Redirection to a bad site?

Hope this is the right place.
I sent a friend an address to a thread on a forum that I know is safe. Within that thread was a thumbnail photo. I had previously clicked on it and it was OK.

My friend, George, clicked on it and it would not let him view the photo, but he had to join, tell who directed him to the site, and wanted $15. He closed it, but ended up with a virus. Not sure what it was.

Is is probable that somehow he got redirected to a bad site? How could that happen when I had no problem before or since?

I think his ISP, AOL, has an AV that he has been confident with.

I would think a good AV plus SAS and MBAM would get rid of the virus, and he might have to disable Restore.

What are your thoughts?

Thanks,
Jerry

 

Re: Rediretion to a bad site?

OK. Since we can't make a good assessment as to why he got infeced, what are the best cleaners? I have the impression that, in addition to the AV, MBAM and SAS are among the best cleaners.
He needs something that won't do more damage cleaning.

Would a Restore work, or would the virus hide where it would not be affected by a Restore?

Thanks,
Jerry

 

Re: Rediretion to a bad site?

We are not allowed to say what is the best cleaner because this would turn into an A vs B thread but we can make a suggestion without saying what it best.

Check out this thread for a huge list of free malware cleaners: https://www.wilderssecurity.com/showthread.php?t=249469

 

Re: Rediretion to a bad site?

i will say malware bytes

 

Re: Rediretion to a bad site?

Hey Jerry,

as well as running the cleaners check the hosts file with HostsXpert
use the option download original microsoft hosts file.

which version of windows,what type of account and what browser?

after cleaning use the repair options in superantispyware and then make sure browser is up to date,plugins are up to date for example flash play,java,shockwave etc and also uninstall any older versions of the plugins since java doesnt uninstall older versions when you install new.

show your friend opera and firefox and ask them to choose which one they prefer or use both if they want. both are safer than IE.
what kind of device is used to connect to the internet? is it a ethernet modem or a router?

 

Re: Rediretion to a bad site?

The thumbnail photo on the forums could have just been coincidence and he may have been infected in some other way before that. Or if he is certain that he was infected by that link maybe he was infected through a browser exploit/plugin exploit (as lodore hinted at) or the image hosting site might have some type of questionable advertising. The only way to know for certain would be to verify that link he got redirected to.

It might also be helpful to know why he thinks he ended up with a virus or some other type of adware/malware (if it was his AV identifying that and if it was cleaned or if he is just noticing other strange behavior).

If you still feel a scan/clean is necessary I would probably go ahead and disable system restore, restart, and do a full scan with his updated AV, and updated super antispyware/malwarebytes.

 

Re: Rediretion to a bad site?

Many thanks for the help. I will have to get with him later.
I viewed the thumbnails before I sent him the link, and also did it a few minutes ago. It is a puzzle to me.

Lodore I'll do as you suggest. He is running XP, IE, and he probably has not ever done anything as to account. I have not either. I guess then it is Administrator.

Regards,
Jerry

 

Re: Rediretion to a bad site?

I learned that the malware is antizir. It gives a stream of pop-ups. I think he downloaded some instructions to remove it.
Any advice here?

Thanks,
Jerry

 

The malware is antivir. I spelled it incorrectly. He is running SAS now and has found 56 items of malware.

I just talked to my friend, and SAS removed a bunch of stuff, but when he rebooted, and went to the internet he got a pop-up and when he tried to download MBAM it blocked the site.
That thing is a nasty.

I advised him to use his laptop and download MBAM and put it on a CD. Then to load it on his desktop and see if it will run. I notice that some applications need to update when you install. I am not sure about MBAM and if it would do what is needed without updating if the Antivir won't let it update.

Now that we know what it is, does anyone here have experience with it, or suggestions? Thanks

Mods, would it be better to close this and post a new one with the name Antivir? I guess it would go on this forum. Whatever you think.

Regards,
Jerry

 

The malware is 'Antivir' ? ? ? Antivir is the name of Avira's antivirus, a reputable AV. Maybe you have a rogue version, it's corrupted, or ??

56 items is a lot of malware. You may want to consider reformatting and reinstalling the OS, drivers, software, data.

In this case I won't comment on MBAM.

A few suggestions: Avira LiveCD (http://www.free-av.com/en/tools/12/avira_antivir_rescue_system.html) and Dr Web LiveCD (http://www.freedrweb.com/livecd/?lng=en)
Download and burn it on a clean computer.
The advantage of booting from such a CD (the BIOS should be set to boot from the CD first) is that malware doesn't have a chance to interfere with the scanner.

An excellent but long read: https://www.wilderssecurity.com/showthread.php?t=252253

 

Hey Jerry,

ive found removal instuctions

as everyone can see from the screenshots its a rogue called the same name as a legit antivirus to trick users.

once it has been removed superantispyware repairs to remove internet explorer restrictions should be used.

 

MBAM should be able to clean this one up unless it's a new morphed version?

If it is an exe killer that targets MBAM then I have had good results with Freefixer which requires manual selections and once the main malware.exe is dead then running a scan MBAM will clean up any dregs.

MBAM seems to be one of the main targets of these exe killing rogues.

 

Many thanks, friends for the help. We will continue to work with it, and I will report the results. the name is confusing until you know what it is.

I do appreciate the help.

Regards,
Jerry

 

MBAM in safe mode.

 

Thanks, I had wondered if that would be an advantage.

As far as I have learned so far no AV detects Antivir rogue. That is somewhat of a surprise to me.

Regards,
Jerry

 

This AM I took a CD with MBAM on it and installed it on my friend's computer. Without updating we ran a quick scan, it detected antivir, and removed it. We then used a-squared to scan and all was clean.

Great work for MBAM.

Lucian on the Kaspersky forum stated that Kaspersky will also detects it.
http://www.viruslist.com/en/weblog?weblogid=208187938

No mention was made of removal, and maybe Kaspersky also removes, as I would expect if it detects.

Thanks for all the help.

Regards,
Jerry