Antivirus 2009 and UltimateCleaner 2007

Discussion in 'ESET Smart Security' started by alexsch8, Jun 30, 2008.

Thread Status:
Not open for further replies.
  1. alexsch8

    alexsch8 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    13
    My client's system was completely hosed by a drive-by install of Antivirus 2009. He has ESS 3.657 installed and it didn't say a thing, ran full virus scan... didn't find a thing... Why?
     
  2. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hello, these threats have got a lot of new variants every day and their creators pre-pack it and this cause undetection. Submit infected files in archive with password "infected" to viruslab - samples[at]eset.sk for analyse, please. If you have got problem with removing infection, send me log from ESET SysInspector.

    Regards
     
  3. alexsch8

    alexsch8 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    13
    I'll remove it tonight and send it in.

    This is one of the nastiest things I have seen in a while. It removes access to TaskManager, Run, Command Prompt, Control Panel... web browsers become useless. I am sure that even if you tried to pay their "ransom money" and pay for their useless product, you wouldn't be able to due to the complete crippling of the system.
     
  4. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,057
    Location:
    North Carolina
    that is why having a extra little program, like in my sig helps. Can happen to all of them.
     
  5. Fajo

    Fajo Registered Member

    Joined:
    Jun 13, 2008
    Posts:
    1,812
    sad part is some company don't even know about there name listed in some of these alot of these things they advertise are not even affiliated with the virus. makes there company look bad becuse of this. it spreads a bad rep.
     
  6. MysticG

    MysticG Registered Member

    Joined:
    Apr 22, 2008
    Posts:
    19
    Hmm, this is why I keep Spybot S&D aswell as Spyware Blaster on my machine. If you haven't heard of them, they are pretty much an extension of your security rather than primary or secondary.

    Spybot S&D is pretty much the NoD32 of spyware scanners (despite NoD32 scanning for spyware). It would be nice if Eset affiliated themselves with them and worked out a deal because they're really good at what they do.

    It detected a Fraud program called 'XP Antivirus 2008' on my computer that someone using my computer got off myspace (yea I know). Eset didn't detect it after scanning the whole computer but Spybot S&D picked it up as a fraud program so I sent it to Eset for analysis and got rid of it.
     
    Last edited: Jul 1, 2008
  7. ASpace

    ASpace Guest

    XP Antivirus 2008 is quite annoying but pretty easy to remove . It is true that ESET didn't detect it before but they have added detection for it and now it is detectable/removable by ESET NOD32 or ESS . I have noticed ESET doesn't detect most of the rogue spyware programs from the beginning of their first appearance "on the market" but they add detection for them later - again based on priority.
     
  8. alexsch8

    alexsch8 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    13
    I do have SpywarerBlaster and Spybot S&D installed... but this was quite something.

    This thing, apparently trojan Virtumondo and SmitFraud-C did a good job of making this system useless. They changes file permissions... especially for SpyBot.. LOL... it hid the files and changes permissions so no one was allowed to execute. It created stuff all over the place.. also repalced the autostart of ESET with a little DLL of its own... it amazes me that someone actually wastes their time and skill to write crap like this. They went as far as adding "Virus Infected" after the clock in the tray...

    I ended up wiping the system and redoing it - that way I know for sure it is clean... I then immunized and SpywareBlaster'd the box. I collected up the goodies and am sending them to ESET now.
     
  9. ASpace

    ASpace Guest

    Actually nowadays most get paid for creating such a "crap" but if you think from another point of view , it isn't actually crap (if it does what you described) :thumb:
     
  10. MysticG

    MysticG Registered Member

    Joined:
    Apr 22, 2008
    Posts:
    19
    I found most of the time, if all else fails HijackThis can save you IF you know what you're doing. But even that isn't the say all do all.

    Also, I think my brother just found Antivirus 2009 and got it off myspace (he doesn't really do anything else on the internet). I got on the computer in the middle of the night and seen a installer on my desktop called AV2009Install_77013001 and the file size is 104KBs. I have no clue if he ran it.

    Any tips on how to find it and get rid of it if it's on my comp?
     
Thread Status:
Not open for further replies.