My friend got hit by antispy2011setup.exe

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Looks like a new virus. How could I remove it?

--
  @~@   Might, Courage, Vision, SINCERITY.
 / v \  Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (x86_64 Ubuntu 9.10)  Linux 2.6.38.2
  ^ ^   01:20:01 up 4 days 2:49 0 users load average: 1.08 1.16 1.21
不借貸! 不詐騙! 不援交! 不打交! 不打劫! 不自殺! 請考慮綜援 (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

Re: My friend got hit by antispy2011setup.exe

Man-wai Chang wrote:
Quoted text here. Click to load it

http://www.superantispyware.com/malwarefiles/ANTISPY2011SETUP.EXE.html

--
 JD..

Re: My friend got hit by antispy2011setup.exe


Quoted text here. Click to load it

It is not a virus.  It is a con-job in the form of a trojan.

You can use SuperAntiSpyware as suggested or Malwarebytes Anti Malware.


--
Dave
Multi-AV Scanning Tool - http://www.pctipp.ch/downloads/dl/35905.asp



Re: My friend got hit by antispy2011setup.exe [solved]


System Restore helped.

--
   @~@   Might, Courage, Vision, SINCERITY.
  / v \  Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (x86_64 Ubuntu 9.10)  Linux 2.6.38.2
   ^ ^   14:44:01 up 5 days 16:13 0 users load average: 1.33 1.18 1.15
銝鞎! 銝閰擉! 銝港漱! 銝鈭! 銝! 銝芣捏!
隢桃 (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

Re: My friend got hit by antispy2011setup.exe [solved]

On 4/7/2011 11:45 PM, Man-wai Chang wrote:
Quoted text here. Click to load it

When nothing else works and you don't have access to another computer,
that's the only time *I* use System Restore.

If it worked,you still have a 'Friend With a Problem'. You *NEED* to get
said friend set up with some decent security skills and software.



Do whatever you can to download either MBAM or SAS, but *don't* install
whichever you choose while the pooter is still running in "full windows
mode", then reboot into SAFE mode and install it and run it in SAFE mode.

(Both MBAM and SAS are good, I'm just more versed with MBAM)

I just went thru that on a "LD phone call from an old friend" thingie.
(warning; friend is not exactly friendly/skilled with pooter use)

His was the "MS Removal Tool" fakeware. I don't know what variant of
this crap/scare/fakeware or dropper was used, but it did all of the nasties:
1) blocked access to his installed "security software"(PCcillin)
2) blocked access to any reasonably well-known 'security' site to
    download any goodies.
3) wouldn't allow any remote access app to work.

Some of the above might be in error, as this was all done by phone and
all of it was thru the eye>brain>mouth>phone>ear>brain interface. (I
still have to slap him up longside the haid about reading dialog boxes
back to me..)

So I emailed MBAM and some other files and docs (with files renamed).

Long string of the usual snags, dead CDR drive in his (uninfested)
worklaptop, his lack of skills.... 4 hours later.

"We" finally got MBAM set up and running in SAFE Mode.

Friend is buying MBAM full/paid tomorrow... it worked well!
(FWIW, paid-for MBAM runs in the background, worth it!)

The immediate problem (AS2011) is gone, but tomorrow is gonna be another
wringer session, setting up remote access and a bunch of cleanup on his
pooter

--
The black flies were coming.
(Alastair Mayer in "Small Penalties")

Re: My friend got hit by antispy2011setup.exe [solved]

Nobody > (Revisited) wrote:
Quoted text here. Click to load it
Due to the way MBAM works, it is suggested by those in the know that it
be run in normal mode. That doesn't mean a 'safe mode' run isn't a good
idea though, run it again in normal mode afterward.

Do you know how it implements its 'background' protection?

Re: My friend got hit by antispy2011setup.exe [solved]

 > When nothing else works and you don't have access to another computer,
 > that's the only time *I* use System Restore.

My friend tried another Restore Point but it didn't work. I suggested an
earlier point and it worked.

MS Removal Tool failed to find anything.

 > If it worked,you still have a 'Friend With a Problem'. You *NEED* to get
 > said friend set up with some decent security skills and software.

My friend was using MSE. My friend also sweared that no
antispy2011setup.exe was downloaded.

 > 1) blocked access to his installed "security software"(PCcillin)
 > 2) blocked access to any reasonably well-known 'security' site to
 > download any goodies.
 > 3) wouldn't allow any remote access app to work.
 >
 > Some of the above might be in error, as this was all done by phone and
 > all of it was thru the eye>brain>mouth>phone>ear>brain interface. (I
 > still have to slap him up longside the haid about reading dialog boxes
 > back to me..)

My friend only complained about the response time of the system.

--
   @~@   Might, Courage, Vision, SINCERITY.
  / v \  Simplicity is Beauty! May the Force and Farce be with you!
/( _ )\ (x86_64 Ubuntu 9.10)  Linux 2.6.38.2
   ^ ^   22:42:01 up 8 days 11 min 0 users load average: 1.04 1.06 1.05
銝鞎! 銝閰擉! 銝港漱! 銝鈭! 銝! 銝芣捏!
隢桃 (CSSA):
http://www.swd.gov.hk/tc/index/site_pubsvc/page_socsecu/sub_addressesa

Site Timeline