Antisywire

Discussion in 'ESET NOD32 Antivirus' started by osa58, Oct 6, 2010.

Thread Status:
Not open for further replies.
  1. osa58

    osa58 Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    6
    Have just had the unpleasant experience of having my computer hijacked by a so called antivirus program that claimed virtually every file on my compter was infected and refused to open them.
    It would only open Internet explorer and directed me to -antisywire.com- (Correct spelling.). This offered the option to purchase the software from a non secure site.

    Fortunately, restarting in safe mode and using a system restore from 24 hours back gave me back control of my computer.
    While infected I ran NOD 32 (Auto updated approx 1 hour before I noticed the infection). This showed nothing wrong.
    Anyone else had this experience?

    Cheers
    Craig
     
    Last edited by a moderator: Oct 6, 2010
  2. danieln

    danieln Eset Staff

    Joined:
    Jan 7, 2009
    Posts:
    112
    Thanks for reporting the fraud site.
    Indeed unpleasant experience.
    Are you able to provide more details which could help to improve detection according the
    http://kb.eset.com/esetkb/index?page=content&id=SOLN141

    Suspicious files are welcomed including the sites which serve malware (hacked legitimate sites or sites hosting fake XXX codecs and cracks). In some cases the infection is triggered by opening the spammed email.
     
  3. osa58

    osa58 Registered Member

    Joined:
    Jan 25, 2008
    Posts:
    6
    Unfortunately, I don't know where I 'acquired' the problem.
    I'd been surfing various areas.............. Was distracted for about 30 minutes....... Came back to find the problem.
    Wish I could be of more assistance.

    Cheers
    Craig
     
  4. Shadydingo

    Shadydingo Registered Member

    Joined:
    Oct 6, 2010
    Posts:
    5
    I too have stumbled upon this virus.

    As said before, I cannot use any web browser, as it goes straight to the website, and I figure that if I download that fake software and spend stupid amounts of cash on it it will only get worse, :p

    I'll be honest, I was looking at porn. It was quick, almost unnoticeable, but something downloaded without my permission, and I ignored it, seconds later my computer was working against me.

    It throws up it's own virus scanner, and puts all these trojans on the list, as well as many other such things like keyloggers and all that stupid stuff. Funny thing is when I pull up windows defender, it gets knocked down and brings up the virus's virus scanner. The only reason I'm able to be here right now is because I am using my older laptop, which is saddening haha.

    Anywhozer, I have no way of taking this thing out, it is frustrating, and guess who is not going to watch porn anymore. o_O
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Ensure Web Access Protection is fully enabled.
    When I visited the web site you mention, web access protection would not allow the site to be loaded.

    See screenshot.
     

    Attached Files:

    Last edited: Oct 6, 2010
  6. Shadydingo

    Shadydingo Registered Member

    Joined:
    Oct 6, 2010
    Posts:
    5
    Interesting, But is there a way for me to take whatever this is off? :eek:
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  8. Shadydingo

    Shadydingo Registered Member

    Joined:
    Oct 6, 2010
    Posts:
    5
    Heres the thing though... I'm on a laptop that isn't infected, the laptop that is has no way of reaching it's homepage or any website.

    I am a noob when it comes to these things, please be understanding.
     
  9. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Follow the instructions already posted, ask the person that has the infected PC to follow the instructions with you over the phone or with a security professional, like someone from a competent local PC shop.

    An issue ticket could be submitted to ESET to have a professional from the ESET office assist.

     
  10. Shadydingo

    Shadydingo Registered Member

    Joined:
    Oct 6, 2010
    Posts:
    5
    GOOD NEWS! I went ahead and made a new admin account while in safe mode in the infected admin account, and I am fine for the moment, assuming I have the infection quarentined (for the moment) in the old admin account, and now I shall engage in the step by step "kicking the Malware's ~ Snipped as per TOS ~"

    :D :D
     
    Last edited by a moderator: Oct 7, 2010
  11. wyre6330

    wyre6330 Registered Member

    Joined:
    Oct 7, 2010
    Posts:
    1
    I joined just to post this. I had just gotten this Antivirus Action thing. So I was clicking on it and I got the message that there was an error and a program wasn't working. It listed the program. qujryusagnz.exe. Do a search under my computer for this. It will find a file. I deleted it and antivirus action dissapeared and everything is working again.
     
  12. Shadydingo

    Shadydingo Registered Member

    Joined:
    Oct 6, 2010
    Posts:
    5
    :D I will try that tomorrow morning, thanks for the tip. I got about halfway with the large step by step process for taking off malware.
     
  13. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    Interesting. I went to the site and it was not blocked for me. Do you have active mode set? I don't.

    OK. I changed the settings, enabling Active Mode and checking all the browsers, but NOD32 still does not block that site for me. What is different, I wonder. I'm not being infected, so it's no big deal, I guess.

    Running NOD32 ver 4.2.64.12

    Virus signature database: 5512 (20101007)
    Update module: 1031 (20091029)
    Antivirus and antispyware scanner module: 1285 (20100820)
    Advanced heuristics module: 1114 (20100827)
    Archive support module: 1122 (20100826)
    Cleaner module: 1048 (20091123)
    Anti-Stealth support module: 1021 (20100811)
    SysInspector module: 1217 (20100907)
    Self-defense support module : 1016 (20100404)
    Real-time file system protection module: 1004 (20100727)

    Oops!!!!!

    I just checked and I had entered the site as "www.antisyware.com" instead of the name posted. When I entered it as posted, "antisywire," then NOD32 blocked it just fine! I think I'll leave web access in "active mode" for a while anyway, if it works without too much hassle. By the way, I don't know for sure whether "antisyware" is a good site, but it's not blocked. I'd never heard of that one, either. I suppose they misspelled it because that's the only way they could get the name.
     
    Last edited: Oct 7, 2010
  14. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,948
    Location:
    USA
    Its good to see Esets fast response to the sample given to them! I always thought they needed improvement in that area.
     
  15. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Active mode, not set on this machine, rcdailey The web flag arrived as soon as I looked for the site. Google has been advised it does deliver malware, it may be harder to find, hopefully :ouch:
     
  16. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    Right. I expect that it would have been found if I'd entered the name of the site correctly the first time, without Active Mode. Anyway, I'm running with Active Mode enabled now to see if it has any noticeable effect, such as slowing access, but I don't really see any, yet. If it makes browsing a little safer, then why not?
     
  17. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    I would be personally interested in knowing how Active Mode works out for you. Please do let us know.

    Regards,

     
  18. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    So far, I can't see any effect such as slower browsing. Everything seems to be the same. I even disabled web protection to see whether browsing would be faster, but there was no difference. This is not a fast system. It is a 1.8 GHz Pentium 4 with XP SP3 installed. It does have 2GB of RAM, which is all it can hold. That may be why I don't see a difference due to using Active Mode.
     
  19. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Thank you for posting back your findings, though, active mode should not be used unless special circumstances require it.
    As long as your machine meets system requirements for the sofware, whatever configuration you choose should not tax your system more.

     
  20. rcdailey

    rcdailey Registered Member

    Joined:
    Dec 25, 2009
    Posts:
    233
    Good point about not really requiring active mode.
     
  21. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    You are most welcome. :thumb:
     
Thread Status:
Not open for further replies.