Have just had the unpleasant experience of having my computer hijacked by a so called antivirus program that claimed virtually every file on my compter was infected and refused to open them. It would only open Internet explorer and directed me to -antisywire.com- (Correct spelling.). This offered the option to purchase the software from a non secure site. Fortunately, restarting in safe mode and using a system restore from 24 hours back gave me back control of my computer. While infected I ran NOD 32 (Auto updated approx 1 hour before I noticed the infection). This showed nothing wrong. Anyone else had this experience? Cheers Craig
Thanks for reporting the fraud site. Indeed unpleasant experience. Are you able to provide more details which could help to improve detection according the http://kb.eset.com/esetkb/index?page=content&id=SOLN141 Suspicious files are welcomed including the sites which serve malware (hacked legitimate sites or sites hosting fake XXX codecs and cracks). In some cases the infection is triggered by opening the spammed email.
Unfortunately, I don't know where I 'acquired' the problem. I'd been surfing various areas.............. Was distracted for about 30 minutes....... Came back to find the problem. Wish I could be of more assistance. Cheers Craig
I too have stumbled upon this virus. As said before, I cannot use any web browser, as it goes straight to the website, and I figure that if I download that fake software and spend stupid amounts of cash on it it will only get worse, I'll be honest, I was looking at porn. It was quick, almost unnoticeable, but something downloaded without my permission, and I ignored it, seconds later my computer was working against me. It throws up it's own virus scanner, and puts all these trojans on the list, as well as many other such things like keyloggers and all that stupid stuff. Funny thing is when I pull up windows defender, it gets knocked down and brings up the virus's virus scanner. The only reason I'm able to be here right now is because I am using my older laptop, which is saddening haha. Anywhozer, I have no way of taking this thing out, it is frustrating, and guess who is not going to watch porn anymore.
Ensure Web Access Protection is fully enabled. When I visited the web site you mention, web access protection would not allow the site to be loaded. See screenshot.
Heres the thing though... I'm on a laptop that isn't infected, the laptop that is has no way of reaching it's homepage or any website. I am a noob when it comes to these things, please be understanding.
Follow the instructions already posted, ask the person that has the infected PC to follow the instructions with you over the phone or with a security professional, like someone from a competent local PC shop. An issue ticket could be submitted to ESET to have a professional from the ESET office assist.
GOOD NEWS! I went ahead and made a new admin account while in safe mode in the infected admin account, and I am fine for the moment, assuming I have the infection quarentined (for the moment) in the old admin account, and now I shall engage in the step by step "kicking the Malware's ~ Snipped as per TOS ~"
I joined just to post this. I had just gotten this Antivirus Action thing. So I was clicking on it and I got the message that there was an error and a program wasn't working. It listed the program. qujryusagnz.exe. Do a search under my computer for this. It will find a file. I deleted it and antivirus action dissapeared and everything is working again.
I will try that tomorrow morning, thanks for the tip. I got about halfway with the large step by step process for taking off malware.
Interesting. I went to the site and it was not blocked for me. Do you have active mode set? I don't. OK. I changed the settings, enabling Active Mode and checking all the browsers, but NOD32 still does not block that site for me. What is different, I wonder. I'm not being infected, so it's no big deal, I guess. Running NOD32 ver 4.2.64.12 Virus signature database: 5512 (20101007) Update module: 1031 (20091029) Antivirus and antispyware scanner module: 1285 (20100820) Advanced heuristics module: 1114 (20100827) Archive support module: 1122 (20100826) Cleaner module: 1048 (20091123) Anti-Stealth support module: 1021 (20100811) SysInspector module: 1217 (20100907) Self-defense support module : 1016 (20100404) Real-time file system protection module: 1004 (20100727) Oops!!!!! I just checked and I had entered the site as "www.antisyware.com" instead of the name posted. When I entered it as posted, "antisywire," then NOD32 blocked it just fine! I think I'll leave web access in "active mode" for a while anyway, if it works without too much hassle. By the way, I don't know for sure whether "antisyware" is a good site, but it's not blocked. I'd never heard of that one, either. I suppose they misspelled it because that's the only way they could get the name.
Its good to see Esets fast response to the sample given to them! I always thought they needed improvement in that area.
Active mode, not set on this machine, rcdailey The web flag arrived as soon as I looked for the site. Google has been advised it does deliver malware, it may be harder to find, hopefully
Right. I expect that it would have been found if I'd entered the name of the site correctly the first time, without Active Mode. Anyway, I'm running with Active Mode enabled now to see if it has any noticeable effect, such as slowing access, but I don't really see any, yet. If it makes browsing a little safer, then why not?
I would be personally interested in knowing how Active Mode works out for you. Please do let us know. Regards,
So far, I can't see any effect such as slower browsing. Everything seems to be the same. I even disabled web protection to see whether browsing would be faster, but there was no difference. This is not a fast system. It is a 1.8 GHz Pentium 4 with XP SP3 installed. It does have 2GB of RAM, which is all it can hold. That may be why I don't see a difference due to using Active Mode.
Thank you for posting back your findings, though, active mode should not be used unless special circumstances require it. As long as your machine meets system requirements for the sofware, whatever configuration you choose should not tax your system more.