So I boot up this morning and get a great surprise, I have contracted the Antivirus XP 2008 fake anti-spyware spyware.
It's a pain in the ass to deal with, but I have to admire it's execution.
If you haven't seen it, it does these wonderful things:
Replaces your wallpaper with an image of scanned viruses and a warning.
Create a fake program in your program files called Antivirus XP 2008
Create a system tray icon for Antivirus XP 2008 that pops up every 30 seconds with a message that you computer is infected with 3842 (or some other such horrible number) viruses and that you should disinfect files as soon as possible.
It will also create a pop-up listing all of the files and give you the option to close out and operate "unprotected" or continue with the scan.
It then directs you to a fake software site that looks like it's from Microsoft and gives you the option to buy the basic or advanced programs. This is merely an opportunity for them to directly steal your credit card information.
If you don't act on your computer, they have even entered a screen saver that looks just like a blue screen error message regarding changing your BIOS settings, etc., etc., etc.
It even interferes with Google searches to give you a message that they "Can't let you in. Your PC is infected."
I'm having a really great time getting rid of it.
Get laid computer nerd and maybe you won't feel the need to create crap like this.
There is a zero day exploit out there right now, I am expecting a nightmare at work soon (as all these infected machines start stealing customers passwords).
Its not just nerds needing attention now, its plain and simple greedy bastards (not known if they are fat or not). Probably a lot of it run by organized crime... strictly professionals now. Thats why they are so good, and go straight for the money (the credit cards and passwords).
Windows seems to want to collapse under it's own weight after about a year of entropy anyway, so rebuilding from scratch may have other benefits.
If you have a machine that really is just a "thin client" internet browser, *strongly* consider something like this:
We are running it on "the kitchen laptop" now, and it passes the "wife test", where she could care less about technology, and just wants to get on the internet. Runs great on a $400 laptop, or whatever old machine you have around.
A core precept now of defense in depth is that you *never* surf the web on machine that is also a web server. Otherwise you could pick up a virus, it infects your server content, and you become a distributor.
Its just a little further (and just as reasonable) to say you have a dedicated "web surfing" machine that is a dedicated web surfer. Get an infection? Rebuild from the CDRom and be back up and running with a clean slate in an hour.
Especially if you are going to be going to "those sites". Kinda like going to a bad neighborhood to buy drugs... don't be surprised if your car stereo gets stolen in the process...
Macs have not been a target, but they have been getting a reputation of late of having a pretty lousy track record of getting patches out in a timely fashion. Even patches they didn't have to write, ones that are for their open source components. Getting that reputation is going to get them attention... right now people don't bother because there are 10 PC's for every Mac. But once you get the reputation as a soft target, they will be all over you like flies on &^%&. So the "security honeymoon" for OSX is about to be over.
That being said, OSX has a sane underlying infrasctruture that can actually be secured, unlike Vista or Windows, so if Apple gets their act together it *will* be more secure.
I know everyone hates it when I say this but probably the best defense you have against viruses/spyware/trojans/etc... is to simply create a second user account on your pc that is only a "limited user" and use this account for your day to day use of the pc(email, web/porn surfing, downloading malicious files, etc...). This will stop probably 99% of the crap out there from ever infecting your PC. True it may be a pain to have to log out and log in as Administrator to install anything, but how often are actually installing software anyway(if the answer is a lot, then that's probably the reason you have the virus in the first place )
I have been running like this forever and I have never used antivirus and I don't think I've had to remove a virus or anything else from my PC in years, and this is also with my girlfriend using my computers as well. Note that I don't condone not using antivirus, I work in IT and am able to fix my own system if I were to get infected, for the common user I STRONGLY recommend it no matter what!
I run all of my computers regardless of OS(I run FreeBSD,Ubunut,MacOSX primarily) as limited or non admin/root users. I've never had a problem. Heck I've never gotten a virus yet (Not sure how I've been so lucky) and I've been using computers for 24 years now (dang I getting old)
I got that program. It came thru as an msnbc update. You need to edit your registry to get ride of it. and then delete the programs by hand here is what I did. Now the program numbers were different but it worked.
XP or Vista Antivirus 2008 Descriptions:
XP Antivirus 2008, or Vista Antivirus 2008, or Antivirus XP 2008, is one of the latest counterfeit antispyware that devastates the wolrd wide web. XP Antivirus 2008 usually come up after you installed a video codec or software patch that come with Trojan, malware and virus. XP Antivirus 2008 normally generates fake and misleading system popup error messages so end-users will be tricked into purchase XP Antivirus 2008, Antivirus 2008 or Vista Antivirus It is very important to remove all the components of of the XP Antivirus 2008 and all the malware and trojans that it might have come bundle with (such as zlob.trojan, trojan.vundo and Trojan.Downloader). To effectively remove XP Antivirus 2008, we have created a manual removal instructions which is easy to understand. As always, make sure you back up the data before proceeding. Good luck!
Manual XP Antivirus 2008 Removal Instructions:
Unregister XP Antivirus 2008 DLL Files: (Learn how to do this) %ProgramFiles%\[RANDOM NAME]\MFC71.dll %ProgramFiles%\[RANDOM NAME]\MFC71ENU.DLL %ProgramFiles%\[RANDOM NAME]\msvcp71.dll %ProgramFiles%\[RANDOM NAME]\msvcr71.dll %ProgramFiles%\[RANDOM NAME]\shlwapi.dll %ProgramFiles%\[RANDOM NAME]\wininet.dll
Stop XP Antivirus 2008 Processes: (Learn how to do this) vav.exe XPAntivirus.exe XPAntivirusUpdate.exe xpa.exe xpa2008.exe
Find and Delete these XP Antivirus 2008: (Learn how to do this) xpa.exe vav.exe xpa2008.exe xpa_2008.exe XPAntivirus.exe XPAntivirusUpdate.exe XPAntivirus.lnk Uninstall XPAntivirus.lnk XPAntivirus on the Web.lnk XP Antivirus 2008.lnk Uninstall XP Antivirus 2008.lnk %ProgramFiles%\[RANDOM NAME]\MFC71.dll %ProgramFiles%\[RANDOM NAME]\MFC71ENU.DLL %ProgramFiles%\[RANDOM NAME]\msvcp71.dll %ProgramFiles%\[RANDOM NAME]\msvcr71.dll %ProgramFiles%\[RANDOM NAME]\shlwapi.dll %ProgramFiles%\[RANDOM NAME]\wininet.dll %program_files%\rhc7nsj0e57c\mfc71.dll %program_files%\rhc7nsj0e57c\mfc71enu.dll %program_files%\rhc7nsj0e57c\msvcp71.dll antivirusxp2008installer.exe rhc7nsj0e57c.exe %common_desktopdirectory%\antivirus xp 2008.lnk %common_programs%\antivirus xp 2008.lnk %common_programs%\antivirus xp 2008\antivirus xp 2008.lnk %common_programs%\antivirus xp 2008\how to register antivirus xp 2008.lnk %common_programs%\antivirus xp 2008\license agreement.lnk %common_programs%\antivirus xp 2008\register antivirus xp 2008.lnk %common_programs%\antivirus xp 2008\uninstall.lnk %profile%\application data\microsoft\internet explorer\quick launch\antivirus xp 2008.lnk %program_files%\rhc7nsj0e57c\database.dat %program_files%\rhc7nsj0e57c\license.txt %program_files%\rhc7nsj0e57c\uninstall.exe %program_files%\rhc7nsj0e57c\msvcr71.dll %program_files%\rhc7nsj0e57c\rhc7nsj0e57c.exe %program_files%\rhc7nsj0e57c\rhc7nsj0e57c.exe.loca l antivirusxp2008installer.exe %program_files%\rhc7nsj0e57c\uninstall.exe %program_files%\rhc7nsj0e57c\rhc7nsj0e57c.exe %program_files%\rhc7nsj0e57c\mfc71.dll %program_files%\rhc7nsj0e57c\msvcr71.dll %program_files%\rhc7nsj0e57c\msvcp71.dll %program_files%\rhc7nsj0e57c\mfc71enu.dll
I am not excited that Microsoft and Ford have combined to make 'synergistic' vehicle electronic components. I am now and forever done with Ford. I do not ever what to have to 'reboot' my vehicle due to the blue screen of death.
I use Avast antivirus, which is a freeware program. Avast found it and removed it from my daughter's machine with no problems. The home version is free- have used it for several years- catches everything, and uses minimal system resources. Not like McAffe or Norton. http://www.avast.com
I got an e-mail that looked EXACTLY like a Paypal e-mail asking me to log in to re-confirm my information, the link directs you to www.pypal.com with a long suffix of directories on the end, but www.pypal.com is a wrinkle treatment product's website.
Stupid question from a pc dummy.....I downloaded avast (I got that stupid virus too) it scanned, said I had some viruses, put them in a "chest", now how do I know that the XP anti virus bug is out of my system? Is it considered a virus or spy/ad/mal ware? Do I need a program specific to this bug?