Last friday I encountered "Personal AntiVirus" a fake antivirus product which had got past Norton 2006 (yes you read that right) and was causing havoc with the usual scare tactics via pop up balloons. However all was not quite what it seemed.
Installing to the system was a no go. Norton 360 which the person had bought would not even run the setup nor would other setup programs run. The system clearly was being prevented from running installers and this was proven due to spybot and other malware tools failing to load and be installed as well as some none security based software.
I thought I would be sneaky and throw on panda cloud antivirus its still in beta at the current time but maybe being so new it would get past the aggressive stance of "Personal Antivirus" or whatever else was on the system. It did, panda cloud antivirus installed and a scan was off and running. It found 2 results one being "Personal Antivirus" and another trojan. It reported they were cleaned - the pop up balloons stopped all looked good until Internet explorer was loaded.
Internet Explorer was suffering from the remains of a browser hijack, which now instead of pointing to a pop up window screaming the website is trying to obtain your details or the site is infected and has been blocked a nice blank window appeared. Personal Antivirus was not quite dead. Surfing with Internet Exploer was impossible.
Online scanners were still not loading, a flush and restore of the hosts file did nothing and still not able to load spybot things did not look good. To provide the person with a working browser I managed to download (with a workaround) firefox, it installed and I updated java. It struck me. Housecall over at Trend runs under Java unlike the current Fsecure Online Scanner which requires Internet Explorer and the instalation of a Active X control. Off I went, a little skeptical but i had nothing else left to try.
I let Housecall 7.0 beta do its work and when it was done 11 trojans including further files of "Personal Antivirus" were removed. A quick reboot and everything was back to normal.
Installing to the system was a no go. Norton 360 which the person had bought would not even run the setup nor would other setup programs run. The system clearly was being prevented from running installers and this was proven due to spybot and other malware tools failing to load and be installed as well as some none security based software.
I thought I would be sneaky and throw on panda cloud antivirus its still in beta at the current time but maybe being so new it would get past the aggressive stance of "Personal Antivirus" or whatever else was on the system. It did, panda cloud antivirus installed and a scan was off and running. It found 2 results one being "Personal Antivirus" and another trojan. It reported they were cleaned - the pop up balloons stopped all looked good until Internet explorer was loaded.
Internet Explorer was suffering from the remains of a browser hijack, which now instead of pointing to a pop up window screaming the website is trying to obtain your details or the site is infected and has been blocked a nice blank window appeared. Personal Antivirus was not quite dead. Surfing with Internet Exploer was impossible.
Online scanners were still not loading, a flush and restore of the hosts file did nothing and still not able to load spybot things did not look good. To provide the person with a working browser I managed to download (with a workaround) firefox, it installed and I updated java. It struck me. Housecall over at Trend runs under Java unlike the current Fsecure Online Scanner which requires Internet Explorer and the instalation of a Active X control. Off I went, a little skeptical but i had nothing else left to try.
I let Housecall 7.0 beta do its work and when it was done 11 trojans including further files of "Personal Antivirus" were removed. A quick reboot and everything was back to normal.
No comments:
Post a Comment