had no problems since I used the malwarebytes program.


----------



## Dwight Ennis (Jan 2, 2008)

Becky - My experience with Antivirus XP was that it didn't infect other files. This was confirmed by doing a Google search on it. A few of the resulting pages listed the files that are associated with the virus. No mention was made of it infecting other files. You can run the malware scan if you wish. Not sure running multiple scans of AVG is worth the time. If it doesn't find anything the first time, it's unlikely it will find anything on subsequent runs - unless the computer has been on the Internet and picked up something new. 

At any rate, you should be safe copying known files with known filenames to the new machine.


----------



## Becky Francis (Jan 2, 2008)

Thanks Dwight! That was what I was hoping to hear. I need to pick up a couple more USB portable drives. Circuit City has a 3-pk, 2GB each for $33.00. That should be more than enough. They come in red/white/blue so I color code files/pictures, etc. 

Becky


----------



## Dwight Ennis (Jan 2, 2008)

You're more than welcome Becky. Glad I could help.


----------

