AntiVirus 2008?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View


I searched the messages here, but did not see an answer to this item.
I had AntiVirus 2008 come up twice saying there were viruses on my
system and offering to install software to remove them.  I declined
each time.

Question, how does this item get to your machine to popup this
message?  Does it install anything on your system at this point?

I have AVG Free v8 running, but apparently it is not catching it prior
to the popup.

Is there anything else I need to do to be completely safe from this
item, except to decline the install?

Thanks for any tips/suggestions/

Charliec
******************************************************
Charliec

Re: AntiVirus 2008?



Use my Remove-it software, it will remove that malware from your system.
Download it here http://pcbutts1.com/downloads/tools/tools.htm And use Avast
antivirus it detects it before it installs.


--
Cyberstalking is a crime. If you had one as bad as I did simply ignoring
them is not an option.




Quoted text here. Click to load it


Re: AntiVirus 2008?



The Real Truth MVP  *(Yeah, Sure! LOL!)* wrote:

Quoted text here. Click to load it

Oh, Gawd! Is it still around? Guess I need to block it's newer Addy too.

PLONKY!

Re: AntiVirus 2008?



On Sun, 07 Sep 2008 10:46:15 -0700, Charliec

Quoted text here. Click to load it


Your PC is already infected with malware!

Download, install, update and scan with:

- SuperAntiSpyware Free
http://www.superantispyware.com/download.html

- Malwarebytes' Anti-Malware
http://www.malwarebytes.org/mbam.php
(free for personal use)

Please read an explanation of Antivirus XP:
http://www.2-viruses.com/remove-antivirus-xp

--
Fred W. (NL)

Re: AntiVirus 2008?



Quoted text here. Click to load it

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Was the Antivirus 2008 just some pop-up window, IE you do NOT have it
installed, correct?

I would go with a hosts file and a pop-up blocker to help stop the
phony antivirus, etc pop-ups.

You should also scan (in safe mode) with adaware and spybot to clean
up anything that may not be wanted on the system.

Re: AntiVirus 2008?




Quoted text here. Click to load it

Thanks all for you answers.  I have Spybot, Spy Sweeper and Adaware
and run them periodically (non are running real time - I just do the
scans about once a week - but have not run them since the popup).

Why do you run them in safe mode - is there an advantage to that - I
have always run them in regular mode - but will give safe mode a try.

******************************************************
Charliec

Re: AntiVirus 2008?



On Sun, 07 Sep 2008 12:11:12 -0700 Charliec wrote:

Quoted text here. Click to load it
Safe Mode loads only the very basic programs on Windows start up.  

A better option imo is to use a boot-time scan which runs before any Windows
programs are loaded.  I don't know if AVG offers this option; I use Avast,
which does.
--
Ernie B.

Communication:  The art of moving an idea from one mind to another, hopefully
without distortion.

Re: AntiVirus 2008?




Quoted text here. Click to load it

Does Avast catch the Antivirus 2008 malware?
******************************************************
Charliec

Re: AntiVirus 2008?



Yes it does.

--
Cyberstalking is a crime. If you had one as bad as I did simply ignoring
them is not an option.




Quoted text here. Click to load it


Re: AntiVirus 2008?




Quoted text here. Click to load it

Really? I havent come across any antivirus that can catch AV2008
installations, or, once infected carry out the necessary complete
immunisation.

Gaz



Re: AntiVirus 2008?



Yes it does, I test it all the time when doing my Remove-it updates. AVG
does not and MBAM and SAS paid version with real-time protection does not
even catch it. MBAM will clean it but it does not repair the damage done
after cleaning like fixing the desktop tabs etc.... Remove-it fixes all
that. MBAM real-time protection is also a resources hog on Vista which
causes delays when opening or right clicking files. I do not recommend it
for the paid version.

--
Cyberstalking is a crime. If you had one as bad as I did simply ignoring
them is not an option.




Quoted text here. Click to load it


Re: AntiVirus 2008?




Quoted text here. Click to load it

That's not true. MBAM catchs and kills it, 100%; all known variants. And we
do reverse any policy key lockouts performed by most malware these days.

Remove-it is a stolen script, and it's not 100%.




--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Re: AntiVirus 2008?



You are a terrible researcher you don't even know you own product. That's
probably why it took you over a year to fix a false positive in Bughunter.
MBAM has problems and instead of lying about it try to find out why and have
it fixed, I gave enough details.


--
Cyberstalking is a crime. If you had one as bad as I did simply ignoring
them is not an option.




Quoted text here. Click to load it


Re: AntiVirus 2008?




Quoted text here. Click to load it

Your details are flat out wrong, and I'm certainly not lying about it.
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4 -
10804572.htm

We are number 3 on download.com for a reason. The program works.
I know what MBAM is capable of doing, Christopher, I write some of the
definitions it uses. Our definition system is very comprehensive and we
are able to do all kinds of nifty things with the database commands.

As far as the false positive is concerned, You were the first and only
person to report it, but you refused to provide the log files which you
knew contained the information required to remove it, As you didn't seem
to keen on assisting in it's removal, I wasn't too concerned with
removing it as you were the only user reporting on it at the time.

Eventually another user had the issue and was kind enough to follow the
provided instructions. Walla, false positive removed. It was a years time
between you whining and refusing to provide the necessary information to
fix it, and the only other person ever to contact me regarding the false
positive.'

You are the one lying when you claimed the memory resident version was
hard in a system in windows vista. We have had very little issues with
windows Vista as far as that goes. And what few issues we do have will be
cleaned up soon.

I do have a question. The resident protection module is only available to
registered users. Your employer nor yourself are on record as having
purchased it, so are you indeed pirating our software too?


--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Re: AntiVirus 2008?



You dumbass I told you I'm not who you think I am and I don't work for NASA.
Why the hell are you looking through purchase records trying to find me?
That's a violation and it's illegal. I am going to to report this violation
to the BBB. As far as MBAM goes and what I said about it all you or anyone
has to do is test it for themselves. All you have to do is right click on
any file and it takes 10+ seconds to bring up the menu. Turn off resident
protection and it opens immediately. You can also visit any of the many
Antivirus 2008 websites, start the download or just cancel it, your MBAM
does nothing to block it. Avast will and your MBAM does NOT fix the damage
done to the display properties and screen saver tabs caused by malware nor
does it fix a corrupted Winsock. Test it for yourself. My Remove-it does all
that and fixes everything in less then 5 minutes not hours like you scan
takes. Download it here http://pcbutts1.com/downloads/tools/tools.htm


--
Cyberstalking is a crime. If you had one as bad as I did simply ignoring
them is not an option.




Quoted text here. Click to load it


Re: AntiVirus 2008?




Quoted text here. Click to load it

I've spoken to you on the phone at your home and at your helpdesk. I
still have all of the contact information. I saved it in the event I'd
need to make a call or two again.

If MBAM's resident protection module is running, downloading and
installing Antivirus2008 will not be possible. I don't know why your even
trying to compare your stolen script to a real program. BugHunter 0wned
you, and MBAM well, it's years beyond you.

That damage you keep going on about isn't damage at all, it's a policy
key setting and we DO remove them.


--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Re: AntiVirus 2008?



Ok you dumbass I will spell it out for you. Go here
http://www.advancedprivacyguard.com/ and click on the download link, your
antivirus should detect it Avast does. For testing purposes disable your
antivirus and download the file. MBAM resident detection does not block it.
Click install. MBAM Resident protection does not block it. Run a scan using
MBAM it detects and removes it. Your boss Bruce said in an interview on
Besttechie a few weeks ago that everything MBAM detects during its scans are
also blocked when using the paid version with real-time protection. Now stop
trying to portray me as a liar and fix your product. Below is the log file
done just a few minutes ago.

Malwarebytes' Anti-Malware 1.27
Database version: 1131
Windows 6.0.6001 Service Pack 1

9/9/2008 10:31:41 AM
mbam-log-2008-09-09 (10-31-41).txt

Scan type: Quick Scan
Objects scanned: 47855
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 8

Memory Processes Infected:
C:\Users\pcbutts1\Desktop\FreeSetup.exe (Rogue.AdvancedPrivacyGuard) ->
Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\
(Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AdvancedPrivacyGuard
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AdvancedPrivacyGuard
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\advancedprivacyguard
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad:
("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\AdvancedPrivacyGuard (Rogue.AdvancedPrivacyGuard) ->
Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdvancedPrivacyGuard
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\pcbutts1\Desktop\FreeSetup.exe (Rogue.AdvancedPrivacyGuard) ->
Delete on reboot.
C:\Program Files\AdvancedPrivacyGuard\apg.exe
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\AdvancedPrivacyGuard\AdvancedPrivacyGuard.lnk
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\AdvancedPrivacyGuard\Uninstall AdvancedPrivacyGuard.lnk
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.
C:\Users\Administrator\Desktop\AdvancedPrivacyGuard.lnk
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\AdvancedPrivacyGuard.lnk (Rogue.AdvancedPrivacyGuard) -> Quarantined
and deleted successfully.
C:\Users\pcbutts1\Desktop\AdvancedPrivacyGuard.lnk
(Rogue.AdvancedPrivacyGuard) -> Quarantined and deleted successfully.
C:\Users\pcbutts1\AppData\Roaming\Microsoft\Internet Explorer\Quick
Launch\AdvancedPrivacyGuard.lnk (Rogue.AdvancedPrivacyGuard) -> Quarantined
and deleted successfully.


--
Cyberstalking is a crime. If you had one as bad as I did simply ignoring
them is not an option.




Quoted text here. Click to load it


Re: AntiVirus 2008?




Quoted text here. Click to load it

According to the log you posted, we do get it, and clean it up...

Now, to clear something up. MBAM isn't going to catch a file still being
downloaded. we don't hook the same ways as AVAST does. Once the file is
downloaded, with resident protection enabled, it shouldn't be allowed to
execute.


--
Regards,
Dustin Cook,  Author of BugHunter
BugHunter - http://bughunter.it-mate.co.uk
MalwareBytes - http://www.malwarebytes.org
  


Re: AntiVirus 2008?



Then why did it let it execute.

--
Cyberstalking is a crime. If you had one as bad as I did simply ignoring
them is not an option.




Quoted text here. Click to load it


Re: AntiVirus 2008?



Quoted text here. Click to load it

| I've spoken to you on the phone at your home and at your helpdesk. I
| still have all of the contact information. I saved it in the event I'd
| need to make a call or two again.

| If MBAM's resident protection module is running, downloading and
| installing Antivirus2008 will not be possible. I don't know why your even
| trying to compare your stolen script to a real program. BugHunter 0wned
| you, and MBAM well, it's years beyond you.

| That damage you keep going on about isn't damage at all, it's a policy
| key setting and we DO remove them.


"He's" right.  He doesn't WORK for NASA, "he" works for Lockheed Martin IT and
is
contracted to NASA at JPL.

Some full header pots by Butts from Lockheed and NASA

-------------------------------------------------------------------

Subject: Re: Moderator of this forum
Date: Tue, 8 Nov 2005 07:01:04 -0800
Lines: 28
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
X-RFC2646: Format=Flowed; Original
Newsgroups: microsoft.public.windowsxp.general
NNTP-Posting-Host: macosxpcb.jpl.nasa.gov 128.149.220.108
Path: TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
Xref: TK2MSFTNGP08.phx.gbl microsoft.public.windowsxp.general:1410810

Another excuse. Now you blame it on a typo.



----------------------------------------------------------------

Subject: Re: WinFixer 2005
Date: Wed, 23 Nov 2005 06:58:39 -0800
Lines: 62
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
X-RFC2646: Format=Flowed; Original
Newsgroups: microsoft.public.security.virus
NNTP-Posting-Host: macosxpcb.jpl.nasa.gov 128.149.220.108
Path: TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
Xref: TK2MSFTNGP08.phx.gbl microsoft.public.security.virus:71022

You ever notice how much smoother these newsgroups operate when the stalkers
and trolls like you don't know what name I post under. BTW your winfixer
tool is crap, it takes way too long, it's too intrusive, it crashes if you
try to cancel or close it, and it deletes files not associated with
Winfixer. It's CRAP!


----------------------------------------------------------------

Subject: Re: PCBUTTS1 alert !
Date: Wed, 23 Nov 2005 07:15:29 -0800
Lines: 39
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
X-RFC2646: Format=Flowed; Original
Newsgroups: microsoft.public.windowsxp.help_and_support
NNTP-Posting-Host: macosxpcb.jpl.nasa.gov 128.149.220.108
Path: TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl
Xref: TK2MSFTNGP08.phx.gbl microsoft.public.windowsxp.help_and_support:613256

You ever notice how much smoother these newsgroups operate when the stalkers
and trolls like you don't know what name I post under. BTW your winfixer
tool is crap, it takes way too long, it's too intrusive, it crashes if you
try to cancel or close it, and it deletes files not associated with
Winfixer. It's CRAP!


------------------------------------------------------------------------

Subject: Re: WinFixer 2005
Date: Wed, 23 Nov 2005 08:41:47 -0800
Lines: 37
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
X-RFC2646: Format=Flowed; Original
Newsgroups: microsoft.public.security.virus
NNTP-Posting-Host: macosxpcb.jpl.nasa.gov 128.149.220.108
Path: TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
Xref: TK2MSFTNGP08.phx.gbl microsoft.public.security.virus:71026

Send me an email at fiveXcornersXme@yahXoo.com and I will send you a fix
tool that will remove that pest. Remove the XXX to make the email valid. Oh
BTW ignore the response you will get from Leythos he is a sick obsessed
stalker who cannot fix your problem. He would rather have you suffer with
this issue then to receive help from me.


-------------------------------------------------------------------

Subject: Re: WinFixer 2005
Date: Wed, 23 Nov 2005 10:54:01 -0800
Lines: 80
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
X-RFC2646: Format=Flowed; Original
Newsgroups: microsoft.public.security.virus
NNTP-Posting-Host: macosxpcb.jpl.nasa.gov 128.149.220.108
Path: TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
Xref: TK2MSFTNGP08.phx.gbl microsoft.public.security.virus:71029

Anonymous to you maybe but everyone else knows who I am. They may not like
me and they come in here and spread lies about but I don't care. The 20 or
so people who I've sent the files to don't care either because there system
is now working.



----------------------------------------------------------------------


Subject: Re: WinFixer 2005
Date: Wed, 23 Nov 2005 12:32:18 -0800
Lines: 35
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
X-RFC2646: Format=Flowed; Original
Newsgroups: microsoft.public.security.virus
NNTP-Posting-Host: macosxpcb.jpl.nasa.gov 128.149.220.108
Path: TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
Xref: TK2MSFTNGP08.phx.gbl microsoft.public.security.virus:71032

It's called "Perks" some of us have it like that.


-----------------------------------------------------------------------------

Subject: Re: WinFixer 2005
Date: Wed, 23 Nov 2005 13:57:06 -0800
Lines: 31
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2900.2670
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
X-RFC2646: Format=Flowed; Original
Newsgroups: microsoft.public.security.virus
NNTP-Posting-Host: macosxpcb.jpl.nasa.gov 128.149.220.108
Path: TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
Xref: TK2MSFTNGP08.phx.gbl microsoft.public.security.virus:71036

You are making an As* out of yourself again David. You don't know what you
are talking about. Why don't you send an email to abuse@jpl.nasa.gov and see
how far it goes. I know max will and a few MVP's trying to strut their
stuff. Go ahead make another attempt at tying to shut me down, I dare you.


----------------------------------------------------------------------------------

Path:
nwrddc02.gnilink.net!cyclone2.gnilink.net!cyclone1.gnilink.net!gnilink.net!
news.glorb.com!postnews.google.com!u72g2000cwu.googlegroups.com!not-for-mail
From: pcbutts1@gmail.com
Newsgroups: alt.privacy.spyware
Subject: Re: HTJ Log analysis?
Date: 7 Jun 2006 14:18:05 -0700
Organization: http://groups.google.com
Lines: 23
NNTP-Posting-Host: 192.91.171.36
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Trace: posting.google.com 1149715091 18723 127.0.0.1 (7 Jun 2006
21:18:11 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Wed, 7 Jun 2006 21:18:11 +0000 (UTC)
User-Agent: G2/0.2
X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
SV1; .NET CLR 1.1.4322; InfoPath.1; .NET CLR 2.0.50727),gzip(gfe),gzip(gfe)
Complaints-To: groups-abuse@google.com
Injection-Info: u72g2000cwu.googlegroups.com; posting-host=192.91.171.36;
    posting-account=PU1q9Q0AAAALKzqYMrb_eulfbBVkgT4C
X-Received-Date: Wed, 07 Jun 2006 17:18:08 EDT (nwrddc02.gnilink.net)

Yea you wish it was don't you? I'm traveling at the moment, Going to
Ohio to track down my stalker Leythos. My account is fine sorry to
disappoint you.






--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline